Search Results (36994 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-42073 1 Online Diagnostic Lab Management System Project 1 Online Diagnostic Lab Management System 2024-11-21 7.2 High
Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editclient.php?id=.
CVE-2022-41574 1 Gradle 1 Enterprise 2024-11-21 7.5 High
An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal endpoint. This is fixed in 2022.3.2.
CVE-2022-41515 1 Open Source Sacco Management System Project 1 Open Source Sacco Management System 2024-11-21 7.2 High
Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_payment.
CVE-2022-41514 1 Open Source Sacco Management System Project 1 Open Source Sacco Management System 2024-11-21 7.2 High
Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_loan.
CVE-2022-41513 1 Online Diagnostic Lab Management System Project 1 Online Diagnostic Lab Management System 2024-11-21 7.2 High
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /diagnostic/edittest.php.
CVE-2022-41378 1 Online Pet Shop We App Project 1 Online Pet Shop We App 2024-11-21 7.2 High
Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=inventory/manage_inventory.
CVE-2022-41377 1 Online Pet Shop We App Project 1 Online Pet Shop We App 2024-11-21 7.2 High
Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=maintenance/manage_category.
CVE-2022-41355 1 Online Leave Management System Project 1 Online Leave Management System 2024-11-21 7.2 High
Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /leave_system/classes/Master.php?f=delete_department.
CVE-2022-40835 1 Codeigniter 1 Codeigniter 2024-11-21 9.8 Critical
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php. Note: Multiple third parties have disputed this as not a valid vulnerability
CVE-2022-40834 1 Codeigniter 1 Codeigniter 2024-11-21 9.8 Critical
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_not_like() function. Note: Multiple third parties have disputed this as not a valid vulnerability.
CVE-2022-40833 1 Codeigniter 1 Codeigniter 2024-11-21 9.8 Critical
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_in() function. Note: Multiple third parties have disputed this as not a valid vulnerability.
CVE-2022-40832 1 Codeigniter 1 Codeigniter 2024-11-21 9.8 Critical
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php having() function. Note: Multiple third parties have disputed this as not a valid vulnerability.
CVE-2022-40831 1 Codeigniter 1 Codeigniter 2024-11-21 9.8 Critical
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php like() function. Note: Multiple third parties have disputed this as not a valid vulnerability.
CVE-2022-40830 1 Codeigniter 1 Codeigniter 2024-11-21 9.8 Critical
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where_not_in() function. Note: Multiple third parties have disputed this as not a valid vulnerability.
CVE-2022-40829 1 Codeigniter 1 Codeigniter 2024-11-21 9.8 Critical
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_like() function. Note: Multiple third parties have disputed this as not a valid vulnerability.
CVE-2022-40826 2 Bcit-ci, Codeigniter 2 Codeigniter, Codeigniter 2024-11-21 9.8 Critical
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_having() function. Note: Multiple third parties have disputed this as not a valid vulnerability.
CVE-2022-40825 1 Codeigniter 1 Codeigniter 2024-11-21 9.8 Critical
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where_in() function. Note: Multiple third parties have disputed this as not a valid vulnerability.
CVE-2022-40824 2 Bcit-ci, Codeigniter 2 Codeigniter, Codeigniter 2024-11-21 9.8 Critical
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where() function. Note: Multiple third parties have disputed this as not a valid vulnerability.
CVE-2022-40766 1 Moderncampus 1 Omni Cms 2024-11-21 9.8 Critical
Modern Campus Omni CMS (formerly OU Campus) 10.2.4 allows login-page SQL injection via a '" OR 1 = 1 -- - , <?php' substring.
CVE-2022-40682 1 Fortinet 1 Forticlient 2024-11-21 7.1 High
A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe.