ReportizFlow
Filtered by vendor
Subscriptions
Total
16421 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-28000 | 1 Car Rental System Project | 1 Car Rental System | 2024-11-21 | 8.8 High |
| Car Rental System v1.0 was discovered to contain a SQL injection vulnerability at /Car_Rental/booking.php via the id parameter. | ||||
| CVE-2022-27992 | 1 Phpgurukul | 1 Zoo Management System | 2024-11-21 | 8.8 High |
| Zoo Management System v1.0 was discovered to contain a SQL injection vulnerability at /public_html/animals via the class_id parameter. | ||||
| CVE-2022-27991 | 1 Online Banking System Project | 1 Online Banking System | 2024-11-21 | 6.5 Medium |
| Online Banking System in PHP v1 was discovered to contain multiple SQL injection vulnerabilities at /staff_login.php via the Staff ID and Staff Password parameters. | ||||
| CVE-2022-27985 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 9.8 Critical |
| CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php. | ||||
| CVE-2022-27984 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 9.8 Critical |
| CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php. | ||||
| CVE-2022-27962 | 1 Bluecms Project | 1 Bluecms | 2024-11-21 | 9.8 Critical |
| Bluecms 1.6 has a SQL injection vulnerability at cooike. | ||||
| CVE-2022-27927 | 1 Microfinance Management System Project | 1 Microfinance Management System | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable course_code and/or customer_number parameter. | ||||
| CVE-2022-27908 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 8.8 High |
| Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module. | ||||
| CVE-2022-27613 | 1 Synology | 1 Carddav Server | 2024-11-21 | 8.3 High |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors. | ||||
| CVE-2022-27485 | 1 Fortinet | 1 Fortisandbox | 2024-11-21 | 6.2 Medium |
| A improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-89] in Fortinet FortiSandbox version 4.2.0, 4.0.0 through 4.0.2, 3.2.0 through 3.2.3, 3.1.x and 3.0.x allows a remote and authenticated attacker with read permission to retrieve arbitrary files from the underlying Linux system via a crafted HTTP request. | ||||
| CVE-2022-27479 | 1 Apache | 1 Superset | 2024-11-21 | 9.8 Critical |
| Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue. | ||||
| CVE-2022-27473 | 1 Roothub Project | 1 Roothub | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in Topics Searching feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely. | ||||
| CVE-2022-27472 | 1 Roothub Project | 1 Roothub | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in Topics Counting feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely. | ||||
| CVE-2022-27466 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 9.8 Critical |
| MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do. | ||||
| CVE-2022-27444 | 2 Mariadb, Redhat | 3 Mariadb, Enterprise Linux, Rhel Software Collections | 2024-11-21 | 7.5 High |
| MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. | ||||
| CVE-2022-27434 | 1 Unit4 | 1 Teta | 2024-11-21 | 9.8 Critical |
| UNIT4 TETA Mobile Edition (ME) before 29.5.HF17 was discovered to contain a SQL injection vulnerability via the ProfileName parameter in the errorReporting page. | ||||
| CVE-2022-27423 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 9.8 Critical |
| Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php. | ||||
| CVE-2022-27420 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 9.8 Critical |
| Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php. | ||||
| CVE-2022-27413 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 9.8 Critical |
| Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php. | ||||
| CVE-2022-27412 | 1 Exploreit | 1 Explore Cms | 2024-11-21 | 9.8 Critical |
| Explore CMS v1.0 was discovered to contain a SQL injection vulnerability via a /page.php?id= request. | ||||