Export limit exceeded: 18079 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18079 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-25405 | 1 Tongda2000 | 1 Tongda2000 | 2024-11-21 | 9.8 Critical |
| Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in change_box.php via the DELETE_STR parameter. | ||||
| CVE-2022-25404 | 1 Tongda2000 | 1 Tongda2000 | 2024-11-21 | 9.8 Critical |
| Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete.php via the DELETE_STR parameter. | ||||
| CVE-2022-25403 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 9.8 Critical |
| HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php. | ||||
| CVE-2022-25399 | 1 Simple Real Estate Portal System Project | 1 Simple Real Estate Portal System | 2024-11-21 | 9.8 Critical |
| Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter. | ||||
| CVE-2022-25398 | 1 Auto Spare Parts Management Project | 1 Auto Spare Parts Management | 2024-11-21 | 9.8 Critical |
| Auto Spare Parts Management v1.0 was discovered to contain a SQL injection vulnerability via the user parameter. | ||||
| CVE-2022-25396 | 1 Cosmetics And Beauty Product Online Store Project | 1 Cosmetics And Beauty Product Online Store | 2024-11-21 | 9.8 Critical |
| Cosmetics and Beauty Product Online Store v1.0 was discovered to contain a SQL injection vulnerability via the search parameter. | ||||
| CVE-2022-25394 | 1 Medical Store Management System Project | 1 Medical Store Management System | 2024-11-21 | 9.8 Critical |
| Medical Store Management System v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter under customer-add.php. | ||||
| CVE-2022-25393 | 1 Simple Bakery Shop Management Project | 1 Simple Bakery Shop Management | 2024-11-21 | 7.5 High |
| Simple Bakery Shop Management v1.0 was discovered to contain a SQL injection vulnerability via the username parameter. | ||||
| CVE-2022-25322 | 1 Zerof | 1 Web Server | 2024-11-21 | 9.8 Critical |
| ZEROF Web Server 2.0 allows /HandleEvent SQL Injection. | ||||
| CVE-2022-25228 | 1 Auieo | 1 Candidats | 2024-11-21 | 6.5 Medium |
| CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=settings&a=show' via the 'userID' parameter, in '/index.php?m=candidates&a=show' via the 'candidateID', in '/index.php?m=joborders&a=show' via the 'jobOrderID' and '/index.php?m=companies&a=show' via the 'companyID' parameter | ||||
| CVE-2022-25225 | 1 Softinventive | 1 Network Olympus | 2024-11-21 | 7.2 High |
| Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve remote code execution in the default installation (PostgreSQL) by exploiting this issue. | ||||
| CVE-2022-25223 | 1 Money Transfer Management System Project | 1 Money Transfer Management System | 2024-11-21 | 4.3 Medium |
| Money Transfer Management System Version 1.0 allows an authenticated user to inject SQL queries in 'mtms/admin/?page=transaction/view_details' via the 'id' parameter. | ||||
| CVE-2022-25222 | 1 Money Transfer Management System Project | 1 Money Transfer Management System | 2024-11-21 | 9.8 Critical |
| Money Transfer Management System Version 1.0 allows an unauthenticated user to inject SQL queries in 'admin/maintenance/manage_branch.php' and 'admin/maintenance/manage_fee.php' via the 'id' parameter. | ||||
| CVE-2022-25148 | 1 Veronalabs | 1 Wp Statistics | 2024-11-21 | 9.8 Critical |
| The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5. | ||||
| CVE-2022-25125 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 9.8 Critical |
| MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp. | ||||
| CVE-2022-25096 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2024-11-21 | 9.8 Critical |
| Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/view_member.php. | ||||
| CVE-2022-25004 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2024-11-21 | 9.8 Critical |
| Hospital Patient Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/doctors/manage_doctor.php. | ||||
| CVE-2022-25003 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2024-11-21 | 9.8 Critical |
| Hospital Patient Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/doctors/view_doctor.php. | ||||
| CVE-2022-24956 | 1 Shopware | 1 B2b Suite | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Shopware B2B-Suite through 4.4.1. The sort-by parameter of the search functionality of b2border and b2borderlist allows SQL injection. Possible techniques are boolean-based blind, time-based blind, and potentially stacked queries. The vulnerability allows a remote authenticated attacker to dump the underlying database. | ||||
| CVE-2022-24691 | 1 Dsk | 1 Dsknet | 2024-11-21 | 7.1 High |
| An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A SQL Injection vulnerability allows authenticated users to taint database data and extract sensitive information via crafted HTTP requests. The type of SQL Injection is blind boolean based. | ||||