Total
17401 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-25125 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 9.8 Critical |
| MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp. | ||||
| CVE-2022-25096 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2024-11-21 | 9.8 Critical |
| Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/view_member.php. | ||||
| CVE-2022-25004 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2024-11-21 | 9.8 Critical |
| Hospital Patient Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/doctors/manage_doctor.php. | ||||
| CVE-2022-25003 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2024-11-21 | 9.8 Critical |
| Hospital Patient Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/doctors/view_doctor.php. | ||||
| CVE-2022-24956 | 1 Shopware | 1 B2b Suite | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Shopware B2B-Suite through 4.4.1. The sort-by parameter of the search functionality of b2border and b2borderlist allows SQL injection. Possible techniques are boolean-based blind, time-based blind, and potentially stacked queries. The vulnerability allows a remote authenticated attacker to dump the underlying database. | ||||
| CVE-2022-24691 | 1 Dsk | 1 Dsknet | 2024-11-21 | 7.1 High |
| An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A SQL Injection vulnerability allows authenticated users to taint database data and extract sensitive information via crafted HTTP requests. The type of SQL Injection is blind boolean based. | ||||
| CVE-2022-24690 | 1 Dsk | 1 Dsknet | 2024-11-21 | 8.2 High |
| An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A PresAbs.php SQL Injection vulnerability allows unauthenticated users to taint database data and extract sensitive information via crafted HTTP requests. The type of SQL Injection is blind boolean based. (An unauthenticated attacker can discover the endpoint by abusing a Broken Access Control issue with further SQL injection attacks to gather all user's badge numbers and PIN codes.) | ||||
| CVE-2022-24646 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 7.5 High |
| Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parameters. | ||||
| CVE-2022-24607 | 1 Luocms Project | 1 Luocms | 2024-11-21 | 9.8 Critical |
| Luocms v2.0 is affected by SQL Injection in /admin/news/news_ok.php. | ||||
| CVE-2022-24606 | 1 Luocms Project | 1 Luocms | 2024-11-21 | 9.8 Critical |
| Luocms v2.0 is affected by SQL Injection in /admin/news/sort_ok.php. | ||||
| CVE-2022-24605 | 1 Luocms Project | 1 Luocms | 2024-11-21 | 9.8 Critical |
| Luocms v2.0 is affected by SQL Injection in /admin/link/link_ok.php. | ||||
| CVE-2022-24604 | 1 Luocms Project | 1 Luocms | 2024-11-21 | 9.8 Critical |
| Luocms v2.0 is affected by SQL Injection in /admin/link/link_mod.php. | ||||
| CVE-2022-24603 | 1 Luocms Project | 1 Luocms | 2024-11-21 | 9.8 Critical |
| Luocms v2.0 is affected by SQL Injection in /admin/news/sort_mod.php. | ||||
| CVE-2022-24602 | 1 Luocms Project | 1 Luocms | 2024-11-21 | 9.8 Critical |
| Luocms v2.0 is affected by SQL Injection in /admin/news/news_mod.php. | ||||
| CVE-2022-24601 | 1 Luocms Project | 1 Luocms | 2024-11-21 | 7.5 High |
| Luocms v2.0 is affected by SQL Injection in /admin/manager/admin_mod.php. An attacker can obtain sensitive information through SQL injection statements. | ||||
| CVE-2022-24600 | 1 Luocms Project | 1 Luocms | 2024-11-21 | 9.8 Critical |
| Luocms v2.0 is affected by SQL Injection through /admin/login.php. An attacker can log in to the background through SQL injection statements. | ||||
| CVE-2022-24571 | 1 Car Driving School Management System Project | 1 Car Driving School Management System | 2024-11-21 | 9.8 Critical |
| Car Driving School Management System v1.0 is affected by SQL injection in the login page. An attacker can use simple SQL login injection payload to get admin access. | ||||
| CVE-2022-24407 | 6 Cyrusimap, Debian, Fedoraproject and 3 more | 14 Cyrus-sasl, Debian Linux, Fedora and 11 more | 2024-11-21 | 8.8 High |
| In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. | ||||
| CVE-2022-24391 | 1 Fidelissecurity | 2 Deception, Network | 2024-11-21 | 8.8 High |
| Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level access. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. | ||||
| CVE-2022-24266 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 7.5 High |
| Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by parameter. | ||||