• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-89

CVE-2022-36258

February 23, 2023 by godfreyd94

A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as “searchTxt”.

CVE-2022-36259

February 23, 2023 by godfreyd94

A SQL injection vulnerability in ConnectionFactory.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as “username”, “password”, etc.

CVE-2022-36272

February 23, 2023 by godfreyd94

Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter.

CVE-2022-36161

February 23, 2023 by godfreyd94

Orange Station 1.0 was discovered to contain a SQL injection vulnerability via the username parameter.

CVE-2022-36030

February 23, 2023 by godfreyd94

Project-nexus is a general-purpose blog website framework. Affected versions are subject to SQL injection due to a lack of sensitization of user input. This issue has not yet been patched. Users are advised to restrict user input and to upgrade when a new release becomes available.

CVE-2022-35942

February 23, 2023 by godfreyd94

Improper input validation on the `contains` LoopBack filter may allow for arbitrary SQL injection. When the extended filter property `contains` is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of data stored on the connected database. A patch was released in version 5.5.1. This affects users who does any of the following: – Connect to the database via the DataSource with `allowExtendedProperties: true` setting OR – Uses the connector’s CRUD methods directly OR – Uses the connector’s other methods to interpret the LoopBack filter. Users who are unable to upgrade should do the following if applicable: – Remove `allowExtendedProperties: true` DataSource setting – Add `allowExtendedProperties: false` DataSource setting – When passing directly to the connector functions, manually sanitize the user input for the `contains` LoopBack filter beforehand.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 773
  • Go to page 774
  • Go to page 775
  • Go to page 776
  • Go to page 777
  • Interim pages omitted …
  • Go to page 956
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE