The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-30411 | Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/?page=individuals/view_individual&id=. | MEDIUM | May 13, 2022 | n/a |
| CVE-2022-30412 | Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/individuals/update_status.php?id=. | MEDIUM | May 13, 2022 | n/a |
| CVE-2022-30413 | Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=delete_application. | HIGH | May 13, 2022 | n/a |
| CVE-2022-30414 | Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/?page=applications/view_application&id=. | MEDIUM | May 13, 2022 | n/a |
| CVE-2022-30415 | Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/applications/update_status.php?id=. | MEDIUM | May 13, 2022 | n/a |
| CVE-2022-30417 | Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via ctpms/admin/?page=user/manage_user&id=. | MEDIUM | May 13, 2022 | n/a |
| CVE-2022-30421 | Improper Authentication vulnerability in Toshiba Storage Security Software V1.2.0.7413 is that allows for sensitive information to be obtained via(local) password authentication module. | -- | Jan 31, 2023 | n/a |
| CVE-2022-30422 | Proietti Tech srl Planet Time Enterprise 4.2.0.1,4.2.0.0,4.1.0.0,4.0.0.0,3.3.1.0,3.3.0.0 is vulnerable to Remote code execution via the Viewstate parameter. | HIGH | Jun 17, 2022 | n/a |
| CVE-2022-30423 | Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information. | HIGH | Jun 2, 2022 | n/a |
| CVE-2022-30425 | Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a command injection vulnerability via the pingAddr and traceAddr parameters. This vulnerability is exploited via a crafted POST request. | HIGH | Jun 2, 2022 | n/a |
| CVE-2022-30426 | There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow during UEFI DXE execution. This affects Altos T110 F3 firmware version <= P13 (latest) and AP130 F2 firmware version <= P04 (latest) and Aspire 1600X firmware version <= P11.A3L (latest) and Aspire 1602M firmware version <= P11.A3L (latest) and Aspire 7600U firmware version <= P11.A4 (latest) and Aspire MC605 firmware version <= P11.A4L (latest) and Aspire TC-105 firmware version <= P12.B0L (latest) and Aspire TC-120 firmware version <= P11-A4 (latest) and Aspire U5-620 firmware version <= P11.A1 (latest) and Aspire X1935 firmware version <= P11.A3L (latest) and Aspire X3475 firmware version <= P11.A3L (latest) and Aspire X3995 firmware version <= P11.A3L (latest) and Aspire XC100 firmware version <= P11.B3 (latest) and Aspire XC600 firmware version <= P11.A4 (latest) and Aspire Z3-615 firmware version <= P11.A2L (latest) and Veriton E430G firmware version <= P21.A1 (latest) and Veriton B630_49 firmware version <= AAP02SR (latest) and Veriton E430 firmware version <= P11.A4 (latest) and Veriton M2110G firmware version <= P21.A3 (latest) and Veriton M2120G fir. | -- | Sep 23, 2022 | n/a |
| CVE-2022-30427 | In ginadmin through 05-10-2022 the incoming path value is not filtered, resulting in directory traversal. | MEDIUM | May 25, 2022 | n/a |
| CVE-2022-30428 | In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading. | MEDIUM | May 25, 2022 | n/a |
| CVE-2022-30429 | Multiple cross-site scripting (XSS) vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title. The vulnerabilities were found in versions 3.3.29 and 8.0.1 and could also be present in all intermediate versions. | LOW | Jun 3, 2022 | n/a |
| CVE-2022-30448 | Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a File upload vulnerability in treatmentrecord.php. | HIGH | May 12, 2022 | n/a |
| CVE-2022-30449 | Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in room.php. | HIGH | May 12, 2022 | n/a |
| CVE-2022-30450 | A Remote Code Execution (RCE) vulnerability exists in waimairen 9.1 via wx.php | HIGH | May 12, 2022 | n/a |
| CVE-2022-30451 | An authenticated user could execute code via a SQLi vulnerability in waimairenCMS before version 9.1. | MEDIUM | May 12, 2022 | n/a |
| CVE-2022-30452 | ShopWind <= v3.4.2 has a Sql injection vulnerability in Database.php | MEDIUM | May 11, 2022 | n/a |
| CVE-2022-30453 | ShopWind <= 3.4.2 has a RCE vulnerability in Database.php | HIGH | May 11, 2022 | n/a |
| CVE-2022-30454 | Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product. | HIGH | May 28, 2022 | n/a |
| CVE-2022-30455 | Badminton Center Management System 1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_court_rental, id. | HIGH | May 28, 2022 | n/a |
| CVE-2022-30456 | Badminton Center Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /bcms/classes/Master.php?f=save_court_rental. | LOW | May 28, 2022 | n/a |
| CVE-2022-30457 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2022-30458 | Automotive Shop Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /asms/classes/Master.php?f=save_product, name. | LOW | May 28, 2022 | n/a |
| CVE-2022-30459 | ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to SQL Injection via /simple_chat_bot/classes/Master.php?f=delete_response, id. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-30460 | Simple Social Networking Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /sns/classes/Users.php?f=save, firstname. | LOW | May 28, 2022 | n/a |
| CVE-2022-30461 | Water-billing-management-system v1.0 is vulnerable to SQL Injection via /wbms/classes/Master.php?f=delete_client, id | HIGH | May 28, 2022 | n/a |
| CVE-2022-30462 | Water-billing-management-system v1.0 is affected by: Cross Site Scripting (XSS) via /wbms/classes/Users.php?f=save, firstname. | LOW | May 28, 2022 | n/a |
| CVE-2022-30463 | Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_product. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-30464 | ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Site Scripting (XSS) via /simple_chat_bot/classes/Master.php?f=save_response. | LOW | May 28, 2022 | n/a |
| CVE-2022-30466 | joyebike Joy ebike Wolf Manufacturing year 2022 is vulnerable to Authentication Bypass by Capture-replay. | LOW | Jun 8, 2022 | n/a |
| CVE-2022-30467 | Joy ebike Wolf Manufacturing year 2022 is vulnerable to Denial of service, which allows remote attackers to jam the key fob request via RF. | MEDIUM | Jun 29, 2022 | n/a |
| CVE-2022-30469 | In Afian Filerun 20220202, lack of sanitization of the POST parameter metadata[] in `/?module=fileman§ion=get&page=grid` leads to SQL injection. | MEDIUM | Jun 7, 2022 | n/a |
| CVE-2022-30470 | In Afian Filerun 20220202 Changing the search_tika_path variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user. | HIGH | Jun 2, 2022 | n/a |
| CVE-2022-30472 | Tenda AC Seris Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function fromAddressNat | HIGH | May 26, 2022 | n/a |
| CVE-2022-30473 | Tenda AC Series Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function form_fast_setting_wifi_set | MEDIUM | May 26, 2022 | n/a |
| CVE-2022-30474 | Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a heap overflow in the httpd module when handling /goform/saveParentControlInfo request. | HIGH | May 26, 2022 | n/a |
| CVE-2022-30475 | Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/WifiExtraSet request. | MEDIUM | May 26, 2022 | n/a |
| CVE-2022-30476 | Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetFirewallCfg request. | HIGH | May 26, 2022 | n/a |
| CVE-2022-30477 | Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetClientState request. | HIGH | May 26, 2022 | n/a |
| CVE-2022-30478 | Ecommerce-project-with-php-and-mysqli-Fruits-Bazar 1.0 is vulnerable to SQL Injection in \\search_product.php via the keyword parameters. | HIGH | Jun 2, 2022 | n/a |
| CVE-2022-30481 | Food-order-and-table-reservation-system- 1.0 is vulnerable to SQL Injection in categorywise-menu.php via the catid parameters. | HIGH | Jun 2, 2022 | n/a |
| CVE-2022-30482 | Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- 1.0 is vulnerable to Cross Site Scripting (XSS) in \\admin\\add_cata.php via the ctg_name parameters. | LOW | Jun 2, 2022 | n/a |
| CVE-2022-30489 | WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi. | MEDIUM | May 13, 2022 | n/a |
| CVE-2022-30490 | Badminton Center Management System V1.0 is vulnerable to SQL Injection via parameter \'id\' in /bcms/admin/court_rentals/update_status.php. | HIGH | Jun 2, 2022 | n/a |
| CVE-2022-30493 | In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin access(privilege escalation). | HIGH | May 26, 2022 | n/a |
| CVE-2022-30494 | In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs. | LOW | May 26, 2022 | n/a |
| CVE-2022-30495 | In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege escalation) | HIGH | May 26, 2022 | n/a |
| CVE-2022-30496 | SQL injection in Logon Page of IDCE MV\'s application, version 1.0, allows an attacker to inject SQL payloads in the user field, connecting to a database to access enterprise\'s private and sensitive information. | MEDIUM | Jun 2, 2022 | n/a |
