CWE-89

CVE-2022-46966

February 23, 2023 by godfreyd94

Revenue Collection System v1.0 was discovered to contain a SQL injection vulnerability at step1.php.

CVE-2022-46999

February 23, 2023 by godfreyd94

Tuzicms v2.0.6 was discovered to contain a SQL injection vulnerability via the component AppManageControllerUserController.class.php.

Multiple SQL injection vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to execute arbitrary SQL commands via the conuser[] parameter in takeconfirm.php; the delcheater parameter in cheaterbox.php; or the usernw parameter in nowarn.php.

CVE-2022-46946

February 23, 2023 by godfreyd94

Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_brand.

CVE-2022-46947

February 23, 2023 by godfreyd94

Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category.

CVE-2022-46763

February 23, 2023 by godfreyd94

A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 allows a low-privileged database user to execute arbitrary SQL commands as the database administrator, resulting in execution of arbitrary code.