Total
18439 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-25811 | 1 Transposh | 1 Transposh Wordpress Translation | 2024-11-21 | 7.2 High |
| The Transposh WordPress Translation WordPress plugin through 1.0.8 does not sanitise and escape the order and orderby parameters before using them in a SQL statement, leading to a SQL injection | ||||
| CVE-2022-25517 | 1 Baomidou | 1 Mybatis-plus | 2024-11-21 | 9.8 Critical |
| MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerability via the Column parameter in /core/conditions/AbstractWrapper.java. NOTE: the vendor's position is that the reported execution of a SQL statement was intended behavior. | ||||
| CVE-2022-25506 | 1 Freetakserver-ui Project | 1 Freetakserver-ui | 2024-11-21 | 6.5 Medium |
| FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser. | ||||
| CVE-2022-25505 | 1 Taogogo | 1 Taocms | 2024-11-21 | 9.8 Critical |
| Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php. | ||||
| CVE-2022-25494 | 1 Online Banking System Project | 1 Online Banking System | 2024-11-21 | 9.8 Critical |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via staff_login.php. | ||||
| CVE-2022-25492 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 9.8 Critical |
| HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php. | ||||
| CVE-2022-25491 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 7.5 High |
| HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appointment.php. | ||||
| CVE-2022-25490 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 9.8 Critical |
| HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php. | ||||
| CVE-2022-25488 | 1 Thedigitalcraft | 1 Atomcms | 2024-11-21 | 9.8 Critical |
| Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php. | ||||
| CVE-2022-25406 | 1 Tongda2000 | 1 Tongda2000 | 2024-11-21 | 9.8 Critical |
| Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete_query.php via the DELETE_STR parameter. | ||||
| CVE-2022-25405 | 1 Tongda2000 | 1 Tongda2000 | 2024-11-21 | 9.8 Critical |
| Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in change_box.php via the DELETE_STR parameter. | ||||
| CVE-2022-25404 | 1 Tongda2000 | 1 Tongda2000 | 2024-11-21 | 9.8 Critical |
| Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete.php via the DELETE_STR parameter. | ||||
| CVE-2022-25403 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 9.8 Critical |
| HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php. | ||||
| CVE-2022-25399 | 1 Simple Real Estate Portal System Project | 1 Simple Real Estate Portal System | 2024-11-21 | 9.8 Critical |
| Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter. | ||||
| CVE-2022-25398 | 1 Auto Spare Parts Management Project | 1 Auto Spare Parts Management | 2024-11-21 | 9.8 Critical |
| Auto Spare Parts Management v1.0 was discovered to contain a SQL injection vulnerability via the user parameter. | ||||
| CVE-2022-25396 | 1 Cosmetics And Beauty Product Online Store Project | 1 Cosmetics And Beauty Product Online Store | 2024-11-21 | 9.8 Critical |
| Cosmetics and Beauty Product Online Store v1.0 was discovered to contain a SQL injection vulnerability via the search parameter. | ||||
| CVE-2022-25394 | 1 Medical Store Management System Project | 1 Medical Store Management System | 2024-11-21 | 9.8 Critical |
| Medical Store Management System v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter under customer-add.php. | ||||
| CVE-2022-25393 | 1 Simple Bakery Shop Management Project | 1 Simple Bakery Shop Management | 2024-11-21 | 7.5 High |
| Simple Bakery Shop Management v1.0 was discovered to contain a SQL injection vulnerability via the username parameter. | ||||
| CVE-2022-25322 | 1 Zerof | 1 Web Server | 2024-11-21 | 9.8 Critical |
| ZEROF Web Server 2.0 allows /HandleEvent SQL Injection. | ||||
| CVE-2022-25228 | 1 Auieo | 1 Candidats | 2024-11-21 | 6.5 Medium |
| CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=settings&a=show' via the 'userID' parameter, in '/index.php?m=candidates&a=show' via the 'candidateID', in '/index.php?m=joborders&a=show' via the 'jobOrderID' and '/index.php?m=companies&a=show' via the 'companyID' parameter | ||||