Total
15272 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27984 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php. | |||||
| CVE-2022-27962 | 1 Bluecms Project | 1 Bluecms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Bluecms 1.6 has a SQL injection vulnerability at cooike. | |||||
| CVE-2022-27927 | 1 Microfinance Management System Project | 1 Microfinance Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable course_code and/or customer_number parameter. | |||||
| CVE-2022-27908 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module. | |||||
| CVE-2022-27613 | 1 Synology | 1 Carddav Server | 2024-11-21 | N/A | 8.3 HIGH |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors. | |||||
| CVE-2022-27596 | 1 Qnap | 2 Qts, Quts Hero | 2024-11-21 | N/A | 9.8 CRITICAL |
| A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QuTS hero, QTS: QuTS hero h5.0.1.2248 build 20221215 and later QTS 5.0.1.2234 build 20221201 and later | |||||
| CVE-2022-27485 | 1 Fortinet | 1 Fortisandbox | 2024-11-21 | N/A | 6.5 MEDIUM |
| A improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-89] in Fortinet FortiSandbox version 4.2.0, 4.0.0 through 4.0.2, 3.2.0 through 3.2.3, 3.1.x and 3.0.x allows a remote and authenticated attacker with read permission to retrieve arbitrary files from the underlying Linux system via a crafted HTTP request. | |||||
| CVE-2022-27479 | 1 Apache | 1 Superset | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue. | |||||
| CVE-2022-27473 | 1 Roothub Project | 1 Roothub | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Topics Searching feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely. | |||||
| CVE-2022-27472 | 1 Roothub Project | 1 Roothub | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Topics Counting feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely. | |||||
| CVE-2022-27466 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do. | |||||
| CVE-2022-27434 | 1 Unit4 | 1 Teta | 2024-11-21 | N/A | 9.8 CRITICAL |
| UNIT4 TETA Mobile Edition (ME) before 29.5.HF17 was discovered to contain a SQL injection vulnerability via the ProfileName parameter in the errorReporting page. | |||||
| CVE-2022-27423 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php. | |||||
| CVE-2022-27420 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php. | |||||
| CVE-2022-27413 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php. | |||||
| CVE-2022-27412 | 1 Exploreit | 1 Explore Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Explore CMS v1.0 was discovered to contain a SQL injection vulnerability via a /page.php?id= request. | |||||
| CVE-2022-27386 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. | |||||
| CVE-2022-27385 | 1 Mariadb | 1 Mariadb | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | |||||
| CVE-2022-27384 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | |||||
| CVE-2022-27381 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | |||||