Search Results (36978 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-31383 1 Phpgurukul 1 Directory Management System 2024-11-21 9.8 Critical
Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in view-directory.php.
CVE-2022-31382 1 Phpgurukul 1 Directory Management System 2024-11-21 9.8 Critical
Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter in search-dirctory.php.
CVE-2022-31361 1 Docebo 1 Docebo 2024-11-21 9.8 Critical
Docebo Community Edition v4.0.5 and below was discovered to contain a SQL injection vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2022-31357 1 Online Ordering System Project 1 Online Ordering System 2024-11-21 9.8 Critical
Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/inventory/index.php?view=edit&id=.
CVE-2022-31356 1 Online Ordering System Project 1 Online Ordering System 2024-11-21 9.8 Critical
Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/store/index.php?view=edit&id=.
CVE-2022-31355 1 Online Ordering System Project 1 Online Ordering System 2024-11-21 9.8 Critical
Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/index.php?q=category&search=.
CVE-2022-31340 1 Simple Inventory System Project 1 Simple Inventory System 2024-11-21 9.8 Critical
Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/table_edit_ajax.php.
CVE-2022-31339 1 Simple Inventory System Project 1 Simple Inventory System 2024-11-21 7.2 High
Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/login.php.
CVE-2022-31338 1 Online Ordering System Project 1 Online Ordering System 2024-11-21 9.8 Critical
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=edit&id=.
CVE-2022-31337 1 Online Ordering System Project 1 Online Ordering System 2024-11-21 9.8 Critical
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/category/index.php?view=edit&id=.
CVE-2022-31336 1 Online Ordering System Project 1 Online Ordering System 2024-11-21 9.8 Critical
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/loaddata.php.
CVE-2022-31335 1 Online Ordering System Project 1 Online Ordering System 2024-11-21 9.8 Critical
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/index.php?view=edit&id=.
CVE-2022-31329 1 Online Ordering System Project 1 Online Ordering System 2024-11-21 9.8 Critical
Online Ordering System By janobe 2.3.2 is vulnerable to SQL Injection via /ordering/admin/orders/loaddata.php.
CVE-2022-31328 1 Online Ordering System Project 1 Online Ordering System 2024-11-21 9.8 Critical
Online Ordering System By janobe 2.3.2 has SQL Injection via /ordering/admin/products/index.php?view=edit&id=.
CVE-2022-31327 1 Online Ordering System Project 1 Online Ordering System 2024-11-21 9.8 Critical
Online Ordering System By janobe 2.3.2 is vulneranle to SQL Injection via /ordering/index.php?q=products&id=.
CVE-2022-31325 1 Churchcrm 1 Churchcrm 2024-11-21 7.2 High
There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php.
CVE-2022-31296 1 Online Discussion Forum Project 1 Online Discussion Forum 2024-11-21 9.8 Critical
Online Discussion Forum Site 1 was discovered to contain a blind SQL injection vulnerability via the component /odfs/posts/view_post.php.
CVE-2022-31252 2 Opensuse, Suse 3 Leap, Leap Micro, Linux Enterprise Server 2024-11-21 4.4 Medium
A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225.
CVE-2022-31246 2 Electrum, Microsoft 2 Electrum, Windows 2024-11-21 5.5 Medium
paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request (e.g., within QR code data). On Windows, this can lead to capture of credentials over SMB. On Linux and UNIX, it can lead to a denial of service by specifying the /dev/zero filename.
CVE-2022-30959 1 Jenkins 1 Ssh 2024-11-21 6.5 Medium
A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.