Total
17403 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-24407 | 6 Cyrusimap, Debian, Fedoraproject and 3 more | 14 Cyrus-sasl, Debian Linux, Fedora and 11 more | 2024-11-21 | 8.8 High |
| In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. | ||||
| CVE-2022-24391 | 1 Fidelissecurity | 2 Deception, Network | 2024-11-21 | 8.8 High |
| Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level access. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. | ||||
| CVE-2022-24266 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 7.5 High |
| Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by parameter. | ||||
| CVE-2022-24265 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 7.5 High |
| Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menu_filter=3 parameter. | ||||
| CVE-2022-24264 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 7.5 High |
| Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the search_word parameter. | ||||
| CVE-2022-24263 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 9.8 Critical |
| Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter. | ||||
| CVE-2022-24260 | 1 Voipmonitor | 1 Voipmonitor | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level. | ||||
| CVE-2022-24240 | 1 Aceware | 1 Aceweb Online Portal | 2024-11-21 | 9.8 Critical |
| ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp. | ||||
| CVE-2022-24231 | 1 Simple Student Information System Project | 1 Simple Student Information System | 2024-11-21 | 9.8 Critical |
| Simple Student Information System v1.0 was discovered to contain a SQL injection vulnerability via add/Student. | ||||
| CVE-2022-24226 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 7.5 High |
| Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php. | ||||
| CVE-2022-24223 | 1 Thedigitalcraft | 1 Atomcms | 2024-11-21 | 9.8 Critical |
| AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php. | ||||
| CVE-2022-24222 | 1 Elitecms | 1 Elite Cms | 2024-11-21 | 9.8 Critical |
| eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_user.php. | ||||
| CVE-2022-24221 | 1 Elitecms | 1 Elite Cms | 2024-11-21 | 9.8 Critical |
| eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/functions/functions.php. | ||||
| CVE-2022-24220 | 1 Elitecms | 1 Elite Cms | 2024-11-21 | 9.8 Critical |
| eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_post.php. | ||||
| CVE-2022-24219 | 1 Elitecms | 1 Elite Cms | 2024-11-21 | 9.8 Critical |
| eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_page.php. | ||||
| CVE-2022-24206 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2024-11-21 | 9.8 Critical |
| Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in /mobile_seal/get_seal.php via the DEVICE_LIST parameter. | ||||
| CVE-2022-24124 | 1 Casbin | 1 Casdoor | 2024-11-21 | 7.5 High |
| The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations. | ||||
| CVE-2022-24121 | 2 Centos, Unifiedoffice | 2 Centos, Total Connect Now | 2024-11-21 | 7.5 High |
| SQL Injection vulnerability discovered in Unified Office Total Connect Now that would allow an attacker to extract sensitive information through a cookie parameter. | ||||
| CVE-2022-23986 | 1 Phpuploader Project | 1 Phpuploader | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in the phpUploader v1.2 and earlier allows a remote unauthenticated attacker to obtain the information in the database via unspecified vectors. | ||||
| CVE-2022-23972 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2024-11-21 | 8.8 High |
| ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database. | ||||