• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-89

CVE-2022-26348

February 23, 2023 by godfreyd94

Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded into the registry of the Windows Server to obtain sensitive information. This issue affects: Gallagher Command Centre 8.60 versions prior to 8.60.1652; 8.50 versions prior to 8.50.2245; 8.40 versions prior to 8.40.2216; 8.30 versions prior to 8.30.1470; version 8.20 and prior versions.

CVE-2022-26349

February 23, 2023 by godfreyd94

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_eccoefficientHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

CVE-2022-26201

February 23, 2023 by godfreyd94

Victor CMS v1.0 was discovered to contain a SQL injection vulnerability.

CVE-2022-26245

February 23, 2023 by godfreyd94

Falcon-plus v0.3 was discovered to contain a SQL injection vulnerability via the parameter grpName in /config/service/host.go.

CVE-2022-26266

February 23, 2023 by godfreyd94

Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php.

CVE-2022-26268

February 23, 2023 by godfreyd94

Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /app/controller/Books.php.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 891
  • Go to page 892
  • Go to page 893
  • Go to page 894
  • Go to page 895
  • Interim pages omitted …
  • Go to page 956
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE