CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2022-31990 Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/classes/Master.php?f=delete_product. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31989 Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=user/manage_user&id=. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-32002 Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/manage_court.php?id=. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28660 The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. Versions 1.2.1, 1.3.1, and 1.4.0 contain the bugfix. This ... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31978 Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_inquiry. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31977 Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_team. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31976 Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_request. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31969 ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=user/manage_user&id=. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31965 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/respondent_types/manage_respondent_type.php?id=. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31964 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via rdms/admin/respondent_types/view_respondent_type.php?id=. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31962 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/view_incident.php?id=. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31961 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/manage_incident.php?id=. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28531 Sourcecodester Covid-19 Directory on Vaccination System1.0 is vulnerable to SQL Injection via the admin/login.php txtusername (aka Username) field. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28995 Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31959 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/teams/manage_team.php?id=. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31957 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via rdms/admin/teams/view_team.php?id=. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31956 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incident_reports/manage_report.php?id=. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31953 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incident_reports/view_report.php?id=. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31952 Rescue Dispatch Management System v1.0 is vulnerable to SQL injection via /rdms/classes/Master.php?f=delete_incident. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31948 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_report. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31946 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_team. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-22972 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may b... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28618 A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could a... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31799 Bottle before 0.12.20 mishandles errors during early request binding. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31951 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_respondent_type. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31340 Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/table_edit_ajax.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31338 Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=edit&id=. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31336 Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/loaddata.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31335 Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/index.php?view=edit&id=. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31329 Online Ordering System By janobe 2.3.2 is vulnerable to SQL Injection via /ordering/admin/orders/loaddata.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31328 Online Ordering System By janobe 2.3.2 has SQL Injection via /ordering/admin/products/index.php?view=edit&id=. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31327 Online Ordering System By janobe 2.3.2 is vulneranle to SQL Injection via /ordering/index.php?q=products&id=. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-23799 An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-1775 Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30817 Simple Bus Ticket Booking System 1.0 is vulnerable to SQL Injection via /SimpleBusTicket/index.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30808 elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30797 Online Ordering System 1.0 by oretnom23 is vulnerable to SQL Injection via admin/vieworders.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30521 The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions. The function created a... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30512 School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/payment_history.php:31. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30511 School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/view_details.php:4. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30510 School Dormitory Management System 1.0 is vulnerable to SQL Injection via reports/daily_collection_report.php:59. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30490 Badminton Center Management System V1.0 is vulnerable to SQL Injection via parameter 'id' in /bcms/admin/court_rentals/update_status.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30481 Food-order-and-table-reservation-system- 1.0 is vulnerable to SQL Injection in categorywise-menu.php via the catid parameters. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30478 Ecommerce-project-with-php-and-mysqli-Fruits-Bazar 1.0 is vulnerable to SQL Injection in \search_product.php via the keyword parameters. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30470 In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-1813 OS Command Injection in GitHub repository yogeshojha/rengine prior to 1.2.0. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30423 Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31259 The route lookup process in beego before 1.12.9 and 2.x before 2.0.3 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in va... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31267 Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext 'attacker@example.com\n\trole = "#admin... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30352 phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the "auth_user" parameter in index.php script. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.