CVE-2022-33148

HIGH Year: 2022
CVSS v3 Score
8.3
High
Weakness Type
CWE-89
View all →

Vulnerability Description

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules plugin, allowing an attacker to inject SQL by manipulating the title parameter.

Related Vulnerabilities

CVE-2019-20361

HIGH
CVSS:8.3(High)

There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerabil...

CWE-892019

CVE-2022-0224

HIGH
CVSS:8.3(High)

dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command

CWE-892022

CVE-2022-0258

HIGH
CVSS:8.3(High)

pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command

CWE-892022

CVE-2022-33147

HIGH
CVSS:8.3(High)

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can se...

CWE-892022

CVE-2022-33149

HIGH
CVSS:8.3(High)

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can se...

CWE-892022

CVE-2022-34652

HIGH
CVSS:8.3(High)

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can se...

CWE-892022