CVSS 9-10
| CVE ID | CVSS | Vendor | Exploit | Patch | Trends |
|---|---|---|---|---|---|
CVE-2022-28036AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_navigation.php | CVSS 9.8 | Thedigitalcraft | Exploit | - |  |
CVE-2022-28035Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_blur-save.php | CVSS 9.8 | Thedigitalcraft | Exploit | - |  |
CVE-2022-28034AtomCMS 2.0 is vulnerabie to SQL Injection via Atom.CMS_admin_ajax_list-sort.php | CVSS 9.8 | Thedigitalcraft | Exploit | - |  |
CVE-2022-28033Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_uploads.php | CVSS 9.8 | Thedigitalcraft | Exploit | - |  |
CVE-2022-28032AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_pages.php | CVSS 9.8 | Thedigitalcraft | Exploit | - |  |
CVE-2022-28030Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Master.php?f=delete_estate. | CVSS 9.8 | Simple real estate portal system project | Exploit | - |  |
CVE-2022-2803A vulnerability was found in SourceCodester Zoo Management System and classified as critical. This issue affects some unknown processing of the file /pages/animals.php. The manipulation of the argument class_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206249 was assigned to this vulnerability. | CVSS 9.8 | Phpgurukul | Exploit | - |  |
CVE-2022-28029Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Master.php?f=delete_type. | CVSS 9.8 | Simple real estate portal system project | Exploit | - |  |
CVE-2022-28028Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Master.php?f=delete_amenity. | CVSS 9.8 | Simple real estate portal system project | Exploit | - |  |
CVE-2022-28026Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=student_p&id=. | CVSS 9.8 | Student grading system project | Exploit | - |  |
CVE-2022-28025Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=school_year. | CVSS 9.8 | Student grading system project | Exploit | - |  |
CVE-2022-28024Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=grade. | CVSS 9.8 | Student grading system project | Exploit | - |  |
CVE-2022-28023Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_supplier. | CVSS 9.8 | Purchase order management system project | Exploit | - |  |
CVE-2022-28022Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_item. | CVSS 9.8 | Purchase order management system project | Exploit | - |  |
CVE-2022-28021Purchase Order Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /purchase_order/admin/?page=user. | CVSS 9.8 | Purchase order management system project | Exploit | - |  |
CVE-2022-2802A vulnerability has been found in SourceCodester Gas Agency Management System and classified as critical. This vulnerability affects unknown code of the file gasmark/login.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-206248. | CVSS 9.8 | Gas agency management system project | - | - |  |
CVE-2022-2801A vulnerability, which was classified as critical, was found in SourceCodester Automated Beer Parlour Billing System. This affects an unknown part of the component Login. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-206247. | CVSS 9.8 | Automated beer parlour billing system project | - | - |  |
CVE-2022-28005An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that uses backslash characters), leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\SYSTEM on Windows installations. NOTE: this issue exists because of an incomplete fix for CVE-2022-48482. | CVSS 9.8 | 3cx | - | Patched |  |
CVE-2022-28001Movie Seat Reservation v1 was discovered to contain a SQL injection vulnerability at /index.php?page=reserve via the id parameter. | CVSS 9.8 | Movie seat reservation project | Exploit | - |  |
CVE-2022-27985CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php. | CVSS 9.8 | Cuppacms | Exploit | - |  |
CVE-2022-27984CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php. | CVSS 9.8 | Cuppacms | Exploit | - |  |
CVE-2022-27982RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain a remote code execution (RCE) vulnerability via the fileName parameter at /guest_auth/cfg/upLoadCfg.php. | CVSS 9.8 | Ruijienetworks | - | - |  |
CVE-2022-2797A vulnerability classified as critical was found in SourceCodester Student Information System. Affected by this vulnerability is an unknown functionality of the file /admin/students/view_student.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-206245 was assigned to this vulnerability. | CVSS 9.8 | Student information system project | - | - |  |
CVE-2022-27962Bluecms 1.6 has a SQL injection vulnerability at cooike. | CVSS 9.8 | Bluecms project | Exploit | - |  |
CVE-2022-27952An arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attackers to execute arbitrary code via a crafted SVG file. | CVSS 9.8 | Payloadcms | Exploit | Patched |  |
CVE-2022-27927A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable course_code and/or customer_number parameter. | CVSS 9.8 | Microfinance management system project | Exploit | - |  |
CVE-2022-27919Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API. | CVSS 9.8 | Gradle | - | Patched |  |
CVE-2022-27889The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. A malicious attacker could perform an application-level denial of service attack, potentially causing authentication and/or authorization operations to fail for the duration of the attack. This could lead to performance degradation or login failures for customer Palantir Foundry environments. This vulnerability is resolved in Multipass 3.647.0. This issue affects: Palantir Foundry Multipass versions prior to 3.647.0. | CVSS 9.1 | Palantir | - | - |  |
CVE-2022-27862Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to upload and execute dangerous file types (e.g. PHP shell) via the signature upload on the booking form. | CVSS 9.8 | Vikwp | - | Patched |  |
CVE-2022-27858CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress.
