Search
Total
2383 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-18713 | 1 Rockoa | 1 Rockoa | 2021-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php | |||||
| CVE-2020-20289 | 1 Yccms | 1 Yccms | 2021-02-03 | 7.5 HIGH | 9.8 CRITICAL |
| Sql injection vulnerability in the yccms 3.3 project. The no_top function's improper judgment of the request parameters, triggers a sql injection vulnerability. | |||||
| CVE-2020-21176 | 1 Thinkjs | 1 Thinkjs | 2021-02-03 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter. | |||||
| CVE-2020-35263 | 1 Egavilanmedia | 1 User Registration And Login System With Admin Panel | 2021-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| EgavilanMedia User Registration & Login System 1.0 is affected by SQL injection to the admin panel, which may allow arbitrary code execution. | |||||
| CVE-2020-20296 | 1 Cmswing | 1 Cmswing | 2021-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands. | |||||
| CVE-2020-20295 | 1 Cmswing | 1 Cmswing | 2021-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands. | |||||
| CVE-2020-20294 | 1 Cmswing | 1 Cmswing | 2021-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands. | |||||
| CVE-2020-21180 | 1 Koa2-blog Project | 1 Koa2-blog | 2021-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signup page. | |||||
| CVE-2020-21179 | 1 Koa2-blog Project | 1 Koa2-blog | 2021-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signin page. | |||||
| CVE-2020-35270 | 1 Student Result Management System Project | 1 Student Result Management System | 2021-02-01 | 6.4 MEDIUM | 9.1 CRITICAL |
| Student Result Management System In PHP With Source Code is affected by SQL injection. An attacker can able to access of Admin Panel and manage every account of Result. | |||||
| CVE-2017-5611 | 3 Debian, Oracle, Wordpress | 3 Debian Linux, Data Integrator, Wordpress | 2021-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name. | |||||
| CVE-2018-7318 | 2 Belitsoft, Oracle | 2 Checklist, Data Integrator | 2021-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter. | |||||
| CVE-2018-9019 | 2 Dolibarr, Oracle | 2 Dolibarr, Data Integrator | 2021-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php. | |||||
| CVE-2021-3286 | 1 Spotweb Project | 1 Spotweb | 2021-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545. | |||||
| CVE-2020-23262 | 1 Mingsoft | 1 Mcms | 2021-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ming-soft MCMS v5.0, where a malicious user can exploit SQL injection without logging in through /mcms/view.do. | |||||
| CVE-2021-1225 | 1 Cisco | 1 Sd-wan Vmanage | 2021-01-27 | 6.4 MEDIUM | 9.1 CRITICAL |
| Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities exist because the web-based management interface improperly validates values in SQL queries. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database or the operating system. | |||||
| CVE-2021-3110 | 1 Prestashop | 1 Prestashop | 2021-01-22 | 7.5 HIGH | 9.8 CRITICAL |
| The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter. | |||||
| CVE-2021-22851 | 1 Hgiga | 1 Oaklouds Openid | 2021-01-22 | 7.5 HIGH | 9.8 CRITICAL |
| HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (document management page) to obtain database schema and data. | |||||
| CVE-2020-29493 | 1 Dell | 2 Emc Avamar Server, Emc Integrated Data Protection Appliance | 2021-01-21 | 7.5 HIGH | 9.8 CRITICAL |
| DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2020-29015 | 1 Fortinet | 1 Fortiweb | 2021-01-20 | 7.5 HIGH | 9.8 CRITICAL |
| A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement. | |||||
| CVE-2021-3118 | 1 Medicalexpo | 1 Ecs Imaging | 2021-01-14 | 7.5 HIGH | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has multiple SQL Injection issues in the login form and the password-forgotten form (such as /req_password_user.php?email=). This allows an attacker to steal data in the database and obtain access to the application. (The database component runs as root.) NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2020-26045 | 1 Thedaylightstudio | 1 Fuel Cms | 2021-01-08 | 7.5 HIGH | 9.8 CRITICAL |
| FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. | |||||
| CVE-2020-36112 | 1 Cse Bookstore Project | 1 Cse Bookstore | 2021-01-07 | 7.5 HIGH | 9.8 CRITICAL |
| CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application is running. | |||||
| CVE-2021-3018 | 1 Ipeak | 1 Ipeakcms | 2021-01-07 | 7.5 HIGH | 9.8 CRITICAL |
| ipeak Infosystems ibexwebCMS (aka IPeakCMS) 3.5 is vulnerable to an unauthenticated Boolean-based SQL injection via the id parameter on the /cms/print.php page. | |||||
