ReportizFlow
Filtered by vendor
Subscriptions
Total
16424 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-36578 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 9.8 Critical |
| jizhicms v2.3.1 has SQL injection in the background. | ||||
| CVE-2022-36545 | 1 Edoc-doctor-appointment-system Project | 1 Edoc-doctor-appointment-system | 2024-11-21 | 9.8 Critical |
| Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php. | ||||
| CVE-2022-36544 | 1 Edoc-doctor-appointment-system Project | 1 Edoc-doctor-appointment-system | 2024-11-21 | 9.8 Critical |
| Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/booking.php. | ||||
| CVE-2022-36543 | 1 Edoc-doctor-appointment-system Project | 1 Edoc-doctor-appointment-system | 2024-11-21 | 9.8 Critical |
| Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/doctors.php. | ||||
| CVE-2022-36529 | 1 Kensite Cms Project | 1 Kensite Cms | 2024-11-21 | 8.8 High |
| Kensite CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities via the name and oldname parameters at /framework/mod/db/DBMapper.xml. | ||||
| CVE-2022-36276 | 1 Tcman | 1 Gim | 2024-11-21 | 9.9 Critical |
| TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this vulnerability might allow a remote attacker to directly interact with the database. | ||||
| CVE-2022-36272 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 9.8 Critical |
| Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter. | ||||
| CVE-2022-36259 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | 7.5 High |
| A SQL injection vulnerability in ConnectionFactory.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "username", "password", etc. | ||||
| CVE-2022-36258 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | 7.5 High |
| A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt". | ||||
| CVE-2022-36257 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | 7.5 High |
| A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "users", "pass", etc. | ||||
| CVE-2022-36256 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | 7.5 High |
| A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "productcode". | ||||
| CVE-2022-36255 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | 7.5 High |
| A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt". | ||||
| CVE-2022-36242 | 1 Oretnom23 | 1 Clinic\'s Patient Management System | 2024-11-21 | 9.8 Critical |
| Clinic's Patient Management System v1.0 is vulnerable to SQL Injection via /pms/update_medicine.php?id=. | ||||
| CVE-2022-36201 | 1 Doctor\'s Appointment System Project | 1 Doctor\'s Appointment System | 2024-11-21 | 9.8 Critical |
| Doctor’s Appointment System v1.0 is vulnerable to Blind SQLi via settings.php. | ||||
| CVE-2022-36198 | 1 Phpgurukul | 1 Bus Pass Management System | 2024-11-21 | 9.8 Critical |
| Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/admin/search-pass.php, buspassms/admin/edit-category-detail.php, and buspassms/admin/edit-pass-detail.php | ||||
| CVE-2022-36161 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | 9.8 Critical |
| Orange Station 1.0 was discovered to contain a SQL injection vulnerability via the username parameter. | ||||
| CVE-2022-35864 | 1 Bmc | 1 Track-it\! | 2024-11-21 | 6.5 Medium |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPopupSubQueryDetails endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16690. | ||||
| CVE-2022-35628 | 1 In2code | 1 Living User Experience | 2024-11-21 | 9.8 Critical |
| A SQL injection issue was discovered in the lux extension before 17.6.1, and 18.x through 24.x before 24.0.2, for TYPO3. | ||||
| CVE-2022-35606 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameter 'customerCode.' | ||||
| CVE-2022-35605 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as 'users', 'pass', etc. | ||||