ReportizFlow
Filtered by vendor
Subscriptions
Total
17353 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30374 | 1 Air Cargo Management System Project | 1 Air Cargo Management System | 2024-11-21 | 7.2 High |
| Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/?page=transactions/manage_transaction&id=. | ||||
| CVE-2022-30373 | 1 Air Cargo Management System Project | 1 Air Cargo Management System | 2024-11-21 | 7.2 High |
| Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/cargo_types/manage_cargo_type.php?id=. | ||||
| CVE-2022-30372 | 1 Air Cargo Management System Project | 1 Air Cargo Management System | 2024-11-21 | 7.2 High |
| Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo. | ||||
| CVE-2022-30371 | 1 Air Cargo Management System Project | 1 Air Cargo Management System | 2024-11-21 | 7.2 High |
| Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/cargo_types/view_cargo_type.php?id=. | ||||
| CVE-2022-30370 | 1 Air Cargo Management System Project | 1 Air Cargo Management System | 2024-11-21 | 9.8 Critical |
| Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo_type. | ||||
| CVE-2022-30352 | 1 Phpabook Project | 1 Phpabook | 2024-11-21 | 9.8 Critical |
| phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the "auth_user" parameter in index.php script. | ||||
| CVE-2022-30335 | 1 Wealth | 1 Bonanza Wealth Management System | 2024-11-21 | 9.8 Critical |
| Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component. | ||||
| CVE-2022-30113 | 1 Fahou100 | 1 Electronic Mall System | 2024-11-21 | 9.8 Critical |
| Electronic mall system 1.0_build20200203 is affected vulnerable to SQL Injection. | ||||
| CVE-2022-30054 | 1 Covid 19 Travel Pass Management Project | 1 Covid 19 Travel Pass Management | 2024-11-21 | 9.8 Critical |
| In Covid 19 Travel Pass Management 1.0, the code parameter is vulnerable to SQL injection attacks. | ||||
| CVE-2022-30052 | 1 Home Clean Service System Project | 1 Home Clean Service System | 2024-11-21 | 9.8 Critical |
| In Home Clean Service System 1.0, the password parameter is vulnerable to SQL injection attacks. | ||||
| CVE-2022-30048 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 9.8 Critical |
| Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/list URI via orderBy parameter. | ||||
| CVE-2022-30047 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 9.8 Critical |
| Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter. | ||||
| CVE-2022-30012 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 7.5 High |
| In the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities in multiple parameters, and database information can be obtained through injection. | ||||
| CVE-2022-30011 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 9.8 Critical |
| In HMS 1.0 when requesting appointment.php through POST, multiple parameters can lead to a SQL injection vulnerability. | ||||
| CVE-2022-2958 | 1 Badgeos | 1 Badgos | 2024-11-21 | 8.8 High |
| The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections | ||||
| CVE-2022-2840 | 1 Zephyr-one | 1 Zephyr Project Manager | 2024-11-21 | 9.8 Critical |
| The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections | ||||
| CVE-2022-2754 | 1 Ketchup Restaurant Reservations Project | 1 Ketchup Restaurant Reservations | 2024-11-21 | 9.8 Critical |
| The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not validate and escape some reservation parameters before using them in SQL statements, which could allow unauthenticated attackers to perform SQL Injection attacks | ||||
| CVE-2022-2718 | 1 Beardev | 1 Joomsport | 2024-11-21 | 7.2 High |
| The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter on the joomsport-page-extrafields page in versions up to, and including, 5.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrative privileges, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2022-2717 | 1 Beardev | 1 Joomsport | 2024-11-21 | 7.2 High |
| The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter on the joomsport-events-form page in versions up to, and including, 5.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrative privileges, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2022-2593 | 1 Deliciousbrains | 1 Better Search Replace | 2024-11-21 | 7.2 High |
| The Better Search Replace WordPress plugin before 1.4.1 does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL Injection attacks | ||||