Total
16884 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26628 | 1 Matrimony Project | 1 Matrimony | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Matrimony v1.0 was discovered to contain a SQL injection vulnerability via the Password parameter. | |||||
| CVE-2022-26613 | 1 Php-cms Project | 1 Php-cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability via the category parameter in categorymenu.php. | |||||
| CVE-2022-26585 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list. | |||||
| CVE-2022-26514 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_tagHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
| CVE-2022-26349 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_eccoefficientHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
| CVE-2022-26348 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 2.1 LOW | 8.2 HIGH |
| Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded into the registry of the Windows Server to obtain sensitive information. This issue affects: Gallagher Command Centre 8.60 versions prior to 8.60.1652; 8.50 versions prior to 8.50.2245; 8.40 versions prior to 8.40.2216; 8.30 versions prior to 8.30.1470; version 8.20 and prior versions. | |||||
| CVE-2022-26338 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerPageP_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
| CVE-2022-26301 | 1 Yejiao | 1 Tuzicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability via the component App\Manage\Controller\ZhuantiController.class.php. | |||||
| CVE-2022-26293 | 1 Online Project Time Management System Project | 1 Online Project Time Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Project Time Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the function save_employee at /ptms/classes/Users.php. | |||||
| CVE-2022-26285 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests. | |||||
| CVE-2022-26284 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manage_client endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests. | |||||
| CVE-2022-26268 | 1 Xiaohuanxiong Project | 1 Xiaohuanxiong | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /app/controller/Books.php. | |||||
| CVE-2022-26266 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php. | |||||
| CVE-2022-26245 | 1 Open-falcon | 1 Falcon-plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Falcon-plus v0.3 was discovered to contain a SQL injection vulnerability via the parameter grpName in /config/service/host.go. | |||||
| CVE-2022-26201 | 1 Victor Cms Project | 1 Victor Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Victor CMS v1.0 was discovered to contain a SQL injection vulnerability. | |||||
| CVE-2022-26171 | 1 Bank Management System Project | 1 Bank Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Bank Management System v1.o was discovered to contain a SQL injection vulnerability via the email parameter. | |||||
| CVE-2022-26170 | 1 Simple Mobile Comparison Website Project | 1 Simple Mobile Comparison Website | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Mobile Comparison Website v1.0 was discovered to contain a SQL injection vulnerability via the search parameter. | |||||
| CVE-2022-26169 | 1 Air Cargo Management System Project | 1 Air Cargo Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Air Cargo Management System v1.0 was discovered to contain a SQL injection vulnerability via the ref_code parameter. | |||||
| CVE-2022-26120 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | N/A | 5.4 MEDIUM |
| Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabilities [CWE-89] in FortiADC management interface 7.0.0 through 7.0.1, 5.0.0 through 6.2.2 may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | |||||
| CVE-2022-26116 | 1 Fortinet | 1 Fortinac | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters. | |||||