Search Results (36952 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-27134 1 B1 1 Eosio Batdappboomx 2024-11-21 7.5 High
EOSIO batdappboomx v327c04cf has an Access-control vulnerability in the `transfer` function of the smart contract which allows remote attackers to win the cryptocurrency without paying ticket fee via the `std::string memo` parameter.
CVE-2022-27127 1 Zbzcms 1 Zbzcms 2024-11-21 6.5 Medium
zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php/ajax.php.
CVE-2022-27126 1 Zbzcms 1 Zbzcms 2024-11-21 9.8 Critical
zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the art parameter at /include/make.php.
CVE-2022-27123 1 Employee Performance Evaluation Project 1 Employee Performance Evaluation 2024-11-21 9.8 Critical
Employee Performance Evaluation v1.0 was discovered to contain a SQL injection vulnerability via the email parameter.
CVE-2022-27104 1 Formalms 1 Formalms 2024-11-21 9.8 Critical
An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3.
CVE-2022-27055 1 Ecjia 1 Daojia 2024-11-21 7.5 High
ecjia-daojia 1.38.1-20210202629 is vulnerable to information leakage via content/apps/installer/classes/Helper.php. When the web program is installed, a new environment file is created, and the database information is recorded, including the database record password. NOTE: the vendor disputes this because the environment file is in the data directory, which is not intended for access by website visitors (only the statics directory can be accessed by website visitors)
CVE-2022-27041 1 Os4ed 1 Opensis 2024-11-21 7.5 High
Due to lack of protection, parameter student_id in OpenSIS Classic 8.0 /modules/eligibility/Student.php can be used to inject SQL queries to extract information from databases.
CVE-2022-26986 1 Impresscms 1 Impresscms 2024-11-21 7.2 High
SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database used by the application. If misconfigured, an attacker can even upload a malicious web shell to compromise the entire system.
CVE-2022-26959 1 Globalnorthstar 1 Northstar Club Management 2024-11-21 10 Critical
There are two full (read/write) Blind/Time-based SQL injection vulnerabilities in the Northstar Club Management version 6.3 application. The vulnerabilities exist in the userName parameter of the processlogin.jsp page in the /northstar/Portal/ directory and the userID parameter of the login.jsp page in the /northstar/iphone/ directory. Exploitation of the SQL injection vulnerabilities allows full access to the database which contains critical data for organization’s that make full use of the software suite.
CVE-2022-26942 1 Motorola 5 Mtm5000 Series Firmware, Mtm5400, Mtm5400 Firmware and 2 more 2024-11-21 8.2 High
The Motorola MTM5000 series firmwares lack pointer validation on arguments passed to trusted execution environment (TEE) modules. Two modules are used, one responsible for KVL key management and the other for TETRA cryptographic functionality. In both modules, an adversary with non-secure supervisor level code execution can exploit the issue in order to gain secure supervisor code execution within the TEE. This constitutes a full break of the TEE module, exposing the device key as well as any TETRA cryptographic keys and the confidential TETRA cryptographic primitives.
CVE-2022-26676 1 Aenrich 1 A\+hrd 2024-11-21 9.8 Critical
aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service.
CVE-2022-26669 1 Asus 1 Control Center 2024-11-21 8.8 High
ASUS Control Center is vulnerable to SQL injection. An authenticated remote attacker with general user privilege can inject SQL command to specific API parameters to acquire database schema or access data.
CVE-2022-26668 1 Asus 1 Control Center 2024-11-21 7.3 High
ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service.
CVE-2022-26651 2 Debian, Digium 3 Debian Linux, Asterisk, Certified Asterisk 2024-11-21 9.8 Critical
An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14.
CVE-2022-26633 1 Simple Student Quarterly Result\/grade System Project 1 Simple Student Quarterly Result\/grade System 2024-11-21 9.8 Critical
Simple Student Quarterly Result/Grade System v1.0 was discovered to contain a SQL injection vulnerability via /sqgs/Actions.php.
CVE-2022-26632 1 Multi-vendor Online Groceries Management System Project 1 Multi-vendor Online Groceries Management System 2024-11-21 9.8 Critical
Multi-Vendor Online Groceries Management System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /products/view_product.php.
CVE-2022-26631 1 Automatic Question Paper Generator Project 1 Automatic Question Paper Generator 2024-11-21 9.8 Critical
Automatic Question Paper Generator v1.0 contains a Time-Based Blind SQL injection vulnerability via the id GET parameter.
CVE-2022-26629 3 Linux, Microsoft, Splus 3 Linux Kernel, Windows, Soroushplus 2024-11-21 9.1 Critical
An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.30 in the Lock Screen Security Feature function due to insufficient permissions and privileges, which allows a malicious attacker bypass the lock screen function.
CVE-2022-26628 1 Matrimony Project 1 Matrimony 2024-11-21 9.8 Critical
Matrimony v1.0 was discovered to contain a SQL injection vulnerability via the Password parameter.
CVE-2022-26613 1 Php-cms Project 1 Php-cms 2024-11-21 9.8 Critical
PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability via the category parameter in categorymenu.php.