Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2022-0573: JFrog Security Advisories - JFrog

JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient validation of a user-provided serialized object.

CVE
#sql#vulnerability#rce#oauth#auth
CVE-2022-1182

The Visual Slide Box Builder WordPress plugin through 3.2.9 does not sanitise and escape various parameters before using them in SQL statements via some of its AJAX actions available to any authenticated users (such as subscriber), leading to SQL Injections

CVE-2022-30777: H-Sphere

Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter.

HighCMS/HighPortal 12.x SQL Injection

HighCMS/HighPortal version 12.x appears to suffer from a remote SQL injection vulnerability.

CVE-2022-30012: GitHub - kabirkhyrul/hms at 1.0

In the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities in multiple parameters, and database information can be obtained through injection.

CVE-2022-28930: SQL injection vulnerability exists in ERP-Pro system · Issue #I515R4 · Skyeye云系列/erp-pro - Gitee.com

ERP-Pro v3.7.5 was discovered to contain a SQL injection vulnerability via the component /base/SysEveMenuAuthPointMapper.xml..

CVE-2022-28930: SQL injection vulnerability exists in ERP-Pro system · Issue #I515R4 · Skyeye云系列/erp-pro - Gitee.com

ERP-Pro v3.7.5 was discovered to contain a SQL injection vulnerability via the component /base/SysEveMenuAuthPointMapper.xml..

CVE-2022-28929: vulnerabilitys/HMS at main · cyberhomeless/vulnerabilitys

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php.