Total
15292 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36258 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | N/A | 7.5 HIGH |
| A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt". | |||||
| CVE-2022-36257 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | N/A | 7.5 HIGH |
| A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "users", "pass", etc. | |||||
| CVE-2022-36256 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | N/A | 7.5 HIGH |
| A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "productcode". | |||||
| CVE-2022-36255 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | N/A | 7.5 HIGH |
| A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt". | |||||
| CVE-2022-36242 | 1 Oretnom23 | 1 Clinic\'s Patient Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Clinic's Patient Management System v1.0 is vulnerable to SQL Injection via /pms/update_medicine.php?id=. | |||||
| CVE-2022-36201 | 1 Doctor\'s Appointment System Project | 1 Doctor\'s Appointment System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Doctor’s Appointment System v1.0 is vulnerable to Blind SQLi via settings.php. | |||||
| CVE-2022-36198 | 1 Phpgurukul | 1 Bus Pass Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/admin/search-pass.php, buspassms/admin/edit-category-detail.php, and buspassms/admin/edit-pass-detail.php | |||||
| CVE-2022-36161 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Orange Station 1.0 was discovered to contain a SQL injection vulnerability via the username parameter. | |||||
| CVE-2022-36030 | 1 Project-nexus Project | 1 Project-nexus | 2024-11-21 | N/A | 9.8 CRITICAL |
| Project-nexus is a general-purpose blog website framework. Affected versions are subject to SQL injection due to a lack of sensitization of user input. This issue has not yet been patched. Users are advised to restrict user input and to upgrade when a new release becomes available. | |||||
| CVE-2022-35956 | 1 Update By Case Project | 1 Update By Case | 2024-11-21 | N/A | 5.8 MEDIUM |
| This Rails gem adds two methods to the ActiveRecord::Base class that allow you to update many records on a single database hit, using a case sql statement for it. Before version 0.1.3 `update_by_case` gem used custom sql strings, and it was not sanitized, making it vulnerable to sql injection. Upgrade to version >= 0.1.3 that uses `Arel` instead to construct the resulting sql statement, with sanitized sql. | |||||
| CVE-2022-35947 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 10.0 CRITICAL |
| GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions have been found to be vulnerable to a SQL injection attack which an attacker could leverage to simulate an arbitrary user login. Users are advised to upgrade to version 10.0.3. Users unable to upgrade should disable the `Enable login with external token` API configuration. | |||||
| CVE-2022-35946 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 5.5 MEDIUM |
| GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In affected versions request input is not properly validated in the plugin controller and can be used to access low-level API of Plugin class. An attacker can, for instance, alter database data. Attacker must have "General setup" update rights to be able to perform this attack. Users are advised to upgrade to version 10.0.3. Users unable to upgrade should remove the `front/plugin.form.php` script. | |||||
| CVE-2022-35942 | 1 Linuxfoundation | 1 Loopback-connector-postgresql | 2024-11-21 | N/A | 9.3 CRITICAL |
| Improper input validation on the `contains` LoopBack filter may allow for arbitrary SQL injection. When the extended filter property `contains` is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of data stored on the connected database. A patch was released in version 5.5.1. This affects users who does any of the following: - Connect to the database via the DataSource with `allowExtendedProperties: true` setting OR - Uses the connector's CRUD methods directly OR - Uses the connector's other methods to interpret the LoopBack filter. Users who are unable to upgrade should do the following if applicable: - Remove `allowExtendedProperties: true` DataSource setting - Add `allowExtendedProperties: false` DataSource setting - When passing directly to the connector functions, manually sanitize the user input for the `contains` LoopBack filter beforehand. | |||||
| CVE-2022-35864 | 1 Bmc | 1 Track-it\! | 2024-11-21 | N/A | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPopupSubQueryDetails endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16690. | |||||
| CVE-2022-35628 | 1 In2code | 1 Living User Experience | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection issue was discovered in the lux extension before 17.6.1, and 18.x through 24.x before 24.0.2, for TYPO3. | |||||
| CVE-2022-35606 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameter 'customerCode.' | |||||
| CVE-2022-35605 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as 'users', 'pass', etc. | |||||
| CVE-2022-35603 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt. | |||||
| CVE-2022-35602 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter user. | |||||
| CVE-2022-35601 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt. | |||||