Total
15270 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24223 | 1 Thedigitalcraft | 1 Atomcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php. | |||||
| CVE-2022-24222 | 1 Elitecms | 1 Elite Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_user.php. | |||||
| CVE-2022-24221 | 1 Elitecms | 1 Elite Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/functions/functions.php. | |||||
| CVE-2022-24220 | 1 Elitecms | 1 Elite Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_post.php. | |||||
| CVE-2022-24219 | 1 Elitecms | 1 Elite Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_page.php. | |||||
| CVE-2022-24206 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in /mobile_seal/get_seal.php via the DEVICE_LIST parameter. | |||||
| CVE-2022-24124 | 1 Casbin | 1 Casdoor | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations. | |||||
| CVE-2022-24121 | 2 Centos, Unifiedoffice | 2 Centos, Total Connect Now | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SQL Injection vulnerability discovered in Unified Office Total Connect Now that would allow an attacker to extract sensitive information through a cookie parameter. | |||||
| CVE-2022-23986 | 1 Phpuploader Project | 1 Phpuploader | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SQL injection vulnerability in the phpUploader v1.2 and earlier allows a remote unauthenticated attacker to obtain the information in the database via unspecified vectors. | |||||
| CVE-2022-23972 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database. | |||||
| CVE-2022-23911 | 1 Accesspressthemes | 1 Ap Custom Testimonial | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not validate and escape the id parameter before using it in a SQL statement when retrieving a testimonial to edit, leading to a SQL Injection | |||||
| CVE-2022-23902 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in export_data.php via the d_name parameter. | |||||
| CVE-2022-23899 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java. | |||||
| CVE-2022-23898 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml. | |||||
| CVE-2022-23882 | 1 Tuzicms | 1 Tuzicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| TuziCMS 2.0.6 is affected by SQL injection in \App\Manage\Controller\BannerController.class.php. | |||||
| CVE-2022-23873 | 1 Victor Cms Project | 1 Victor Cms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Victor CMS v1.0 was discovered to contain a SQL injection vulnerability that allows attackers to inject arbitrary commands via 'user_firstname' parameter. | |||||
| CVE-2022-23865 | 1 Wecul | 1 Nyron | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Nyron 1.0 is affected by a SQL injection vulnerability through Nyron/Library/Catalog/winlibsrch.aspx. To exploit this vulnerability, an attacker must inject '"> on the thes1 parameter. | |||||
| CVE-2022-23857 | 1 Navidrome | 1 Navidrome | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when processing crafted Smart Playlists. An authenticated user could abuse this to extract arbitrary data from the database, including the user table (which contains sensitive information such as the users' encrypted passwords). | |||||
| CVE-2022-23797 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection. | |||||
| CVE-2022-23510 | 1 Cube | 1 Cube.js | 2024-11-21 | N/A | 9.6 CRITICAL |
| cube-js is a headless business intelligence platform. In version 0.31.23 all authenticated Cube clients could bypass SQL row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. This issue has been resolved in version 0.31.24. Users are advised to either upgrade to 0.31.24 or to downgrade to 0.31.22. There are no known workarounds for this vulnerability. | |||||