Search Results (36979 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-36669 1 Hospital Information System Project 1 Hospital Information System 2024-11-21 9.8 Critical
Hospital Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
CVE-2022-36642 1 Telosalliance 2 Omnia Mpx Node, Omnia Mpx Node Firmware 2024-11-21 9.8 Critical
A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.0.0-1.4.9 allows attackers to access users credentials which makes him able to gain initial access to the control panel with high privilege because the cleartext storage of sensitive information which can be unlatched by exploiting the LFD vulnerability.
CVE-2022-36636 1 Garage Management System Project 1 Garage Management System 2024-11-21 8.8 High
Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php.
CVE-2022-36635 1 Zkteco 1 Zkbiosecurity V5000 2024-11-21 8.8 High
ZKteco ZKBioSecurity V5000 4.1.3 was discovered to contain a SQL injection vulnerability via the component /baseOpLog.do.
CVE-2022-36634 1 Zkteco 1 Zkbiosecurity V5000 2024-11-21 8.8 High
An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows attackers to arbitrarily create admin users via a crafted HTTP request.
CVE-2022-36609 1 Oretnom23 1 Clinic\'s Patient Management System 2024-11-21 9.8 Critical
Clinic's Patient Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pms/update_patient.php.
CVE-2022-36606 1 Yimihome 1 Ywoa 2024-11-21 9.8 Critical
Ywoa before v6.1 was discovered to contain a SQL injection vulnerability via /oa/setup/checkPool?database.
CVE-2022-36605 1 Yimihome 1 Ywoa 2024-11-21 9.8 Critical
Yimioa v6.1 was discovered to contain a SQL injection vulnerability via the orderbyGET parameter.
CVE-2022-36599 1 Mingsoft 1 Mcms 2024-11-21 9.8 Critical
Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/model/delete URI via models Lists.
CVE-2022-36594 1 Mybatis 1 Mapper 2024-11-21 9.8 Critical
Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vulnerability via the ids parameter at the selectByIds function.
CVE-2022-36581 1 Online Ordering System Project 1 Online Ordering System 2024-11-21 7.5 High
Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via the user_email parameter at /admin/login.php.
CVE-2022-36578 1 Jizhicms 1 Jizhicms 2024-11-21 9.8 Critical
jizhicms v2.3.1 has SQL injection in the background.
CVE-2022-36529 1 Kensite Cms Project 1 Kensite Cms 2024-11-21 8.8 High
Kensite CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities via the name and oldname parameters at /framework/mod/db/DBMapper.xml.
CVE-2022-36322 1 Jetbrains 1 Teamcity 2024-11-21 5.4 Medium
In JetBrains TeamCity before 2022.04.2 build parameter injection was possible
CVE-2022-36276 1 Tcman 1 Gim 2024-11-21 9.9 Critical
TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this vulnerability might allow a remote attacker to directly interact with the database.
CVE-2022-36272 1 Mingsoft 1 Mcms 2024-11-21 9.8 Critical
Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter.
CVE-2022-36259 1 Inventorymanagementsystem Project 1 Inventorymanagementsystem 2024-11-21 7.5 High
A SQL injection vulnerability in ConnectionFactory.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "username", "password", etc.
CVE-2022-36258 1 Inventorymanagementsystem Project 1 Inventorymanagementsystem 2024-11-21 7.5 High
A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt".
CVE-2022-36257 1 Inventorymanagementsystem Project 1 Inventorymanagementsystem 2024-11-21 7.5 High
A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "users", "pass", etc.
CVE-2022-36256 1 Inventorymanagementsystem Project 1 Inventorymanagementsystem 2024-11-21 7.5 High
A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "productcode".