Total
15276 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31344 | 1 Online Car Wash Booking System Project | 1 Online Car Wash Booking System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_booking. | |||||
| CVE-2022-31343 | 1 Online Car Wash Booking System Project | 1 Online Car Wash Booking System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=bookings/view_details&id=. | |||||
| CVE-2022-31340 | 1 Simple Inventory System Project | 1 Simple Inventory System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/table_edit_ajax.php. | |||||
| CVE-2022-31339 | 1 Simple Inventory System Project | 1 Simple Inventory System | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/login.php. | |||||
| CVE-2022-31338 | 1 Online Ordering System Project | 1 Online Ordering System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=edit&id=. | |||||
| CVE-2022-31337 | 1 Online Ordering System Project | 1 Online Ordering System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/category/index.php?view=edit&id=. | |||||
| CVE-2022-31336 | 1 Online Ordering System Project | 1 Online Ordering System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/loaddata.php. | |||||
| CVE-2022-31335 | 1 Online Ordering System Project | 1 Online Ordering System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/index.php?view=edit&id=. | |||||
| CVE-2022-31329 | 1 Online Ordering System Project | 1 Online Ordering System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Ordering System By janobe 2.3.2 is vulnerable to SQL Injection via /ordering/admin/orders/loaddata.php. | |||||
| CVE-2022-31328 | 1 Online Ordering System Project | 1 Online Ordering System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Ordering System By janobe 2.3.2 has SQL Injection via /ordering/admin/products/index.php?view=edit&id=. | |||||
| CVE-2022-31327 | 1 Online Ordering System Project | 1 Online Ordering System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Ordering System By janobe 2.3.2 is vulneranle to SQL Injection via /ordering/index.php?q=products&id=. | |||||
| CVE-2022-31325 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php. | |||||
| CVE-2022-31296 | 1 Online Discussion Forum Project | 1 Online Discussion Forum | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Discussion Forum Site 1 was discovered to contain a blind SQL injection vulnerability via the component /odfs/posts/view_post.php. | |||||
| CVE-2022-31197 | 3 Debian, Fedoraproject, Postgresql | 3 Debian Linux, Fedora, Postgresql Jdbc Driver | 2024-11-21 | N/A | 7.1 HIGH |
| PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious column name that contains a statement terminator, e.g. `;`, could lead to SQL injection. This could lead to executing additional SQL commands as the application's JDBC user. User applications that do not invoke the `ResultSet.refreshRow()` method are not impacted. User application that do invoke that method are impacted if the underlying database that they are querying via their JDBC application may be under the control of an attacker. The attack requires the attacker to trick the user into executing SQL against a table name who's column names would contain the malicious SQL and subsequently invoke the `refreshRow()` method on the ResultSet. Note that the application's JDBC user and the schema owner need not be the same. A JDBC application that executes as a privileged user querying database schemas owned by potentially malicious less-privileged users would be vulnerable. In that situation it may be possible for the malicious user to craft a schema that causes the application to execute commands as the privileged user. Patched versions will be released as `42.2.26` and `42.4.1`. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-31181 | 1 Prestashop | 1 Prestashop | 2024-11-21 | N/A | 9.8 CRITICAL |
| PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users unable to upgrade may delete the MySQL Smarty cache feature. | |||||
| CVE-2022-31101 | 1 Prestashop | 1 Blockwishlist | 2024-11-21 | 6.5 MEDIUM | 8.1 HIGH |
| prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-31092 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 6.8 MEDIUM | 7.5 HIGH |
| Pimcore is an Open Source Data & Experience Management Platform. Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results based on one or more columns which should be quoted by default. The actual issue is that quoting is not done properly in both cases, so there's the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the listing classes. This issue has been resolved in version 10.4.4. Users are advised to upgrade or to apple the patch manually. There are no known workarounds for this issue. | |||||
| CVE-2022-31082 | 1 Glpi-project | 1 Glpi Inventory | 2024-11-21 | 7.5 HIGH | 5.8 MEDIUM |
| GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. glpi-inventory-plugin is a plugin for GLPI to handle inventory management. In affected versions a SQL injection can be made using package deployment tasks. This issue has been resolved in version 1.0.2. Users are advised to upgrade. Users unable to upgrade should delete the `front/deploypackage.public.php` file if they are not using the `deploy tasks` feature. | |||||
| CVE-2022-31061 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. | |||||
| CVE-2022-31058 | 1 Enalean | 1 Tuleap | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.95 Tuleap does not sanitize properly user inputs when constructing the SQL query to retrieve data for the tracker reports. An attacker with the capability to create a new tracker can execute arbitrary SQL queries. Users are advised to upgrade. There is no known workaround for this issue. | |||||