CWE-707
222 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-707page 3 of 5
- CVE-2022-3967MEDIUMCVSS 5.3EG 7.82022-11-13
A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is an unknown function of the file func/main.sh of the component sed Handler. The manipulation leads to argument injection. An attack has to be a…
- CVE-2022-3968LOWCVSS 3.5EG 6.12022-11-13
A vulnerability has been found in emlog and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/article_save.php. The manipulation of the argument tag leads to cross site scripting. The a…
- CVE-2022-3971MEDIUMCVSS 4.6EG 4.62022-11-13
A vulnerability was found in matrix-appservice-irc up to 0.35.1. It has been declared as critical. This vulnerability affects unknown code of the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to…
- CVE-2022-3972HIGHCVSS 7.3EG 9.82022-11-13
A vulnerability was found in Pingkon HMS-PHP. It has been rated as critical. This issue affects some unknown processing of the file admin/adminlogin.php. The manipulation of the argument uname/pass leads to sql injection. The attack may be…
- CVE-2022-3973HIGHCVSS 7.3EG 9.82022-11-13
A vulnerability classified as critical has been found in Pingkon HMS-PHP. Affected is an unknown function of the file /admin/admin.php of the component Data Pump Metadata. The manipulation of the argument uname/pass leads to sql injection.…
- CVE-2022-3975LOWCVSS 3.5EG 3.52022-11-13
A vulnerability, which was classified as problematic, has been found in NukeViet CMS. Affected by this issue is the function filterAttr of the file vendor/vinades/nukeviet/Core/Request.php of the component Data URL Handler. The manipulatio…
- CVE-2022-3988LOWCVSS 3.5EG 6.12022-11-14
A vulnerability was found in Frappe. It has been rated as problematic. Affected by this issue is some unknown functionality of the file frappe/templates/includes/navbar/navbar_search.html of the component Search. The manipulation of the ar…
- CVE-2022-3992LOWCVSS 2.4EG 6.12022-11-14
A vulnerability classified as problematic was found in SourceCodester Sanitization Management System. Affected by this vulnerability is an unknown functionality of the file admin/?page=system_info of the component Banner Image Handler. The…
- CVE-2022-3997MEDIUMCVSS 6.3EG 6.12022-11-15
A vulnerability, which was classified as critical, has been found in MonikaBrzica scm. Affected by this issue is some unknown functionality of the file upis_u_bazu.php. The manipulation of the argument email/lozinka/ime/id leads to sql inj…
- CVE-2022-3998MEDIUMCVSS 6.3EG 9.82022-11-15
A vulnerability, which was classified as critical, was found in MonikaBrzica scm. This affects an unknown part of the file uredi_korisnika.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the atta…
- CVE-2022-4011MEDIUMCVSS 6.5EG 9.82022-11-16
A vulnerability was found in Simple History Plugin. It has been rated as critical. This issue affects some unknown processing of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutra…
- CVE-2022-4012MEDIUMCVSS 6.3EG 9.82022-11-16
A vulnerability classified as critical has been found in Hospital Management Center. Affected is an unknown function of the file patient-info.php. The manipulation of the argument pt_id leads to sql injection. It is possible to launch the …
- CVE-2022-4015MEDIUMCVSS 4.7EG 9.82022-11-16
A vulnerability, which was classified as critical, was found in Sports Club Management System 119. This affects an unknown part of the file admin/make_payments.php. The manipulation of the argument m_id/plan leads to sql injection. It is p…
- CVE-2022-4051MEDIUMCVSS 6.3EG 9.82022-11-17
A vulnerability has been found in Hostel Searching Project and classified as critical. This vulnerability affects unknown code of the file view-property.php. The manipulation of the argument property_id leads to sql injection. The attack c…
- CVE-2022-4052MEDIUMCVSS 4.7EG 7.22022-11-17
A vulnerability was found in Student Attendance Management System and classified as critical. This issue affects some unknown processing of the file /Admin/createClass.php. The manipulation of the argument Id leads to sql injection. The at…
- CVE-2022-4053LOWCVSS 2.4EG 4.82022-11-17
A vulnerability was found in Student Attendance Management System. It has been classified as problematic. Affected is an unknown function of the file createClass.php. The manipulation of the argument className leads to cross site scripting…
