• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-89

CVE-2022-2718

February 23, 2023 by godfreyd94

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter on the joomsport-page-extrafields page in versions up to, and including, 5.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrative privileges, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVE-2022-2722

February 23, 2023 by godfreyd94

A vulnerability was found in SourceCodester Simple Student Information System and classified as critical. This issue affects some unknown processing of the file manage_course.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205835.

CVE-2022-2723

February 23, 2023 by godfreyd94

A vulnerability was found in SourceCodester Employee Management System. It has been classified as critical. Affected is an unknown function of the file /process/eprocess.php. The manipulation of the argument mailuid/pwd leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205836.

CVE-2022-27104

February 23, 2023 by godfreyd94

An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3.

CVE-2022-27123

February 23, 2023 by godfreyd94

Employee Performance Evaluation v1.0 was discovered to contain a SQL injection vulnerability via the email parameter.

CVE-2022-27124

February 23, 2023 by godfreyd94

Insurance Management System 1.0 was discovered to contain a SQL injection vulnerability via the username parameter.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 881
  • Go to page 882
  • Go to page 883
  • Go to page 884
  • Go to page 885
  • Interim pages omitted …
  • Go to page 956
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE