• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-89

CVE-2022-3925

February 23, 2023 by godfreyd94

The buddybadges WordPress plugin through 1.0.0 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users

CVE-2022-3915

February 23, 2023 by godfreyd94

The Dokan WordPress plugin before 3.7.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users

CVE-2022-39179

February 23, 2023 by godfreyd94

College Management System v1.0 – Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious code via student.php file.

CVE-2022-39180

February 23, 2023 by godfreyd94

College Management System v1.0 – SQL Injection (SQLi). By inserting SQL commands to the username and password fields in the login.php page.

CVE-2022-39041

February 23, 2023 by godfreyd94

aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database.

CVE-2022-39056

February 23, 2023 by godfreyd94

RAVA certificate validation system has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify and delete database.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 741
  • Go to page 742
  • Go to page 743
  • Go to page 744
  • Go to page 745
  • Interim pages omitted …
  • Go to page 956
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE