Total
17777 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31343 | 1 Online Car Wash Booking System Project | 1 Online Car Wash Booking System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=bookings/view_details&id=. | |||||
| CVE-2022-31340 | 1 Simple Inventory System Project | 1 Simple Inventory System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/table_edit_ajax.php. | |||||
| CVE-2022-31339 | 1 Simple Inventory System Project | 1 Simple Inventory System | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/login.php. | |||||
| CVE-2022-31338 | 1 Online Ordering System Project | 1 Online Ordering System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=edit&id=. | |||||
| CVE-2022-31337 | 1 Online Ordering System Project | 1 Online Ordering System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/category/index.php?view=edit&id=. | |||||
| CVE-2022-31336 | 1 Online Ordering System Project | 1 Online Ordering System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/loaddata.php. | |||||
| CVE-2022-31335 | 1 Online Ordering System Project | 1 Online Ordering System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/index.php?view=edit&id=. | |||||
| CVE-2022-31329 | 1 Online Ordering System Project | 1 Online Ordering System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Ordering System By janobe 2.3.2 is vulnerable to SQL Injection via /ordering/admin/orders/loaddata.php. | |||||
| CVE-2022-31328 | 1 Online Ordering System Project | 1 Online Ordering System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Ordering System By janobe 2.3.2 has SQL Injection via /ordering/admin/products/index.php?view=edit&id=. | |||||
| CVE-2022-31327 | 1 Online Ordering System Project | 1 Online Ordering System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Ordering System By janobe 2.3.2 is vulneranle to SQL Injection via /ordering/index.php?q=products&id=. | |||||
| CVE-2022-31325 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php. | |||||
| CVE-2022-31296 | 1 Online Discussion Forum Project | 1 Online Discussion Forum | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Discussion Forum Site 1 was discovered to contain a blind SQL injection vulnerability via the component /odfs/posts/view_post.php. | |||||
| CVE-2022-31181 | 1 Prestashop | 1 Prestashop | 2024-11-21 | N/A | 9.8 CRITICAL |
| PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users unable to upgrade may delete the MySQL Smarty cache feature. | |||||
| CVE-2022-31101 | 1 Prestashop | 1 Blockwishlist | 2024-11-21 | 6.5 MEDIUM | 8.1 HIGH |
| prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-31092 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 6.8 MEDIUM | 7.5 HIGH |
| Pimcore is an Open Source Data & Experience Management Platform. Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results based on one or more columns which should be quoted by default. The actual issue is that quoting is not done properly in both cases, so there's the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the listing classes. This issue has been resolved in version 10.4.4. Users are advised to upgrade or to apple the patch manually. There are no known workarounds for this issue. | |||||
| CVE-2022-31082 | 1 Glpi-project | 1 Glpi Inventory | 2024-11-21 | 7.5 HIGH | 5.8 MEDIUM |
| GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. glpi-inventory-plugin is a plugin for GLPI to handle inventory management. In affected versions a SQL injection can be made using package deployment tasks. This issue has been resolved in version 1.0.2. Users are advised to upgrade. Users unable to upgrade should delete the `front/deploypackage.public.php` file if they are not using the `deploy tasks` feature. | |||||
| CVE-2022-31061 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. | |||||
| CVE-2022-31058 | 1 Enalean | 1 Tuleap | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.95 Tuleap does not sanitize properly user inputs when constructing the SQL query to retrieve data for the tracker reports. An attacker with the capability to create a new tracker can execute arbitrary SQL queries. Users are advised to upgrade. There is no known workaround for this issue. | |||||
| CVE-2022-31056 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms (Ticket/Change/Problem) permit sql injection on the actor fields. This issue has been resolved in version 10.0.2 and all affected users are advised to upgrade. | |||||
| CVE-2022-30998 | 1 Homepage Product Organizer For Woocommerce Project | 1 Homepage Product Organizer For Woocommerce | 2024-11-21 | N/A | 9.1 CRITICAL |
| Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in WooPlugins.co's Homepage Product Organizer for WooCommerce plugin <= 1.1 at WordPress. | |||||