| CVSS 9.8 | Activity log project | - | - |  |
CVE-2022-2782In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters. | CVSS 9.1 | Octopus | - | Patched |  |
CVE-2022-27818SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service. | CVSS 9.1 | Waycrate | - | Patched |  |
CVE-2022-27811GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename. | CVSS 9.8 | Gnome | Exploit | Patched |  |
CVE-2022-27805An authentication bypass vulnerability exists in the GHOME control functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted network request can lead to arbitrary XCMD execution. An attacker can send a malicious XML payload to trigger this vulnerability. | CVSS 9.8 | Goabode | - | - |  |
CVE-2022-27804An os command injection vulnerability exists in the web interface util_set_abode_code functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | CVSS 9.8 | Goabode | Exploit | - |  |
CVE-2022-2779A vulnerability classified as critical was found in SourceCodester Gas Agency Management System. Affected by this vulnerability is an unknown functionality of the file /gasmark/assets/myimages/oneWord.php. The manipulation of the argument shell leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206173 was assigned to this vulnerability. | CVSS 9.8 | Gas agency management system project | Exploit | - |  |
CVE-2022-2778In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes. | CVSS 9.8 | Octopus | - | Patched |  |
CVE-2022-27773A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges. | CVSS 9.8 | Ivanti | - | Patched |  |
CVE-2022-2774A vulnerability was found in SourceCodester Library Management System. It has been declared as critical. This vulnerability affects unknown code of the file librarian/student.php. The manipulation of the argument title leads to sql injection. The attack can be initiated remotely. VDB-206170 is the identifier assigned to this vulnerability. | CVSS 9.8 | Library management system project | - | - |  |
CVE-2022-2772A vulnerability was found in SourceCodester Apartment Visitor Management System and classified as critical. Affected by this issue is some unknown functionality of the file action-visitor.php. The manipulation of the argument editid/remark leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-206168. | CVSS 9.8 | Apartment visitors management system project | - | - |  |
CVE-2022-2771A vulnerability has been found in SourceCodester Simple Online Book Store System and classified as critical. Affected by this vulnerability is an unknown functionality of the file /obs/bookPerPub.php. The manipulation of the argument bookisbn leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-206167. | CVSS 9.8 | Simple online book store system project | - | - |  |
CVE-2022-2770A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Book Store System. Affected is an unknown function of the file /obs/book.php. The manipulation of the argument bookisbn leads to sql injection. It is possible to launch the attack remotely. VDB-206166 is the identifier assigned to this vulnerability. | CVSS 9.8 | Simple online book store system project | - | - |  |
CVE-2022-27668Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability. | CVSS 9.8 | Sap | Exploit | Patched |  |
CVE-2022-2766A vulnerability was found in SourceCodester Loan Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-206162 is the identifier assigned to this vulnerability. | CVSS 9.8 | Loan management system project | Exploit | - |  |
CVE-2022-2765A vulnerability was found in SourceCodester Company Website CMS 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard/settings. The manipulation leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206161 was assigned to this vulnerability. | CVSS 9.8 | Company website cms project | Exploit | - |  |
CVE-2022-27631A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 - Revision 48599. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. | CVSS 9.8 | Dd-wrt | Exploit | - |  |
CVE-2022-27625A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. | CVSS 9.8 | Synology | - | Patched |  |
CVE-2022-27624A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. | CVSS 9.8 | Synology | - | Patched |  |
CVE-2022-27623Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors. | CVSS 9.1 | Synology, et al | - | Patched |  |
CVE-2022-27612Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Audio Station before 6.5.4-3367 allows remote attackers to execute arbitrary commands via unspecified vectors. | CVSS 9.8 | Synology | - | Patched |  |
CVE-2022-27596A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QuTS hero, QTS: QuTS hero h5.0.1.2248 build 20221215 and later QTS 5.0.1.2234 build 20221201 and later | CVSS 9.8 | Qnap | - | Patched |  |
CVE-2022-27593An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later | CVSS 9.1 | Sophos, et al | Exploit | Patched |  |
CVE-2022-27588We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.6 build 20220401 and later | CVSS 9.8 | Qnap | - | Patched |  |
CVE-2022-27586Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version <2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.0.0 as soon as possible (available in SICK Support Portal). | CVSS 9.8 | Sick | - | Patched |  |
CVE-2022-27585Password recovery vulnerability in SICK SIM1000 FX Partnumber 1097816 and 1097817 with firmware version <1.6.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 1.6.0 as soon as possible (available in SICK Support Portal). | CVSS 9.8 | Sick | - | Patched |  |
CVE-2022-27584Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 and 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to a increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. Please make sure that you apply general security practices when operating the SIM2000ST. The following general security practices could mitigate the associated security risk. A fix is planned but not yet scheduled. | CVSS 9.8 | Sick | - | Patched |  |
CVE-2022-27583A remote unprivileged attacker can interact with the configuration interface of a Flexi-Compact FLX3-CPUC1 or FLX3-CPUC2 running an affected firmware version to potentially impact the availability of the FlexiCompact. | CVSS 9.1 | Sick | - | Patched |  |
CVE-2022-27582Password recovery vulnerability in SICK SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to a increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. Please make sure that you apply general security practices when operating the SIM4000. The following general security practices could mitigate the associated security risk. A fix is planned but not yet scheduled. | CVSS 9.8 | Sick | - | Patched |  |
CVE-2022-27577The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version. | CVSS 9.1 | Sick | - | Patched |  |
CVE-2022-27572Heap-based buffer overflow vulnerability in parser_ipma function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers. | CVSS 9.8 | - | Patched |  | |
CVE-2022-27571Heap-based buffer overflow vulnerability in sheifd_get_info_image function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | CVSS 9.8 | - | Patched |  | |
CVE-2022-27570Heap-based buffer overflow vulnerability in parser_single_iref function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | CVSS 9.8 | - | Patched |  | |
CVE-2022-2757Due to the lack of adequately implemented access-control rules, all versions Kingspan TMS300 CS are vulnerable to an attacker viewing and modifying the application settings without authenticating by accessing a specific uniform resource locator (URL) on the webserver. | CVSS 9.1 | Kingspan | - | - |  |
CVE-2022-27569Heap-based buffer overflow vulnerability in parser_infe function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | CVSS 9.8 | - | Patched |  | |
CVE-2022-27568Heap-based buffer overflow vulnerability in parser_iloc function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | CVSS 9.8 | - | Patched |  | |
CVE-2022-27567Null pointer dereference vulnerability in parser_hvcC function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attackers. | CVSS 9.8 | - | Patched |  | |
CVE-2022-2754The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not validate and escape some reservation parameters before using them in SQL statements, which could allow unauthenticated attackers to perform SQL Injection attacks | CVSS 9.8 | Ketchup restaurant reservations project | Exploit | - |  |
CVE-2022-27534Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies). | CVSS 9.8 | Kaspersky | - | - |  |
CVE-2022-27518Unauthenticated remote arbitrary code execution
| CVSS 9.8 | Citrix | Exploit | Patched |  |
CVE-2022-27516User login brute force protection functionality bypass
| CVSS 9.8 | Citrix | - | Patched |  |
CVE-2022-27513Remote desktop takeover via phishing
| CVSS 9.6 | Citrix | - | Patched |  |
CVE-2022-27510Unauthorized access to Gateway user capabilities
| CVSS 9.8 | Citrix | Exploit | Patched |  |
CVE-2022-2751A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Affected by this issue is some unknown functionality of the file /dashboard/add-portfolio.php. The manipulation of the argument ufile leads to unrestricted upload. The attack may be launched remotely. The identifier of this vulnerability is VDB-206024. | CVSS 9.8 | Company website cms project | - | - |  |
CVE-2022-2750A vulnerability, which was classified as critical, was found in SourceCodester Company Website CMS. Affected is an unknown function of the file /dashboard/add-service.php of the component Add Service Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. VDB-206022 is the identifier assigned to this vulnerability. | CVSS 9.8 | Company website cms project | - | - |  |
CVE-2022-27479Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue. | CVSS 9.8 | Apache | - | - |  |
CVE-2022-27477Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit. | CVSS 9.8 | Newbee-mall project | Exploit | - |  |
CVE-2022-27473SQL injection vulnerability in Topics Searching feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely. | CVSS 9.8 | Exploit | - |  | |
