Total
17409 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-29601 | 1 Oliverklee | 1 Seminars | 2024-11-21 | 9.8 Critical |
| The seminars (aka Seminar Manager) extension through 4.1.3 for TYPO3 allows SQL Injection. | ||||
| CVE-2022-29600 | 1 Oliverklee | 1 Oelib | 2024-11-21 | 9.8 Critical |
| The oelib (aka One is Enough Library) extension through 4.1.5 for TYPO3 allows SQL Injection. | ||||
| CVE-2022-29535 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports. | ||||
| CVE-2022-29498 | 1 Blazer Project | 1 Blazer | 2024-11-21 | 7.5 High |
| Blazer before 2.6.0 allows SQL Injection. In certain circumstances, an attacker could get a user to run a query they would not have normally run. | ||||
| CVE-2022-29383 | 1 Netgear | 2 Ssl312, Ssl312 Firmware | 2024-11-21 | 9.8 Critical |
| NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi. | ||||
| CVE-2022-29317 | 1 Simple Bus Ticket Booking System Project | 1 Simple Bus Ticket Booking System | 2024-11-21 | 9.8 Critical |
| Simple Bus Ticket Booking System v1.0 was discovered to contain multiple SQL injection vulnerbilities via the username and password parameters at /assets/partials/_handleLogin.php. | ||||
| CVE-2022-29316 | 1 Complete Online Job Search System Project | 1 Complete Online Job Search System | 2024-11-21 | 9.8 Critical |
| Complete Online Job Search System v1.0 was discovered to contain a SQL injection vulnerability via /eris/index.php?q=result&searchfor=advancesearch. | ||||
| CVE-2022-29306 | 1 Ionizecms | 1 Ionize | 2024-11-21 | 9.8 Critical |
| IonizeCMS v1.0.8.1 was discovered to contain a SQL injection vulnerability via the id_page parameter in application/models/article_model.php. | ||||
| CVE-2022-29305 | 1 Imgurl Project | 1 Imgurl | 2024-11-21 | 8.1 High |
| imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost. | ||||
| CVE-2022-29304 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2024-11-21 | 8.8 High |
| Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /classes/master.php?f=delete_ Facility. | ||||
| CVE-2022-29155 | 3 Debian, Netapp, Openldap | 14 Debian Linux, H300s, H300s Firmware and 11 more | 2024-11-21 | 9.8 Critical |
| In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping. | ||||
| CVE-2022-29058 | 1 Fortinet | 4 Fortiap, Fortiap-s, Fortiap-u and 1 more | 2024-11-21 | 7.8 High |
| An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0, FortiAP-S 6.0.0 through 6.4.7, FortiAP-W2 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0 and FortiAP-U 5.4.0 through 6.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. | ||||
| CVE-2022-29009 | 1 Phpgurukul | 1 Cyber Cafe Management System | 2024-11-21 | 9.8 Critical |
| Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication. | ||||
| CVE-2022-29007 | 1 Phpgurukul | 1 Dairy Farm Shop Management System | 2024-11-21 | 9.8 Critical |
| Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication. | ||||
| CVE-2022-29006 | 1 Phpgurukul | 1 Directory Management System | 2024-11-21 | 9.8 Critical |
| Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication. | ||||
| CVE-2022-28962 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2024-11-21 | 9.8 Critical |
| Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=delete_client. | ||||
| CVE-2022-28961 | 1 Spip | 1 Spip | 2024-11-21 | 8.8 High |
| Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters. | ||||
| CVE-2022-28930 | 1 Erp-pro Project | 1 Erp-pro | 2024-11-21 | 9.8 Critical |
| ERP-Pro v3.7.5 was discovered to contain a SQL injection vulnerability via the component /base/SysEveMenuAuthPointMapper.xml.. | ||||
| CVE-2022-28929 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 9.8 Critical |
| Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php. | ||||
| CVE-2022-28862 | 1 Archibus | 1 Web Central | 2024-11-21 | 9.8 Critical |
| In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plaincall/workflow.runWorkflowRule.dwr. Through the injection of arbitrary SQL statements, a potential attacker can modify query syntax and perform unauthorized (and unexpected) operations against the remote database. This is fixed in all recent versions, such as version 26.2. | ||||