- CVE-2022-4064LOWCVSS 3.7EG 3.72022-11-19
A vulnerability was found in Dalli up to 3.2.2. It has been classified as problematic. Affected is the function self.meta_set of the file lib/dalli/protocol/meta/request_formatter.rb of the component Meta Protocol Handler. The manipulation…
- CVE-2022-4088HIGHCVSS 7.3EG 9.82022-11-24
A vulnerability was found in rickxy Stock Management System and classified as critical. Affected by this issue is some unknown functionality of the file /pages/processlogin.php. The manipulation of the argument user/password leads to sql i…
- CVE-2022-4089MEDIUMCVSS 4.3EG 5.42022-11-24
A vulnerability was found in rickxy Stock Management System. It has been declared as problematic. This vulnerability affects unknown code of the file /pages/processlogin.php. The manipulation of the argument user leads to cross site script…
- CVE-2022-4091LOWCVSS 3.5EG 6.12022-11-25
A vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function query of the file food.php. The manipulation of the argument product_name leads to cross site scripting…
- CVE-2022-4222MEDIUMCVSS 5.0EG 9.82022-11-30
A vulnerability was found in SourceCodester Canteen Management System. It has been rated as critical. This issue affects the function query of the file ajax_invoice.php of the component POST Request Handler. The manipulation of the argumen…
- CVE-2022-4233LOWCVSS 2.4EG 6.12022-11-30
A vulnerability has been found in SourceCodester Event Registration System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /event/admin/?page=user/list. The manipulation of the argu…
- CVE-2022-4234LOWCVSS 3.5EG 6.12022-11-30
A vulnerability was found in SourceCodester Canteen Management System. It has been rated as problematic. This issue affects the function builtin_echo of the file youthappam/brand.php. The manipulation of the argument brand_name leads to cr…
- CVE-2022-4247MEDIUMCVSS 6.3EG 9.82022-12-01
A vulnerability classified as critical was found in Movie Ticket Booking System. This vulnerability affects unknown code of the file booking.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remot…
- CVE-2022-4248MEDIUMCVSS 5.0EG 9.82022-12-01
A vulnerability, which was classified as critical, has been found in Movie Ticket Booking System. This issue affects some unknown processing of the file editBooking.php. The manipulation of the argument id leads to sql injection. The attac…
- CVE-2022-4249LOWCVSS 3.5EG 6.12022-12-01
A vulnerability, which was classified as problematic, was found in Movie Ticket Booking System. Affected is an unknown function of the component POST Request Handler. The manipulation of the argument ORDER_ID leads to cross site scripting.…
- CVE-2022-4250LOWCVSS 3.5EG 6.12022-12-01
A vulnerability has been found in Movie Ticket Booking System and classified as problematic. Affected by this vulnerability is an unknown functionality of the file booking.php. The manipulation of the argument id leads to cross site script…
- CVE-2022-4251LOWCVSS 2.4EG 5.42022-12-01
A vulnerability was found in Movie Ticket Booking System and classified as problematic. Affected by this issue is some unknown functionality of the file editBooking.php. The manipulation leads to cross site scripting. The attack may be lau…
- CVE-2022-4252LOWCVSS 3.5EG 6.12022-12-01
A vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function builtin_echo of the file categories.php. The manipulation leads to cross site scripting. It is possible…
- CVE-2022-4253LOWCVSS 3.5EG 5.42022-12-01
A vulnerability was found in SourceCodester Canteen Management System. It has been declared as problematic. This vulnerability affects the function builtin_echo of the file customer.php. The manipulation leads to cross site scripting. The …
- CVE-2022-4257MEDIUMCVSS 6.3EG 9.82022-12-01
A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument ho…
- CVE-2022-4274MEDIUMCVSS 6.3EG 9.82022-12-03
A vulnerability, which was classified as critical, was found in House Rental System. Affected is an unknown function of the file /view-property.php. The manipulation of the argument property_id leads to sql injection. It is possible to lau…
- CVE-2022-4275MEDIUMCVSS 6.3EG 9.82022-12-03
A vulnerability has been found in House Rental System and classified as critical. Affected by this vulnerability is an unknown functionality of the file search-property.php of the component POST Request Handler. The manipulation of the arg…
