Export limit exceeded: 18909 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18909 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-48590 | 1 Sciencelogic | 1 Sl1 | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | ||||
| CVE-2022-48589 | 1 Sciencelogic | 1 Sl1 | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability exists in the “reporting job editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | ||||
| CVE-2022-48588 | 1 Sciencelogic | 1 Sl1 | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability exists in the “schedule editor decoupled” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | ||||
| CVE-2022-48587 | 1 Sciencelogic | 1 Sl1 | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability exists in the “schedule editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | ||||
| CVE-2022-48586 | 1 Sciencelogic | 1 Sl1 | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability exists in the “json walker” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | ||||
| CVE-2022-48585 | 1 Sciencelogic | 1 Sl1 | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability exists in the “admin brand portal” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | ||||
| CVE-2022-47614 | 1 Inspireui | 1 Mstore Api | 2024-11-21 | 7.5 High |
| Unauth. SQL Injection (SQLi) vulnerability in InspireUI MStore API plugin <= 3.9.7 versions. | ||||
| CVE-2022-47586 | 1 Themefic | 1 Ultimate Addons For Contact Form 7 | 2024-11-21 | 8.2 High |
| Unauth. SQL Injection (SQLi) vulnerability in Themefic Ultimate Addons for Contact Form 7 plugin <= 3.1.23 versions. | ||||
| CVE-2022-47532 | 1 Filerun | 1 Filerun | 2024-11-21 | 9.8 Critical |
| FileRun 20220519 allows SQL Injection via the "dir" parameter in a /?module=users§ion=cpanel&page=list request. | ||||
| CVE-2022-46966 | 1 Revenue Collection System Project | 1 Revenue Collection System | 2024-11-21 | 9.8 Critical |
| Revenue Collection System v1.0 was discovered to contain a SQL injection vulnerability at step1.php. | ||||
| CVE-2022-44117 | 1 Boa | 1 Boa | 2024-11-21 | 9.8 Critical |
| Boa 0.94.14rc21 is vulnerable to SQL Injection via username. NOTE: the is disputed by multiple third parties because Boa does not ship with any support for SQL. | ||||
| CVE-2022-43457 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 8.8 High |
| SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | ||||
| CVE-2022-43318 | 1 Oretnom23 | 1 Human Resource Management System | 2024-11-21 | 8.8 High |
| Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the stateedit parameter at /hrm/state.php. | ||||
| CVE-2022-43279 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 7.2 High |
| LimeSurvey before v5.0.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php. | ||||
| CVE-2022-43262 | 1 Oretnom23 | 1 Human Resource Management System | 2024-11-21 | 9.8 Critical |
| Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /hrm/controller/login.php. | ||||
| CVE-2022-42304 | 1 Veritas | 1 Netbackup | 2024-11-21 | 8 High |
| An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code. | ||||
| CVE-2022-42303 | 1 Veritas | 1 Netbackup | 2024-11-21 | 8 High |
| An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by leveraging CVE-2022-42302. | ||||
| CVE-2022-42302 | 1 Veritas | 1 Netbackup | 2024-11-21 | 9 Critical |
| An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service. | ||||
| CVE-2022-42250 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2024-11-21 | 7.2 High |
| Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/inquiries/view_details.php?id=. | ||||
| CVE-2022-42249 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2024-11-21 | 7.2 High |
| Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/view_storage.php?id=. | ||||