Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31978 | 1 Online Fire Reporting System Project | 1 Online Fire Reporting System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_inquiry. | |||||
| CVE-2022-31977 | 1 Online Fire Reporting System Project | 1 Online Fire Reporting System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_team. | |||||
| CVE-2022-31957 | 1 Rescue Dispatch Management System Project | 1 Rescue Dispatch Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via rdms/admin/teams/view_team.php?id=. | |||||
| CVE-2022-31956 | 1 Rescue Dispatch Management System Project | 1 Rescue Dispatch Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incident_reports/manage_report.php?id=. | |||||
| CVE-2022-31328 | 1 Online Ordering System Project | 1 Online Ordering System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Ordering System By janobe 2.3.2 has SQL Injection via /ordering/admin/products/index.php?view=edit&id=. | |||||
| CVE-2022-31953 | 1 Rescue Dispatch Management System Project | 1 Rescue Dispatch Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incident_reports/view_report.php?id=. | |||||
| CVE-2022-31329 | 1 Online Ordering System Project | 1 Online Ordering System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Ordering System By janobe 2.3.2 is vulnerable to SQL Injection via /ordering/admin/orders/loaddata.php. | |||||
| CVE-2022-31336 | 1 Online Ordering System Project | 1 Online Ordering System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/loaddata.php. | |||||
| CVE-2022-31335 | 1 Online Ordering System Project | 1 Online Ordering System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/index.php?view=edit&id=. | |||||
| CVE-2022-31338 | 1 Online Ordering System Project | 1 Online Ordering System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=edit&id=. | |||||
| CVE-2022-31337 | 1 Online Ordering System Project | 1 Online Ordering System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/category/index.php?view=edit&id=. | |||||
| CVE-2022-31965 | 1 Rescue Dispatch Management System Project | 1 Rescue Dispatch Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/respondent_types/manage_respondent_type.php?id=. | |||||
| CVE-2022-31340 | 1 Simple Inventory System Project | 1 Simple Inventory System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/table_edit_ajax.php. | |||||
| CVE-2022-31964 | 1 Rescue Dispatch Management System Project | 1 Rescue Dispatch Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via rdms/admin/respondent_types/view_respondent_type.php?id=. | |||||
| CVE-2022-31962 | 1 Rescue Dispatch Management System Project | 1 Rescue Dispatch Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/view_incident.php?id=. | |||||
| CVE-2022-31961 | 1 Rescue Dispatch Management System Project | 1 Rescue Dispatch Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/manage_incident.php?id=. | |||||
| CVE-2022-31344 | 1 Online Car Wash Booking System Project | 1 Online Car Wash Booking System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_booking. | |||||
| CVE-2022-31343 | 1 Online Car Wash Booking System Project | 1 Online Car Wash Booking System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=bookings/view_details&id=. | |||||
| CVE-2022-31345 | 1 Online Car Wash Booking System Project | 1 Online Car Wash Booking System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=user/manage_user&id=. | |||||
| CVE-2022-31346 | 1 Online Car Wash Booking System Project | 1 Online Car Wash Booking System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_service. | |||||
| CVE-2022-31347 | 1 Online Car Wash Booking System Project | 1 Online Car Wash Booking System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_vehicle. | |||||
| CVE-2022-31348 | 1 Online Car Wash Booking System Project | 1 Online Car Wash Booking System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/bookings/update_status.php?id=. | |||||
| CVE-2022-31351 | 1 Online Car Wash Booking System Project | 1 Online Car Wash Booking System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via /ocwbs/admin/services/manage_price.php?id=. | |||||
| CVE-2022-31350 | 1 Online Car Wash Booking System Project | 1 Online Car Wash Booking System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/vehicles/manage_vehicle.php?id=. | |||||
| CVE-2022-31352 | 1 Online Car Wash Booking System Project | 1 Online Car Wash Booking System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 by oretnom23 has SQL injection in /ocwbs/admin/services/manage_service.php?id=. | |||||
