CVE-2022-38606

Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editcategory.php...

CVE-2022-38130

The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file i.e., \\sms,...

CVE-2022-38772

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature...

CVE-2022-38583

On versions of Sage 300 2017 - 2022 6.4.x - 6.9.x which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, a low-privileged Sage 300 workstation user could abuse their access to the "SharedData" folder on the connected Sage 300 server to view and/or modify the...

CVE-2022-38286

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list...

CVE-2022-38283

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/video/list...

CVE-2022-38054

In Apache Airflow versions 2.2.4 through 2.3.3, the database webserver session backend was susceptible to session fixation...

CVE-2022-23387

An issue was discovered in taocms 3.0.2. This is a SQL blind injection that can obtain database data through the Comment Update field...

CVE-2022-23694

Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information...

CVE-2022-23986

SQL injection vulnerability in the phpUploader v1.2 and earlier allows a remote unauthenticated attacker to obtain the information in the database via unspecified vectors...

CVE-2022-37111

BlueCMS 1.6 has SQL injection in line 132 of admin/article.php...

CVE-2022-37773

An authenticated SQL Injection vulnerability in the statistics page /statistics/retrieve of Maarch RM 2.8, via the filter parameter, allows the complete disclosure of all databases...

CVE-2022-37787

An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerability has been found on the plugin database execution page...

CVE-2022-31764

The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2. The premise of...

CVE-2022-31447

An XML external entity XXE injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file...

CVE-2022-31596

Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform Monitoring DB - version 430, can access BOE Monitoring database to retrieve and modify non-personal system data which wou...

CVE-2022-0817

The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users...

CVE-2022-0619

The Database Peek WordPress plugin through 1.2 does not sanitize and escape the match parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

CVE-2022-0411

The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the postid parameter before using it in a SQL statement via a REST route of the plugin accessible to any authenticated user, leading to a SQL injection...

CVE-2022-26283

Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the viewplan endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests...