Search Results (364156 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-31393 1 Jizhicms 1 Jizhicms 2024-11-21 9.1 Critical
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php.
CVE-2022-31390 1 Jizhicms 1 Jizhicms 2024-11-21 9.1 Critical
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php.
CVE-2022-31386 1 Nbnbk Project 1 Nbnbk 2024-11-21 9.1 Critical
A Server-Side Request Forgery (SSRF) in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the URL parameter.
CVE-2022-31384 1 Phpgurukul 1 Directory Management System 2024-11-21 9.8 Critical
Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the fullname parameter in add-directory.php.
CVE-2022-31383 1 Phpgurukul 1 Directory Management System 2024-11-21 9.8 Critical
Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in view-directory.php.
CVE-2022-31382 1 Phpgurukul 1 Directory Management System 2024-11-21 9.8 Critical
Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter in search-dirctory.php.
CVE-2022-31374 1 Contec 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware 2024-11-21 9.8 Critical
An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file.
CVE-2022-31373 1 Contec 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware 2024-11-21 6.1 Medium
SolarView Compact v6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Solar_AiConf.php.
CVE-2022-31372 1 Wiris 1 Mathtype 2024-11-21 7.5 High
Wiris Mathtype v7.28.0 was discovered to contain a path traversal vulnerability in the resourceFile parameter. This vulnerability is exploited via a crafted request to the resource handler.
CVE-2022-31362 1 Docebo 1 Docebo 2024-11-21 8.8 High
Docebo Community Edition v4.0.5 and below was discovered to contain an arbitrary file upload vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2022-31361 1 Docebo 1 Docebo 2024-11-21 9.8 Critical
Docebo Community Edition v4.0.5 and below was discovered to contain a SQL injection vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2022-31357 1 Online Ordering System Project 1 Online Ordering System 2024-11-21 9.8 Critical
Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/inventory/index.php?view=edit&id=.
CVE-2022-31356 1 Online Ordering System Project 1 Online Ordering System 2024-11-21 9.8 Critical
Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/store/index.php?view=edit&id=.
CVE-2022-31355 1 Online Ordering System Project 1 Online Ordering System 2024-11-21 9.8 Critical
Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/index.php?q=category&search=.
CVE-2022-31340 1 Simple Inventory System Project 1 Simple Inventory System 2024-11-21 9.8 Critical
Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/table_edit_ajax.php.
CVE-2022-31339 1 Simple Inventory System Project 1 Simple Inventory System 2024-11-21 7.2 High
Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/login.php.
CVE-2022-31338 1 Online Ordering System Project 1 Online Ordering System 2024-11-21 9.8 Critical
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=edit&id=.
CVE-2022-31337 1 Online Ordering System Project 1 Online Ordering System 2024-11-21 9.8 Critical
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/category/index.php?view=edit&id=.
CVE-2022-31336 1 Online Ordering System Project 1 Online Ordering System 2024-11-21 9.8 Critical
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/loaddata.php.
CVE-2022-31335 1 Online Ordering System Project 1 Online Ordering System 2024-11-21 9.8 Critical
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/index.php?view=edit&id=.