Total
15302 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40834 | 1 Codeigniter | 1 Codeigniter | 2024-11-21 | N/A | 9.8 CRITICAL |
| B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_not_like() function. Note: Multiple third parties have disputed this as not a valid vulnerability. | |||||
| CVE-2022-40833 | 1 Codeigniter | 1 Codeigniter | 2024-11-21 | N/A | 9.8 CRITICAL |
| B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_in() function. Note: Multiple third parties have disputed this as not a valid vulnerability. | |||||
| CVE-2022-40832 | 1 Codeigniter | 1 Codeigniter | 2024-11-21 | N/A | 9.8 CRITICAL |
| B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php having() function. Note: Multiple third parties have disputed this as not a valid vulnerability. | |||||
| CVE-2022-40831 | 1 Codeigniter | 1 Codeigniter | 2024-11-21 | N/A | 9.8 CRITICAL |
| B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php like() function. Note: Multiple third parties have disputed this as not a valid vulnerability. | |||||
| CVE-2022-40830 | 1 Codeigniter | 1 Codeigniter | 2024-11-21 | N/A | 9.8 CRITICAL |
| B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where_not_in() function. Note: Multiple third parties have disputed this as not a valid vulnerability. | |||||
| CVE-2022-40829 | 1 Codeigniter | 1 Codeigniter | 2024-11-21 | N/A | 9.8 CRITICAL |
| B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_like() function. Note: Multiple third parties have disputed this as not a valid vulnerability. | |||||
| CVE-2022-40826 | 1 Codeigniter | 1 Codeigniter | 2024-11-21 | N/A | 9.8 CRITICAL |
| B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_having() function. Note: Multiple third parties have disputed this as not a valid vulnerability. | |||||
| CVE-2022-40825 | 1 Codeigniter | 1 Codeigniter | 2024-11-21 | N/A | 9.8 CRITICAL |
| B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where_in() function. Note: Multiple third parties have disputed this as not a valid vulnerability. | |||||
| CVE-2022-40824 | 1 Codeigniter | 1 Codeigniter | 2024-11-21 | N/A | 9.8 CRITICAL |
| B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where() function. Note: Multiple third parties have disputed this as not a valid vulnerability. | |||||
| CVE-2022-40766 | 1 Moderncampus | 1 Omni Cms | 2024-11-21 | N/A | 9.8 CRITICAL |
| Modern Campus Omni CMS (formerly OU Campus) 10.2.4 allows login-page SQL injection via a '" OR 1 = 1 -- - , <?php' substring. | |||||
| CVE-2022-40615 | 2 Ibm, Linux | 2 Sterling Partner Engagement Manager, Linux Kernel | 2024-11-21 | N/A | 6.3 MEDIUM |
| IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 236208. | |||||
| CVE-2022-3956 | 1 Hhims Project | 1 Hhims | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in tsruban HHIMS 2.1. Affected is an unknown function of the component Patient Portrait Handler. The manipulation of the argument PID leads to sql injection. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. VDB-213462 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3955 | 1 Crm42 Project | 1 Crm42 | 2024-11-21 | N/A | 7.3 HIGH |
| A vulnerability was found in tholum crm42. It has been rated as critical. This issue affects some unknown processing of the file crm42\class\class.user.php of the component Login. The manipulation of the argument user_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213461 was assigned to this vulnerability. | |||||
| CVE-2022-3948 | 1 Eolink | 1 Goku Lite | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability classified as critical was found in eolinker goku_lite. This vulnerability affects unknown code of the file /plugin/getList. The manipulation of the argument route/keyword leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-213454 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3947 | 1 Eolink | 1 Goku Lite | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in eolinker goku_lite. This affects an unknown part of the file /balance/service/list. The manipulation of the argument route/keyword leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213453 was assigned to this vulnerability. | |||||
| CVE-2022-3878 | 1 Maxonerp | 1 Maxon | 2024-11-21 | N/A | 7.3 HIGH |
| A vulnerability classified as critical has been found in Maxon ERP. This affects an unknown part of the file /index.php/purchase_order/browse_data. The manipulation of the argument tb_search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213039. | |||||
| CVE-2022-3802 | 1 Ibax | 1 Go-ibax | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability has been found in IBAX go-ibax and classified as critical. This vulnerability affects unknown code of the file /api/v2/open/rowsInfo. The manipulation of the argument where leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212638 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3801 | 1 Ibax | 1 Go-ibax | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in IBAX go-ibax. This affects an unknown part of the file /api/v2/open/rowsInfo. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212637 was assigned to this vulnerability. | |||||
| CVE-2022-3800 | 1 Ibax | 1 Go-ibax | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in IBAX go-ibax. Affected by this issue is some unknown functionality of the file /api/v2/open/rowsInfo. The manipulation of the argument table_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212636. | |||||
| CVE-2022-3799 | 1 Ibax | 1 Go-ibax | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability classified as critical was found in IBAX go-ibax. Affected by this vulnerability is an unknown functionality of the file /api/v2/open/tablesInfo. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212635. | |||||