- CVE-2022-4277MEDIUMCVSS 6.3EG 9.82022-12-03
A vulnerability was found in Shaoxing Background Management System. It has been declared as critical. This vulnerability affects unknown code of the file /Default/Bd. The manipulation of the argument id leads to sql injection. The attack c…
- CVE-2022-4278MEDIUMCVSS 4.7EG 7.22022-12-03
A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /hrm/employeeadd.php. The manipulation of the argument empid leads to s…
- CVE-2022-4279LOWCVSS 3.5EG 6.12022-12-03
A vulnerability classified as problematic has been found in SourceCodester Human Resource Management System 1.0. Affected is an unknown function of the file /hrm/employeeview.php. The manipulation of the argument search leads to cross site…
- CVE-2022-4282MEDIUMCVSS 4.7EG 7.22022-12-05
A vulnerability was found in SpringBootCMS and classified as critical. Affected by this issue is some unknown functionality of the component Template Management. The manipulation leads to injection. The attack may be launched remotely. The…
- CVE-2022-4300MEDIUMCVSS 6.3EG 8.82022-12-06
A vulnerability was found in FastCMS. It has been rated as critical. This issue affects some unknown processing of the file /template/edit of the component Template Handler. The manipulation leads to injection. The attack may be initiated …
- CVE-2022-4322MEDIUMCVSS 6.3EG 7.22022-12-07
A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This affects the function doExecute of the file AbstractScheduleJob.java of the component Scheduled Task Handler. The manipulation leads to injection. I…
- CVE-2022-4341LOWCVSS 3.5EG 6.12022-12-07
A vulnerability has been found in csliuwy coder-chain_gdut and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /back/index.php/user/User/?1. The manipulation leads to cross site scripting. …
- CVE-2022-4347LOWCVSS 3.5EG 5.42022-12-08
A vulnerability was found in xiandafu beetl-bbs. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file WebUtils.java. The manipulation of the argument user leads to cross site scripting…
- CVE-2022-4348LOWCVSS 3.5EG 6.12022-12-08
A vulnerability was found in y_project RuoYi-Cloud. It has been rated as problematic. Affected by this issue is some unknown functionality of the component JSON Handler. The manipulation leads to cross site scripting. The attack may be lau…
- CVE-2022-4350LOWCVSS 3.5EG 3.52022-12-08
A vulnerability, which was classified as problematic, was found in Mingsoft MCMS 5.2.8. Affected is an unknown function of the file search.do. The manipulation of the argument content_title leads to cross site scripting. It is possible to …
- CVE-2022-4353LOWCVSS 3.5EG 9.02022-12-08
A vulnerability has been found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this vulnerability is the function IpUtil.getIpAddr. The manipulation leads to cross site scripting. The attack can be launched remotely. T…
- CVE-2022-4354MEDIUMCVSS 4.3EG 9.62022-12-08
A vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /blog/comment of the component Message Board. The manipulation leads to cross site scriptin…
- CVE-2022-4375MEDIUMCVSS 6.3EG 6.32022-12-09
A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been classified as critical. Affected is an unknown function of the file /cms/category/list. The manipulation of the argument sqlWhere leads to sql injection. It is possible to…
- CVE-2022-4377LOWCVSS 3.5EG 5.42022-12-09
A vulnerability was found in S-CMS 5.0 Build 20220328. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Contact Information Page. The manipulation of the argument Make a Call …
- CVE-2022-4396LOWCVSS 3.5EG 3.52022-12-10
A vulnerability was found in RDFlib pyrdfa3 and classified as problematic. This issue affects the function _get_option of the file pyRdfa/__init__.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. Th…
- CVE-2022-4399MEDIUMCVSS 5.5EG 9.82022-12-10
A vulnerability was found in TicklishHoneyBee nodau. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/db.c. The manipulation of the argument value/name leads to sql injection. The name of …
- CVE-2022-4400LOWCVSS 3.5EG 6.12022-12-11
A vulnerability was found in zbl1996 FS-Blog and classified as problematic. This issue affects some unknown processing of the component Title Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. Th…
Map vulnerabilities like CWE-707 to your infrastructure
EchelonGraph correlates every CVE — across CWE-707 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →