Skip to main content
CVE-2022-30525 CRITICAL POC KEV THREAT Emergency

A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Zyxel Usg Flex 100W Firmware Usg Flex 200 Firmware Usg Flex 500 Firmware +13
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.9%
CVE-2022-29363 CRITICAL POC Act Now

Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP Phpok
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-30001 CRITICAL POC Act Now

Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editAgent.php?agent_id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Insurance Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-30000 CRITICAL POC Act Now

Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editPayment.php?recipt_no=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Insurance Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29999 CRITICAL POC Act Now

Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editClient.php?client_id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Insurance Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29998 CRITICAL POC Act Now

Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/clientStatus.php?client_id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Insurance Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29746 CRITICAL POC Act Now

Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/classes/Users.php?f=delete. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Money Transfer Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29745 CRITICAL POC Act Now

Money Transfer Management System 1.0 is vulnerable to SQL Injection via \mtms\classes\Master.php?f=delete_transaction. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Money Transfer Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29741 CRITICAL POC Act Now

Money Transfer Management System 1.0 is vulnerable to SQL Injection via \mtms\classes\Master.php?f=delete_fee. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Money Transfer Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29739 CRITICAL POC Act Now

Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=user/manage_user&id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Money Transfer Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29738 CRITICAL POC Act Now

Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=transaction/send&id=, id. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Money Transfer Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29307 CRITICAL POC THREAT Act Now

IonizeCMS v1.0.8.1 was discovered to contain a command injection vulnerability via the function copy_lang_content in application/models/lang_model.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Code Injection Command Injection Ionize
NVD GitHub
CVSS 3.1
9.8
EPSS
17.8%
CVE-2022-29306 CRITICAL POC Act Now

IonizeCMS v1.0.8.1 was discovered to contain a SQL injection vulnerability via the id_page parameter in application/models/article_model.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ionize
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29303 CRITICAL POC KEV THREAT Act Now

SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Sv Cpt Mc310 Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
98.0%
CVE-2022-29995 CRITICAL POC Act Now

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=clients/manage_client&id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Sports Complex Booking System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29994 CRITICAL POC Act Now

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=facilities/manage_facility&id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Sports Complex Booking System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29993 CRITICAL POC Act Now

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/bookings/view_booking.php?id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Sports Complex Booking System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29992 CRITICAL POC Act Now

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/categories/manage_category.php?id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Sports Complex Booking System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29990 CRITICAL POC Act Now

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/categories/view_category.php?id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Sports Complex Booking System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29989 CRITICAL POC Act Now

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_booking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Sports Complex Booking System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29988 CRITICAL POC Act Now

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Sports Complex Booking System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29987 CRITICAL POC Act Now

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=user/manage_user&id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Sports Complex Booking System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29986 CRITICAL POC Act Now

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_facility. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Sports Complex Booking System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29985 CRITICAL POC Act Now

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_category. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Sports Complex Booking System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29984 CRITICAL POC Act Now

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=client/view_client&id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Client Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-29983 CRITICAL POC Act Now

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/view_invoice&id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Client Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-29982 CRITICAL POC Act Now

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/maintenance/manage_service.php?id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Client Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-29981 CRITICAL POC Act Now

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Users.php?f=delete. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Client Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-29980 CRITICAL POC Act Now

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=user/manage_user&id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Client Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-29979 CRITICAL POC Act Now

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_designation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Client Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-29751 CRITICAL POC Act Now

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_client. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Client Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-29750 CRITICAL POC Act Now

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Client Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-29749 CRITICAL POC Act Now

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_invoice. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Client Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-29748 CRITICAL POC Act Now

Simple Client Management System 1.0 is vulnerable to SQL Injection via \cms\admin?page=client/manage_client&id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Client Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-29747 CRITICAL POC Act Now

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/manage_invoice&id= // Leak place ---> id. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Client Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-1650 CRITICAL POC PATCH Act Now

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Eventsource Debian Linux
NVD GitHub
CVSS 3.1
9.3
EPSS
1.8%
CVE-2022-23166 CRITICAL Act Now

Sysaid - Sysaid Local File Inclusion (LFI) - An unauthenticated attacker can access to the system by accessing to "/lib/tinymce/examples/index.html" path. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Sysaid
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-22796 CRITICAL Act Now

Sysaid - Sysaid System Takeover - An attacker can bypass the authentication process by accessing to: /wmiwizard.jsp, Then to: /ConcurrentLogin.jsp, then click on the login button, and it will. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sysaid
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-22413 CRITICAL Act Now

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM SQLi Robotic Process Automation
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-29539 CRITICAL Act Now

resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Gemini Net
NVD
CVSS 3.1
9.8
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy