Total
15288 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34945 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getproductreport.php. | |||||
| CVE-2022-34928 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | N/A | 8.8 HIGH |
| JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user. | |||||
| CVE-2022-34878 | 1 Vicidial | 1 Vicidial | 2024-11-21 | 9.0 HIGH | 5.5 MEDIUM |
| SQL Injection vulnerability in User Stats interface (/vicidial/user_stats.php) of VICIdial via the file_download parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. | |||||
| CVE-2022-34877 | 1 Vicidial | 1 Vicidial | 2024-11-21 | 9.0 HIGH | 6.4 MEDIUM |
| SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicidial/AST_agent_time_sheet.php) of VICIdial via the agent parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects: VICIdial 2.14b0.5 versions prior to 3555. | |||||
| CVE-2022-34876 | 1 Vicidial | 1 Vicidial | 2024-11-21 | 8.5 HIGH | 5.5 MEDIUM |
| SQL Injection vulnerability in admin interface (/vicidial/admin.php) of VICIdial via modify_email_accounts, access_recordings, and agentcall_email parameters allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects: VICIdial 2.14b0.5 versions prior to 3555. | |||||
| CVE-2022-34872 | 1 Centreon | 1 Centreon | 2024-11-21 | N/A | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of Virtual Metrics. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16336. | |||||
| CVE-2022-34871 | 1 Centreon | 1 Centreon | 2024-11-21 | N/A | 7.2 HIGH |
| This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of poller resources. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-16335. | |||||
| CVE-2022-34700 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | N/A | 8.8 HIGH |
| Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability | |||||
| CVE-2022-34652 | 1 Wwbn | 1 Avideo | 2024-11-21 | N/A | 8.8 HIGH |
| A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules plugin, allowing an attacker to inject SQL by manipulating the description parameter. | |||||
| CVE-2022-34590 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | N/A | 7.2 HIGH |
| Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in /HMS/admin.php. | |||||
| CVE-2022-34588 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2024-11-21 | N/A | 8.8 HIGH |
| itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via the grade parameter at /school/view/timetable_insert_form.php. | |||||
| CVE-2022-34586 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2024-11-21 | N/A | 8.8 HIGH |
| itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via the grade parameter at /school/view/student_grade_wise.php. | |||||
| CVE-2022-34557 | 1 Barangay Management System Project | 1 Barangay Management System | 2024-11-21 | N/A | 8.8 HIGH |
| Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /pages/permit/permit.php. | |||||
| CVE-2022-34265 | 1 Djangoproject | 1 Django | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected. | |||||
| CVE-2022-34132 | 1 Jorani | 1 Jorani | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Benjamin BALET Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php. | |||||
| CVE-2022-34114 | 1 Dataease Project | 1 Dataease | 2024-11-21 | N/A | 8.8 HIGH |
| Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId. | |||||
| CVE-2022-34042 | 1 Barangay Management System Project | 1 Barangay Management System | 2024-11-21 | N/A | 7.2 HIGH |
| Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /pages/household/household.php. | |||||
| CVE-2022-34023 | 1 Barangay Management System Project | 1 Barangay Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /officials/officials.php. | |||||
| CVE-2022-33965 | 1 Plugins-market | 1 Wp Visitor Statistics | 2024-11-21 | N/A | 9.3 CRITICAL |
| Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osamaesh WP Visitor Statistics plugin <= 5.7 at WordPress. | |||||
| CVE-2022-33960 | 1 Supsystic | 1 Social Share Buttons | 2024-11-21 | N/A | 8.5 HIGH |
| Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress. | |||||