Search Results (36993 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-38637 1 Hospital Management System Project 1 Hospital Management System 2024-11-21 9.8 Critical
Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters on the Login page.
CVE-2022-38618 1 Bpcbt 1 Smartvista 2024-11-21 8.8 High
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/country_group.jsf.
CVE-2022-38617 1 Bpcbt 1 Smartvista 2024-11-21 8.8 High
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the voiceAudit:j_id97 parameter at /SVFE2/pages/audit/voiceaudit.jsf.
CVE-2022-38616 1 Bpcbt 1 Smartvista Front-end 2024-11-21 8.8 High
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /feegroups/tgrt_group.jsf.
CVE-2022-38615 1 Bpcbt 1 Smartvista Front-end 2024-11-21 8.8 High
SmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL injection vulnerabilities via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/service_group.jsf.
CVE-2022-38610 1 Garage Management System Project 1 Garage Management System 2024-11-21 7.2 High
Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editclient.php.
CVE-2022-38606 1 Garage Management System Project 1 Garage Management System 2024-11-21 7.2 High
Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editcategory.php.
CVE-2022-38605 1 Church Management System Project 1 Church Management System 2024-11-21 7.2 High
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_event.php.
CVE-2022-38595 1 Church Management System Project 1 Church Management System 2024-11-21 7.2 High
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_user.php.
CVE-2022-38594 1 Church Management System Project 1 Church Management System 2024-11-21 7.2 High
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_visitor.php.
CVE-2022-38542 1 Archerydms 1 Archery 2024-11-21 9.8 Critical
Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the kill_session interface. The project has released an update, please upgrade to v1.9.0 and above.
CVE-2022-38541 1 Archerydms 1 Archery 2024-11-21 9.8 Critical
Archery v1.8.3 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_time and stop_time parameters in the my2sql interface.
CVE-2022-38540 1 Archerydms 1 Archery 2024-11-21 9.8 Critical
Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the create_kill_session interface.
CVE-2022-38539 1 Archerydms 1 Archery 2024-11-21 9.8 Critical
Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where parameter at /archive/apply.
CVE-2022-38538 1 Archerydms 1 Archery 2024-11-21 9.8 Critical
Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum parameter in the report module.
CVE-2022-38537 1 Archerydms 1 Archery 2024-11-21 9.8 Critical
Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_file, end_file, start_time, and stop_time parameters in the binlog2sql interface.
CVE-2022-38370 1 Apache 1 Iotdb 2024-11-21 7.5 High
Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue.
CVE-2022-38367 1 Netic 1 User Export For Jira 2024-11-21 5.3 Medium
The Netic User Export add-on before 2.0.6 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all users from Jira by making an HTTP request to the affected endpoint.
CVE-2022-38304 1 Online Leave Management System Project 1 Online Leave Management System 2024-11-21 7.2 High
Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /maintenance/manage_leave_type.php.
CVE-2022-38303 1 Online Leave Management System Project 1 Online Leave Management System 2024-11-21 7.2 High
Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /employees/manage_leave_type.php.