Total
17403 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-23911 | 1 Accesspressthemes | 1 Ap Custom Testimonial | 2024-11-21 | 7.2 High |
| The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not validate and escape the id parameter before using it in a SQL statement when retrieving a testimonial to edit, leading to a SQL Injection | ||||
| CVE-2022-23902 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2024-11-21 | 9.8 Critical |
| Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in export_data.php via the d_name parameter. | ||||
| CVE-2022-23899 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 9.8 Critical |
| MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java. | ||||
| CVE-2022-23898 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 9.8 Critical |
| MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml. | ||||
| CVE-2022-23882 | 1 Tuzicms | 1 Tuzicms | 2024-11-21 | 9.8 Critical |
| TuziCMS 2.0.6 is affected by SQL injection in \App\Manage\Controller\BannerController.class.php. | ||||
| CVE-2022-23873 | 1 Victor Cms Project | 1 Victor Cms | 2024-11-21 | 8.8 High |
| Victor CMS v1.0 was discovered to contain a SQL injection vulnerability that allows attackers to inject arbitrary commands via 'user_firstname' parameter. | ||||
| CVE-2022-23865 | 1 Wecul | 1 Nyron | 2024-11-21 | 9.8 Critical |
| Nyron 1.0 is affected by a SQL injection vulnerability through Nyron/Library/Catalog/winlibsrch.aspx. To exploit this vulnerability, an attacker must inject '"> on the thes1 parameter. | ||||
| CVE-2022-23857 | 1 Navidrome | 1 Navidrome | 2024-11-21 | 6.5 Medium |
| model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when processing crafted Smart Playlists. An authenticated user could abuse this to extract arbitrary data from the database, including the user table (which contains sensitive information such as the users' encrypted passwords). | ||||
| CVE-2022-23797 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection. | ||||
| CVE-2022-23387 | 1 Taocms | 1 Taocms | 2024-11-21 | 7.5 High |
| An issue was discovered in taocms 3.0.2. This is a SQL blind injection that can obtain database data through the Comment Update field. | ||||
| CVE-2022-23380 | 1 Taogogo | 1 Taocms | 2024-11-21 | 8.8 High |
| There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit. | ||||
| CVE-2022-23379 | 1 Emlog | 1 Emlog | 2024-11-21 | 9.8 Critical |
| Emlog v6.0 was discovered to contain a SQL injection vulnerability via the $TagID parameter of getblogidsfromtagid(). | ||||
| CVE-2022-23366 | 1 Hms Project | 1 Hms | 2024-11-21 | 9.8 Critical |
| HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php. | ||||
| CVE-2022-23365 | 1 Hms Project | 1 Hms | 2024-11-21 | 9.8 Critical |
| HMS v1.0 was discovered to contain a SQL injection vulnerability via doctorlogin.php. | ||||
| CVE-2022-23364 | 1 Hms Project | 1 Hms | 2024-11-21 | 9.8 Critical |
| HMS v1.0 was discovered to contain a SQL injection vulnerability via adminlogin.php. | ||||
| CVE-2022-23363 | 1 Online Banking System Project | 1 Online Banking System | 2024-11-21 | 9.8 Critical |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via index.php. | ||||
| CVE-2022-23358 | 1 Easycms | 1 Easycms | 2024-11-21 | 9.8 Critical |
| EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In the background, search terms provided by the user were not sanitized and were used directly to construct a SQL statement. | ||||
| CVE-2022-23337 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 9.8 Critical |
| DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter. | ||||
| CVE-2022-23336 | 1 S-cms | 1 S-cms | 2024-11-21 | 9.8 Critical |
| S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter. | ||||
| CVE-2022-23335 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 9.8 Critical |
| Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in language_general.class.php via doModifyParameter. | ||||