Total
15302 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42122 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-11-21 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows attackers to execute arbitrary SQL commands via a crafted payload injected into the `title` field of a friendly URL. | |||||
| CVE-2022-42120 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-11-21 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in the Fragment module in Liferay Portal 7.3.3 through 7.4.3.16, and Liferay DXP 7.3 before update 4, and 7.4 before update 17 allows attackers to execute arbitrary SQL commands via a PortletPreferences' `namespace` attribute. | |||||
| CVE-2022-42074 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2024-11-21 | N/A | 7.2 HIGH |
| Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editcategory.php?id=. | |||||
| CVE-2022-42073 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2024-11-21 | N/A | 7.2 HIGH |
| Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editclient.php?id=. | |||||
| CVE-2022-41892 | 1 Archesproject | 1 Arches | 2024-11-21 | N/A | 8.6 HIGH |
| Arches is a web platform for creating, managing, & visualizing geospatial data. Versions prior to 6.1.2, 6.2.1, and 7.1.2 are vulnerable to SQL Injection. With a carefully crafted web request, it's possible to execute certain unwanted sql statements against the database. This issue is fixed in version 7.12, 6.2.1, and 6.1.2. Users are recommended to upgrade as soon as possible. There are no workarounds. | |||||
| CVE-2022-41775 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | N/A | 8.8 HIGH |
| SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||||
| CVE-2022-41773 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | N/A | 8.8 HIGH |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | |||||
| CVE-2022-41731 | 2 Ibm, Redhat | 2 Watson Knowledge Catalog On Cloud Pak For Data, Openshift | 2024-11-21 | N/A | 8.6 HIGH |
| IBM Watson Knowledge Catalog on Cloud Pak for Data 4.5.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 237402. | |||||
| CVE-2022-41680 | 1 Formalms | 1 Formalms | 2024-11-21 | N/A | 7.6 HIGH |
| Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'search[value] parameter in the appLms/ajax.server.php?r=mycertificate/getMyCertificates' function in order to dump the entire database. | |||||
| CVE-2022-41671 | 1 Schneider-electric | 2 Ecostruxure Operator Terminal Expert, Pro-face Blue | 2024-11-21 | N/A | 7.0 HIGH |
| A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). | |||||
| CVE-2022-41515 | 1 Open Source Sacco Management System Project | 1 Open Source Sacco Management System | 2024-11-21 | N/A | 7.2 HIGH |
| Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_payment. | |||||
| CVE-2022-41514 | 1 Open Source Sacco Management System Project | 1 Open Source Sacco Management System | 2024-11-21 | N/A | 7.2 HIGH |
| Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_loan. | |||||
| CVE-2022-41513 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2024-11-21 | N/A | 7.2 HIGH |
| Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /diagnostic/edittest.php. | |||||
| CVE-2022-41378 | 1 Online Pet Shop We App Project | 1 Online Pet Shop We App | 2024-11-21 | N/A | 7.2 HIGH |
| Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=inventory/manage_inventory. | |||||
| CVE-2022-41377 | 1 Online Pet Shop We App Project | 1 Online Pet Shop We App | 2024-11-21 | N/A | 7.2 HIGH |
| Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=maintenance/manage_category. | |||||
| CVE-2022-41355 | 1 Online Leave Management System Project | 1 Online Leave Management System | 2024-11-21 | N/A | 7.2 HIGH |
| Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /leave_system/classes/Master.php?f=delete_department. | |||||
| CVE-2022-41142 | 1 Centreon | 1 Centreon | 2024-11-21 | N/A | 8.8 HIGH |
| This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to configure poller resources. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18304. | |||||
| CVE-2022-41133 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | N/A | 8.8 HIGH |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | |||||
| CVE-2022-40967 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | N/A | 8.8 HIGH |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | |||||
| CVE-2022-40835 | 1 Codeigniter | 1 Codeigniter | 2024-11-21 | N/A | 9.8 CRITICAL |
| B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php. Note: Multiple third parties have disputed this as not a valid vulnerability | |||||