Export limit exceeded: 352342 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 19071 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19071 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-23364 | 1 Hms Project | 1 Hms | 2024-11-21 | 9.8 Critical |
| HMS v1.0 was discovered to contain a SQL injection vulnerability via adminlogin.php. | ||||
| CVE-2022-23363 | 1 Online Banking System Project | 1 Online Banking System | 2024-11-21 | 9.8 Critical |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via index.php. | ||||
| CVE-2022-23358 | 1 Easycms | 1 Easycms | 2024-11-21 | 9.8 Critical |
| EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In the background, search terms provided by the user were not sanitized and were used directly to construct a SQL statement. | ||||
| CVE-2022-23337 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 9.8 Critical |
| DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter. | ||||
| CVE-2022-23336 | 1 S-cms | 1 S-cms | 2024-11-21 | 9.8 Critical |
| S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter. | ||||
| CVE-2022-23335 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 9.8 Critical |
| Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in language_general.class.php via doModifyParameter. | ||||
| CVE-2022-23314 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 9.8 Critical |
| MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do. | ||||
| CVE-2022-23169 | 1 Amodat | 1 Mobile Application Gateway | 2024-11-21 | 5.9 Medium |
| attacker needs to craft a SQL payload. the vulnerable parameter is "agentid" must be authenticated to the admin panel. | ||||
| CVE-2022-23168 | 1 Amodat | 1 Mobile Application Gateway | 2024-11-21 | 5.9 Medium |
| The attacker could get access to the database. The SQL injection is in the username parameter at the login panel: username: admin'-- | ||||
| CVE-2022-23046 | 1 Phpipam | 1 Phpipam | 2024-11-21 | 7.2 High |
| PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php | ||||
| CVE-2022-22897 | 1 Apollotheme | 1 Ap Pagebuilder | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data. | ||||
| CVE-2022-22881 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | 9.8 Critical |
| Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData. | ||||
| CVE-2022-22880 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | 9.8 Critical |
| Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId. | ||||
| CVE-2022-22794 | 1 Cybonet | 1 Pineapp Mail Secure | 2024-11-21 | 6.8 Medium |
| Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker can send a request to: /manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /manage/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 and by doing that, the attacker can run Remote Code Execution in one liner. | ||||
| CVE-2022-22735 | 1 Sedlex | 1 Simple Quotation | 2024-11-21 | 8.8 High |
| The Simple Quotation WordPress plugin through 1.3.2 does not have authorisation (and CSRF) checks in various of its AJAX actions and is lacking escaping of user data when using it in SQL statements, allowing any authenticated users, such as subscriber to perform SQL injection attacks | ||||
| CVE-2022-22540 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | 7.5 High |
| SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database. Successful attacks could result in disclosure of a table of contents from the system, but no risk of modification possible. | ||||
| CVE-2022-22495 | 1 Ibm | 1 I | 2024-11-21 | 8.8 High |
| IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 226941. | ||||
| CVE-2022-22463 | 1 Ibm | 1 Security Verify Access | 2024-11-21 | 6.5 Medium |
| IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 225079. | ||||
| CVE-2022-22413 | 1 Ibm | 1 Robotic Process Automation | 2024-11-21 | 9.8 Critical |
| IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 223022. | ||||
| CVE-2022-22389 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2024-11-21 | 6.5 Medium |
| IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. IBM X-Force ID: 2219740. | ||||