Search Results (36960 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-30393 1 Merchandise Online Store Project 1 Merchandise Online Store 2024-11-21 7.2 High
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=product/manage_product&id=.
CVE-2022-30392 1 Merchandise Online Store Project 1 Merchandise Online Store 2024-11-21 9.8 Critical
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_sub_category.
CVE-2022-30391 1 Merchandise Online Store Project 1 Merchandise Online Store 2024-11-21 9.8 Critical
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_category.
CVE-2022-30387 1 Merchandise Online Store Project 1 Merchandise Online Store 2024-11-21 9.8 Critical
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=pay_order.
CVE-2022-30386 1 Merchandise Online Store Project 1 Merchandise Online Store 2024-11-21 9.8 Critical
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_featured.
CVE-2022-30385 1 Merchandise Online Store Project 1 Merchandise Online Store 2024-11-21 9.8 Critical
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_order.
CVE-2022-30384 1 Merchandise Online Store Project 1 Merchandise Online Store 2024-11-21 9.8 Critical
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_inventory.
CVE-2022-30379 1 Simple Social Networking Site Project 1 Simple Social Networking Site 2024-11-21 7.2 High
Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/?page=user/manage_user&id=.
CVE-2022-30378 1 Simple Social Networking Site Project 1 Simple Social Networking Site 2024-11-21 7.2 High
Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/?page=posts/view_post&id=.
CVE-2022-30376 1 Simple Social Networking Site Project 1 Simple Social Networking Site 2024-11-21 7.2 High
Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/members/view_member.php?id=.
CVE-2022-30374 1 Air Cargo Management System Project 1 Air Cargo Management System 2024-11-21 7.2 High
Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/?page=transactions/manage_transaction&id=.
CVE-2022-30373 1 Air Cargo Management System Project 1 Air Cargo Management System 2024-11-21 7.2 High
Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/cargo_types/manage_cargo_type.php?id=.
CVE-2022-30372 1 Air Cargo Management System Project 1 Air Cargo Management System 2024-11-21 7.2 High
Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo.
CVE-2022-30371 1 Air Cargo Management System Project 1 Air Cargo Management System 2024-11-21 7.2 High
Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/cargo_types/view_cargo_type.php?id=.
CVE-2022-30370 1 Air Cargo Management System Project 1 Air Cargo Management System 2024-11-21 9.8 Critical
Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo_type.
CVE-2022-30352 1 Phpabook Project 1 Phpabook 2024-11-21 9.8 Critical
phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the "auth_user" parameter in index.php script.
CVE-2022-30335 1 Wealth 1 Bonanza Wealth Management System 2024-11-21 9.8 Critical
Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component.
CVE-2022-30311 1 Festo 16 Controller Cecc-x-m1, Controller Cecc-x-m1-mv, Controller Cecc-x-m1-mv-s1 and 13 more 2024-11-21 9.8 Critical
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
CVE-2022-30310 1 Festo 16 Controller Cecc-x-m1, Controller Cecc-x-m1-mv, Controller Cecc-x-m1-mv-s1 and 13 more 2024-11-21 9.8 Critical
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
CVE-2022-30309 1 Festo 16 Controller Cecc-x-m1, Controller Cecc-x-m1-mv, Controller Cecc-x-m1-mv-s1 and 13 more 2024-11-21 9.8 Critical
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.