Total
15300 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37223 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | N/A | 9.8 CRITICAL |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list. | |||||
| CVE-2022-37207 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | N/A | 8.8 HIGH |
| JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection | |||||
| CVE-2022-37203 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | N/A | 9.8 CRITICAL |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection. | |||||
| CVE-2022-37201 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | N/A | 8.8 HIGH |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection. | |||||
| CVE-2022-37199 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | N/A | 9.8 CRITICAL |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list. | |||||
| CVE-2022-37185 | 1 Ems Project | 1 Ems | 2024-11-21 | N/A | 7.5 HIGH |
| SQL injection vulnerability exists in the school information query interface (repschoolproj.php) of the EMS 6.2 system of the Office of the Thai Basic Education Commission, which can lead to data leakage. | |||||
| CVE-2022-37178 | 1 72crm | 1 Wukong Crm | 2024-11-21 | N/A | 8.8 HIGH |
| An issue was discovered in 72crm 9.0. There is a SQL Injection vulnerability in View the task calendar. | |||||
| CVE-2022-37152 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in Online Diagnostic Lab Management System 1.0, There is a SQL injection vulnerability via "dob" parameter in "/classes/Users.php?f=save_client" | |||||
| CVE-2022-37113 | 1 Bluecms Project | 1 Bluecms | 2024-11-21 | N/A | 9.8 CRITICAL |
| Bluecms 1.6 has SQL injection in line 132 of admin/area.php | |||||
| CVE-2022-37112 | 1 Bluecms Project | 1 Bluecms | 2024-11-21 | N/A | 9.8 CRITICAL |
| BlueCMS 1.6 has SQL injection in line 55 of admin/model.php | |||||
| CVE-2022-37111 | 1 Bluecms Project | 1 Bluecms | 2024-11-21 | N/A | 9.8 CRITICAL |
| BlueCMS 1.6 has SQL injection in line 132 of admin/article.php | |||||
| CVE-2022-36979 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 9.8 CRITICAL |
| This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AvalancheDaoSupport class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15493. | |||||
| CVE-2022-36976 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 9.8 CRITICAL |
| This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the GroupDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15333. | |||||
| CVE-2022-36975 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 9.8 CRITICAL |
| This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15332. | |||||
| CVE-2022-36973 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 8.8 HIGH |
| This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15329. | |||||
| CVE-2022-36972 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 9.8 CRITICAL |
| This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15328. | |||||
| CVE-2022-36961 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | N/A | 8.8 HIGH |
| A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution. | |||||
| CVE-2022-36839 | 1 Samsung | 1 Checkout | 2024-11-21 | N/A | 5.9 MEDIUM |
| SQL injection vulnerability via IAPService in Samsung Checkout prior to version 5.0.53.1 allows attackers to access IAP information. | |||||
| CVE-2022-36787 | 1 Webvendome Project | 1 Webvendome | 2024-11-21 | N/A | 9.8 CRITICAL |
| webvendome - webvendome SQL Injection. SQL Injection in the Parameter " DocNumber" Request : Get Request : /webvendome/showfiles.aspx?jobnumber=nullDoc Number=HERE. | |||||
| CVE-2022-36759 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /dishes.php?res_id=. | |||||