CVE-2022-27472SQL injection vulnerability in Topics Counting feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely. | CVSS 9.8 | Exploit | - |  | |
CVE-2022-2747A vulnerability was found in SourceCodester Simple Online Book Store and classified as critical. This issue affects some unknown processing of the file book.php. The manipulation of the argument book_isbn leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-206015. | CVSS 9.8 | Simple online book store system project | - | - |  |
CVE-2022-27469Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side Request Forgery (SSRF). | CVSS 9.8 | Monstaftp | Exploit | - |  |
CVE-2022-27468Monstaftp v2.10.3 was discovered to contain an arbitrary file upload which allows attackers to execute arbitrary code via a crafted file uploaded to the web server. | CVSS 9.8 | Monstaftp | Exploit | - |  |
CVE-2022-27466MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do. | CVSS 9.8 | Mingsoft | Exploit | - |  |
CVE-2022-2746A vulnerability has been found in SourceCodester Simple Online Book Store System and classified as critical. This vulnerability affects unknown code of the file Admin_ add.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. VDB-206014 is the identifier assigned to this vulnerability. | CVSS 9.8 | Simple online book store system project | - | - |  |
CVE-2022-2745A vulnerability, which was classified as critical, was found in SourceCodester Gym Management System. This affects an unknown part of the file /admin/add_trainers.php of the component Add New Trainer. The manipulation of the argument trainer_name leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-206013 was assigned to this vulnerability. | CVSS 9.8 | Gym management system project | - | - |  |
CVE-2022-2744A vulnerability, which was classified as critical, has been found in SourceCodester Gym Management System. Affected by this issue is some unknown functionality of the file /admin/add_exercises.php of the component Background Management. The manipulation of the argument exer_img leads to unrestricted upload. The attack may be launched remotely. The identifier of this vulnerability is VDB-206012. | CVSS 9.8 | Gym management system project | - | - |  |
CVE-2022-27434UNIT4 TETA Mobile Edition (ME) before 29.5.HF17 was discovered to contain a SQL injection vulnerability via the ProfileName parameter in the errorReporting page. | CVSS 9.8 | Unit4 | Exploit | Patched |  |
CVE-2022-27431Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php. | CVSS 9.8 | Wuzhicms | Exploit | - |  |
CVE-2022-27429Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html. | CVSS 9.8 | Jizhicms | Exploit | - |  |
CVE-2022-27423Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php. | CVSS 9.8 | Chamilo | - | Patched |  |
CVE-2022-27420Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php. | CVSS 9.8 | Hospital management system project | Exploit | - |  |
CVE-2022-27413Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php. | CVSS 9.8 | Hospital management system project | Exploit | - |  |
CVE-2022-27412Explore CMS v1.0 was discovered to contain a SQL injection vulnerability via a /page.php?id= request. | CVSS 9.8 | Exploreit | Exploit | Patched |  |
CVE-2022-27411TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter in the "Main" function. | CVSS 9.8 | Totolink | Exploit | - |  |
CVE-2022-27404FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face. | CVSS 9.8 | Fedoraproject, et al | Exploit | Patched |  |
CVE-2022-2740A vulnerability was found in SourceCodester Company Website CMS. It has been declared as critical. This vulnerability affects unknown code of the file /dashboard/add-blog.php of the component Add Blog. The manipulation of the argument ufile leads to unrestricted upload. The attack can be initiated remotely. VDB-205882 is the identifier assigned to this vulnerability. | CVSS 9.8 | Company website cms project | - | - |  |
CVE-2022-27360SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment. | CVSS 9.8 | Bladex | Exploit | - |  |
CVE-2022-2736A vulnerability was found in SourceCodester Company Website CMS. It has been classified as critical. This affects an unknown part of the file /dashboard/updatelogo.php of the component Background Upload Logo Icon. The manipulation of the argument xfile/ufile leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-205881 was assigned to this vulnerability. | CVSS 9.8 | Company website cms project | - | - |  |
CVE-2022-27357Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customer_register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | CVSS 9.8 | Ecommerce-website project | Exploit | - |  |
CVE-2022-27351Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /public_html/apply_vacancy. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | CVSS 9.8 | Phpgurukul | Exploit | - |  |
CVE-2022-27342Link-Admin v0.0.1 was discovered to contain a SQL injection vulnerability via DictRest.ResponseResult(). | CVSS 9.8 | Link-admin project | Exploit | - |  |