Export limit exceeded: 19351 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19351 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-23873 | 1 Victor Cms Project | 1 Victor Cms | 2024-11-21 | 8.8 High |
| Victor CMS v1.0 was discovered to contain a SQL injection vulnerability that allows attackers to inject arbitrary commands via 'user_firstname' parameter. | ||||
| CVE-2022-23865 | 1 Wecul | 1 Nyron | 2024-11-21 | 9.8 Critical |
| Nyron 1.0 is affected by a SQL injection vulnerability through Nyron/Library/Catalog/winlibsrch.aspx. To exploit this vulnerability, an attacker must inject '"> on the thes1 parameter. | ||||
| CVE-2022-23857 | 1 Navidrome | 1 Navidrome | 2024-11-21 | 6.5 Medium |
| model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when processing crafted Smart Playlists. An authenticated user could abuse this to extract arbitrary data from the database, including the user table (which contains sensitive information such as the users' encrypted passwords). | ||||
| CVE-2022-23387 | 1 Taocms | 1 Taocms | 2024-11-21 | 7.5 High |
| An issue was discovered in taocms 3.0.2. This is a SQL blind injection that can obtain database data through the Comment Update field. | ||||
| CVE-2022-23380 | 1 Taogogo | 1 Taocms | 2024-11-21 | 8.8 High |
| There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit. | ||||
| CVE-2022-23379 | 1 Emlog | 1 Emlog | 2024-11-21 | 9.8 Critical |
| Emlog v6.0 was discovered to contain a SQL injection vulnerability via the $TagID parameter of getblogidsfromtagid(). | ||||
| CVE-2022-23366 | 1 Hms Project | 1 Hms | 2024-11-21 | 9.8 Critical |
| HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php. | ||||
| CVE-2022-23365 | 1 Hms Project | 1 Hms | 2024-11-21 | 9.8 Critical |
| HMS v1.0 was discovered to contain a SQL injection vulnerability via doctorlogin.php. | ||||
| CVE-2022-23364 | 1 Hms Project | 1 Hms | 2024-11-21 | 9.8 Critical |
| HMS v1.0 was discovered to contain a SQL injection vulnerability via adminlogin.php. | ||||
| CVE-2022-23363 | 1 Online Banking System Project | 1 Online Banking System | 2024-11-21 | 9.8 Critical |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via index.php. | ||||
| CVE-2022-23358 | 1 Easycms | 1 Easycms | 2024-11-21 | 9.8 Critical |
| EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In the background, search terms provided by the user were not sanitized and were used directly to construct a SQL statement. | ||||
| CVE-2022-23337 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 9.8 Critical |
| DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter. | ||||
| CVE-2022-23336 | 1 S-cms | 1 S-cms | 2024-11-21 | 9.8 Critical |
| S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter. | ||||
| CVE-2022-23335 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 9.8 Critical |
| Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in language_general.class.php via doModifyParameter. | ||||
| CVE-2022-23314 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 9.8 Critical |
| MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do. | ||||
| CVE-2022-23169 | 1 Amodat | 1 Mobile Application Gateway | 2024-11-21 | 5.9 Medium |
| attacker needs to craft a SQL payload. the vulnerable parameter is "agentid" must be authenticated to the admin panel. | ||||
| CVE-2022-23168 | 1 Amodat | 1 Mobile Application Gateway | 2024-11-21 | 5.9 Medium |
| The attacker could get access to the database. The SQL injection is in the username parameter at the login panel: username: admin'-- | ||||
| CVE-2022-23046 | 1 Phpipam | 1 Phpipam | 2024-11-21 | 7.2 High |
| PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php | ||||
| CVE-2022-22897 | 1 Apollotheme | 1 Ap Pagebuilder | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data. | ||||
| CVE-2022-22881 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | 9.8 Critical |
| Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData. | ||||