ReportizFlow
Filtered by vendor
Subscriptions
Total
16420 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-25404 | 1 Tongda2000 | 1 Tongda2000 | 2024-11-21 | 9.8 Critical |
| Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete.php via the DELETE_STR parameter. | ||||
| CVE-2022-25403 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 9.8 Critical |
| HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php. | ||||
| CVE-2022-25399 | 1 Simple Real Estate Portal System Project | 1 Simple Real Estate Portal System | 2024-11-21 | 9.8 Critical |
| Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter. | ||||
| CVE-2022-25398 | 1 Auto Spare Parts Management Project | 1 Auto Spare Parts Management | 2024-11-21 | 9.8 Critical |
| Auto Spare Parts Management v1.0 was discovered to contain a SQL injection vulnerability via the user parameter. | ||||
| CVE-2022-25396 | 1 Cosmetics And Beauty Product Online Store Project | 1 Cosmetics And Beauty Product Online Store | 2024-11-21 | 9.8 Critical |
| Cosmetics and Beauty Product Online Store v1.0 was discovered to contain a SQL injection vulnerability via the search parameter. | ||||
| CVE-2022-25394 | 1 Medical Store Management System Project | 1 Medical Store Management System | 2024-11-21 | 9.8 Critical |
| Medical Store Management System v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter under customer-add.php. | ||||
| CVE-2022-25393 | 1 Simple Bakery Shop Management Project | 1 Simple Bakery Shop Management | 2024-11-21 | 7.5 High |
| Simple Bakery Shop Management v1.0 was discovered to contain a SQL injection vulnerability via the username parameter. | ||||
| CVE-2022-25322 | 1 Zerof | 1 Web Server | 2024-11-21 | 9.8 Critical |
| ZEROF Web Server 2.0 allows /HandleEvent SQL Injection. | ||||
| CVE-2022-25228 | 1 Auieo | 1 Candidats | 2024-11-21 | 6.5 Medium |
| CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=settings&a=show' via the 'userID' parameter, in '/index.php?m=candidates&a=show' via the 'candidateID', in '/index.php?m=joborders&a=show' via the 'jobOrderID' and '/index.php?m=companies&a=show' via the 'companyID' parameter | ||||
| CVE-2022-25225 | 1 Softinventive | 1 Network Olympus | 2024-11-21 | 7.2 High |
| Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve remote code execution in the default installation (PostgreSQL) by exploiting this issue. | ||||
| CVE-2022-25223 | 1 Money Transfer Management System Project | 1 Money Transfer Management System | 2024-11-21 | 4.3 Medium |
| Money Transfer Management System Version 1.0 allows an authenticated user to inject SQL queries in 'mtms/admin/?page=transaction/view_details' via the 'id' parameter. | ||||
| CVE-2022-25222 | 1 Money Transfer Management System Project | 1 Money Transfer Management System | 2024-11-21 | 9.8 Critical |
| Money Transfer Management System Version 1.0 allows an unauthenticated user to inject SQL queries in 'admin/maintenance/manage_branch.php' and 'admin/maintenance/manage_fee.php' via the 'id' parameter. | ||||
| CVE-2022-25148 | 1 Veronalabs | 1 Wp Statistics | 2024-11-21 | 9.8 Critical |
| The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5. | ||||
| CVE-2022-25125 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 9.8 Critical |
| MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp. | ||||
| CVE-2022-25096 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2024-11-21 | 9.8 Critical |
| Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/view_member.php. | ||||
| CVE-2022-25004 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2024-11-21 | 9.8 Critical |
| Hospital Patient Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/doctors/manage_doctor.php. | ||||
| CVE-2022-25003 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2024-11-21 | 9.8 Critical |
| Hospital Patient Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/doctors/view_doctor.php. | ||||
| CVE-2022-24956 | 1 Shopware | 1 B2b Suite | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Shopware B2B-Suite through 4.4.1. The sort-by parameter of the search functionality of b2border and b2borderlist allows SQL injection. Possible techniques are boolean-based blind, time-based blind, and potentially stacked queries. The vulnerability allows a remote authenticated attacker to dump the underlying database. | ||||
| CVE-2022-24691 | 1 Dsk | 1 Dsknet | 2024-11-21 | 7.1 High |
| An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A SQL Injection vulnerability allows authenticated users to taint database data and extract sensitive information via crafted HTTP requests. The type of SQL Injection is blind boolean based. | ||||
| CVE-2022-24690 | 1 Dsk | 1 Dsknet | 2024-11-21 | 8.2 High |
| An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A PresAbs.php SQL Injection vulnerability allows unauthenticated users to taint database data and extract sensitive information via crafted HTTP requests. The type of SQL Injection is blind boolean based. (An unauthenticated attacker can discover the endpoint by abusing a Broken Access Control issue with further SQL injection attacks to gather all user's badge numbers and PIN codes.) | ||||