| CVE-2022-31353 | 1 Online Car Wash Booking System Project | 1 Online Car Wash Booking System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/services/view_service.php?id=. | |||||
| CVE-2022-31354 | 1 Online Car Wash Booking System Project | 1 Online Car Wash Booking System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=get_vehicle_service. | |||||
| CVE-2022-31327 | 1 Online Ordering System Project | 1 Online Ordering System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Ordering System By janobe 2.3.2 is vulneranle to SQL Injection via /ordering/index.php?q=products&id=. | |||||
| CVE-2022-31969 | 1 Chatbot App With Suggestion Project | 1 Chatbot App With Suggestion | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=user/manage_user&id=. | |||||
| CVE-2022-30495 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege escalation) | |||||
| CVE-2022-30808 | 1 Elitecms | 1 Elite Cms | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php. | |||||
| CVE-2022-30809 | 1 Elitecms | 1 Elite Cms | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_page.php?page=. | |||||
| CVE-2022-30817 | 1 Simple Bus Ticket Booking System Project | 1 Simple Bus Ticket Booking System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Bus Ticket Booking System 1.0 is vulnerable to SQL Injection via /SimpleBusTicket/index.php. | |||||
| CVE-2022-30816 | 1 Elitecms | 1 Elite Cms | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_sidebar.php. | |||||
| CVE-2022-29730 | 1 Usr | 10 Usr-g800v2, Usr-g800v2 Firmware, Usr-g806 and 7 more | 2022-06-10 | 10.0 HIGH | 9.8 CRITICAL |
| USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentials for its highest privileged account. The credentials cannot be altered through normal operation of the device. | |||||
| CVE-2016-1000027 | 1 Vmware | 1 Spring Framework | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data. | |||||
| CVE-2022-30815 | 1 Elitecms | 1 Elite Cms | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| elitecms 1.01 is vulnerable to SQL Injection via admin/edit_sidebar.php?page=2&sidebar= | |||||
| CVE-2022-30814 | 1 Elitecms | 1 Elite Cms | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| elitecms v1.01 is vulnerable to SQL Injection via /admin/add_sidebar.php. | |||||
| CVE-2022-30813 | 1 Elitecms | 1 Elite Cms | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| elitecms 1.01 is vulnerable to SQL Injection via /admin/add_post.php. | |||||
| CVE-2022-30810 | 1 Elitecms | 1 Elite Cms | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| elitecms v1.01 is vulnerable to SQL Injection via admin/edit_post.php. | |||||
| CVE-2022-30423 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information. | |||||
| CVE-2022-30352 | 1 Phpabook Project | 1 Phpabook | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the "auth_user" parameter in index.php script. | |||||
| CVE-2022-30324 | 1 Hashicorp | 1 Nomad | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1. | |||||
| CVE-2022-29659 | 1 Responsive Online Blog Project | 1 Responsive Online Blog | 2022-06-09 | 7.5 HIGH | 9.8 CRITICAL |
| Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php. | |||||
| CVE-2022-29712 | 1 Librenms | 1 Librenms | 2022-06-09 | 7.5 HIGH | 9.8 CRITICAL |
| LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters. | |||||
| CVE-2022-1660 | 1 Keysight | 4 N6841a Rf, N6841a Rf Firmware, N6854a and 1 more | 2022-06-09 | 10.0 HIGH | 9.8 CRITICAL |
| The affected products are vulnerable of untrusted data due to deserialization without prior authorization/authentication, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2022-29155 | 1 Openldap | 1 Openldap | 2022-06-09 | 7.5 HIGH | 9.8 CRITICAL |
| In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping. | |||||
| CVE-2022-28346 | 2 Debian, Djangoproject | 2 Debian Linux, Django | 2022-06-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. | |||||
| CVE-2021-34079 | 1 Docker-tester Project | 1 Docker-tester | 2022-06-09 | 10.0 HIGH | 9.8 CRITICAL |
| OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the 'ports' entry of a crafted docker-compose.yml file. | |||||
| CVE-2021-34080 | 1 Ssl-utils Project | 1 Ssl-utils | 2022-06-09 | 10.0 HIGH | 9.8 CRITICAL |
| OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.js allows attackers to execute arbitrary commands via unsanitized shell metacharacters provided to the createCertRequest() and the createCert() functions. | |||||