Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2022-43127: Cve_report/SQLi-4.md at master · vickysuper/Cve_report

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /appointments/update_status.php.

CVE
Open in Source
#sql#vulnerability#windows#php#auth#firefox
CVE-2022-43124: Cve_report/SQLi-2.md at master · vickysuper/Cve_report

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user.

CVE-2022-43126: Cve_report/SQLi-1.md at master · vickysuper/Cve_report

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/tests/manage_test.php.

Gentoo Linux Security Advisory 202210-40

Gentoo Linux Security Advisory 202210-40 - Multiple vulnerabilities have been found in SQLite, the worst of which could result in arbitrary code execution. Versions less than 3.39.2 are affected.

CVE-2022-43355: bug_report/SQLi-3.md at main · daytime888/bug_report

Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_service.

CVE-2022-43354: bug_report/SQLi-2.md at main · daytime888/bug_report

Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/manage_request.

CVE-2022-43353: bug_report/SQLi-1.md at main · daytime888/bug_report

Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order.

CVE-2022-3059: SQL injection in Schoolbox version 21.0.2, by Schoolbox Pty Ltd.

The application was vulnerable to multiple instances of SQL injection (authenticated and unauthenticated) through a vulnerable parameter. Due to the stacked query support, complex SQL commands could be crafted and injected into the vulnerable parameter and using a sleep based inferential SQL injection it was possible to extract data from the database.

CVE-2022-42925: Multiple vulnerabilities in Forma LMS

There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could lead to a remote code injection.

CVE-2022-3254

The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection