ReportizFlow
Filtered by vendor
Subscriptions
Total
16420 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-27127 | 1 Zbzcms | 1 Zbzcms | 2024-11-21 | 6.5 Medium |
| zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php/ajax.php. | ||||
| CVE-2022-27126 | 1 Zbzcms | 1 Zbzcms | 2024-11-21 | 9.8 Critical |
| zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the art parameter at /include/make.php. | ||||
| CVE-2022-27123 | 1 Employee Performance Evaluation Project | 1 Employee Performance Evaluation | 2024-11-21 | 9.8 Critical |
| Employee Performance Evaluation v1.0 was discovered to contain a SQL injection vulnerability via the email parameter. | ||||
| CVE-2022-27104 | 1 Formalms | 1 Formalms | 2024-11-21 | 9.8 Critical |
| An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3. | ||||
| CVE-2022-27041 | 1 Os4ed | 1 Opensis | 2024-11-21 | 7.5 High |
| Due to lack of protection, parameter student_id in OpenSIS Classic 8.0 /modules/eligibility/Student.php can be used to inject SQL queries to extract information from databases. | ||||
| CVE-2022-26986 | 1 Impresscms | 1 Impresscms | 2024-11-21 | 7.2 High |
| SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database used by the application. If misconfigured, an attacker can even upload a malicious web shell to compromise the entire system. | ||||
| CVE-2022-26959 | 1 Globalnorthstar | 1 Northstar Club Management | 2024-11-21 | 10 Critical |
| There are two full (read/write) Blind/Time-based SQL injection vulnerabilities in the Northstar Club Management version 6.3 application. The vulnerabilities exist in the userName parameter of the processlogin.jsp page in the /northstar/Portal/ directory and the userID parameter of the login.jsp page in the /northstar/iphone/ directory. Exploitation of the SQL injection vulnerabilities allows full access to the database which contains critical data for organization’s that make full use of the software suite. | ||||
| CVE-2022-26669 | 1 Asus | 1 Control Center | 2024-11-21 | 8.8 High |
| ASUS Control Center is vulnerable to SQL injection. An authenticated remote attacker with general user privilege can inject SQL command to specific API parameters to acquire database schema or access data. | ||||
| CVE-2022-26651 | 2 Debian, Digium | 3 Debian Linux, Asterisk, Certified Asterisk | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14. | ||||
| CVE-2022-26633 | 1 Simple Student Quarterly Result\/grade System Project | 1 Simple Student Quarterly Result\/grade System | 2024-11-21 | 9.8 Critical |
| Simple Student Quarterly Result/Grade System v1.0 was discovered to contain a SQL injection vulnerability via /sqgs/Actions.php. | ||||
| CVE-2022-26632 | 1 Multi-vendor Online Groceries Management System Project | 1 Multi-vendor Online Groceries Management System | 2024-11-21 | 9.8 Critical |
| Multi-Vendor Online Groceries Management System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /products/view_product.php. | ||||
| CVE-2022-26631 | 1 Automatic Question Paper Generator Project | 1 Automatic Question Paper Generator | 2024-11-21 | 9.8 Critical |
| Automatic Question Paper Generator v1.0 contains a Time-Based Blind SQL injection vulnerability via the id GET parameter. | ||||
| CVE-2022-26628 | 1 Matrimony Project | 1 Matrimony | 2024-11-21 | 9.8 Critical |
| Matrimony v1.0 was discovered to contain a SQL injection vulnerability via the Password parameter. | ||||
| CVE-2022-26613 | 1 Php-cms Project | 1 Php-cms | 2024-11-21 | 9.8 Critical |
| PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability via the category parameter in categorymenu.php. | ||||
| CVE-2022-26585 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 9.8 Critical |
| Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list. | ||||
| CVE-2022-26348 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 8.2 High |
| Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded into the registry of the Windows Server to obtain sensitive information. This issue affects: Gallagher Command Centre 8.60 versions prior to 8.60.1652; 8.50 versions prior to 8.50.2245; 8.40 versions prior to 8.40.2216; 8.30 versions prior to 8.30.1470; version 8.20 and prior versions. | ||||
| CVE-2022-26301 | 1 Yejiao | 1 Tuzicms | 2024-11-21 | 9.8 Critical |
| TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability via the component App\Manage\Controller\ZhuantiController.class.php. | ||||
| CVE-2022-26293 | 1 Online Project Time Management System Project | 1 Online Project Time Management System | 2024-11-21 | 9.8 Critical |
| Online Project Time Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the function save_employee at /ptms/classes/Users.php. | ||||
| CVE-2022-26285 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2024-11-21 | 9.8 Critical |
| Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests. | ||||
| CVE-2022-26284 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2024-11-21 | 9.8 Critical |
| Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manage_client endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests. | ||||