Total
17425 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34872 | 1 Centreon | 1 Centreon | 2024-11-21 | 6.5 Medium |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of Virtual Metrics. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16336. | ||||
| CVE-2022-34871 | 1 Centreon | 1 Centreon | 2024-11-21 | 7.2 High |
| This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of poller resources. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-16335. | ||||
| CVE-2022-34590 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 7.2 High |
| Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in /HMS/admin.php. | ||||
| CVE-2022-34588 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2024-11-21 | 8.8 High |
| itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via the grade parameter at /school/view/timetable_insert_form.php. | ||||
| CVE-2022-34586 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2024-11-21 | 8.8 High |
| itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via the grade parameter at /school/view/student_grade_wise.php. | ||||
| CVE-2022-34557 | 1 Barangay Management System Project | 1 Barangay Management System | 2024-11-21 | 8.8 High |
| Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /pages/permit/permit.php. | ||||
| CVE-2022-34132 | 1 Jorani | 1 Jorani | 2024-11-21 | 9.8 Critical |
| Benjamin BALET Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php. | ||||
| CVE-2022-34042 | 1 Barangay Management System Project | 1 Barangay Management System | 2024-11-21 | 7.2 High |
| Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /pages/household/household.php. | ||||
| CVE-2022-34023 | 1 Barangay Management System Project | 1 Barangay Management System | 2024-11-21 | 9.8 Critical |
| Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /officials/officials.php. | ||||
| CVE-2022-33875 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | 5.1 Medium |
| An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticatedĀ attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | ||||
| CVE-2022-33171 | 1 Typeorm | 1 Typeorm | 2024-11-21 | 9.8 Critical |
| The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that the user's application is responsible for input validation | ||||
| CVE-2022-33128 | 1 Ruijienetworks | 2 Rg-eg350, Rg-eg350 Firmware | 2024-11-21 | 9.1 Critical |
| RG-EG series gateway EG350 EG_RGOS 11.1(6) was discovered to contain a SQL injection vulnerability via the function get_alarmAction at /alarm_pi/alarmService.php. | ||||
| CVE-2022-33114 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 7.2 High |
| Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list. | ||||
| CVE-2022-33097 | 1 74cms | 1 74cmsse | 2024-11-21 | 7.5 High |
| 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/campus/campus_job. | ||||
| CVE-2022-33096 | 1 74cms | 1 74cmsse | 2024-11-21 | 7.5 High |
| 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/resume/index. | ||||
| CVE-2022-33095 | 1 74cms | 1 74cmsse | 2024-11-21 | 7.5 High |
| 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist. | ||||
| CVE-2022-33094 | 1 74cms | 1 74cmsse | 2024-11-21 | 7.5 High |
| 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/map. | ||||
| CVE-2022-33093 | 1 74cms | 1 74cmsse | 2024-11-21 | 7.5 High |
| 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the key parameter at /freelance/resume_list. | ||||
| CVE-2022-33092 | 1 74cms | 1 74cmsse | 2024-11-21 | 7.5 High |
| 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/index. | ||||
| CVE-2022-33061 | 1 Online Railway Reservation System Project | 1 Online Railway Reservation System | 2024-11-21 | 7.2 High |
| Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_service. | ||||