| CVE-2021-3021 | 1 Ispconfig | 1 Ispconfig | 2021-01-07 | 7.5 HIGH | 9.8 CRITICAL |
| ISPConfig before 3.2.2 allows SQL injection. | |||||
| CVE-2019-7726 | 1 Nukeviet | 1 Nukeviet | 2021-01-05 | 7.5 HIGH | 9.8 CRITICAL |
| modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request (e.g., Referer and User-Agent). | |||||
| CVE-2020-35613 | 1 Joomla | 1 Joomla\! | 2020-12-30 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Joomla! 3.0.0 through 3.9.22. Improper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list. | |||||
| CVE-2020-35242 | 1 Flamingo Project | 1 Flamingo | 2020-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserTeamInfoInDbAndMemory. | |||||
| CVE-2020-35243 | 1 Flamingo Project | 1 Flamingo | 2020-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserInfoInDb. | |||||
| CVE-2020-35244 | 1 Flamingo Project | 1 Flamingo | 2020-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addGroup. | |||||
| CVE-2020-35245 | 1 Flamingo Project | 1 Flamingo | 2020-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addUser. | |||||
| CVE-2020-35276 | 1 Egavilanmedia | 1 Ecm Address Book | 2020-12-23 | 7.5 HIGH | 9.8 CRITICAL |
| EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. An attacker can bypass the Admin Login panel through SQLi and get Admin access and add or remove any user. | |||||
| CVE-2020-28070 | 1 Alumni Management System Project | 1 Alumni Management System | 2020-12-23 | 7.5 HIGH | 9.8 CRITICAL |
| SourceCodester Alumni Management System 1.0 is affected by SQL injection causing arbitrary remote code execution from GET input in view_event.php via the 'id' parameter. | |||||
| CVE-2020-28073 | 1 Library Management System Project | 1 Library Management System | 2020-12-23 | 7.5 HIGH | 9.8 CRITICAL |
| SourceCodester Library Management System 1.0 is affected by SQL Injection allowing an attacker to bypass the user authentication and impersonate any user on the system. | |||||
| CVE-2020-28074 | 1 Online Health Care System Project | 1 Online Health Care System | 2020-12-23 | 7.5 HIGH | 9.8 CRITICAL |
| SourceCodester Online Health Care System 1.0 is affected by SQL Injection which allows a potential attacker to bypass the authentication system and become an admin. | |||||
| CVE-2020-13968 | 1 Crk | 1 Business Platform | 2020-12-23 | 7.5 HIGH | 9.8 CRITICAL |
| CRK Business Platform <= 2019.1 allows can inject SQL statements against the DB on any path using the 'strSessao' parameter. | |||||
| CVE-2020-27660 | 1 Synology | 1 Safeaccess | 2020-12-22 | 10.0 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter. | |||||
| CVE-2020-11717 | 1 Bilanc | 1 Bilanc | 2020-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Programi 014 31.01.2020. It has multiple SQL injection vulnerabilities. | |||||
| CVE-2020-21377 | 1 Yunyecms | 1 Yunyecms | 2020-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in yunyecms V2.0.1 via the selcart parameter. | |||||
| CVE-2020-21378 | 1 Seacms | 1 Seacms | 2020-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id parameter in an edit action to admin_members_group.php. | |||||
| CVE-2020-20300 | 1 Weiphp | 1 Weiphp | 2020-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the wp_where function in WeiPHP 5.0. | |||||
| CVE-2020-35545 | 1 Spotweb Project | 1 Spotweb | 2020-12-21 | 7.5 HIGH | 9.8 CRITICAL |
| Time-based SQL injection exists in Spotweb 1.4.9 via the query string. | |||||
| CVE-2020-25889 | 1 Online Bus Booking System Project | 1 Online Bus Booking System | 2020-12-15 | 7.5 HIGH | 9.8 CRITICAL |
| Online Bus Booking System Project Using PHP/MySQL version 1.0 has SQL injection via the login page. By placing SQL injection payload on the login page attackers can bypass the authentication and can gain the admin privilege. | |||||
| CVE-2020-20189 | 1 Newpk Project | 1 Newpk | 2020-12-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in NewPK 1.1 via the title parameter to admin\newpost.php. | |||||
| CVE-2020-35378 | 1 Online Bus Ticket Reservation Project | 1 Online Bus Ticket Reservation | 2020-12-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute arbitrary SQL commands and bypass authentication via the username and password fields. | |||||
| CVE-2020-29574 | 1 Sophos | 1 Cyberoamos | 2020-12-14 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely. | |||||
| CVE-2020-19165 | 1 Phpshe | 1 Phpshe | 2020-12-14 | 7.5 HIGH | 9.8 CRITICAL |
| PHPSHE 1.7 has SQL injection via the admin.php?mod=user&userlevel_id=1 userlevel_id[] parameter. | |||||
| CVE-2020-6880 | 1 Zte | 2 Zxv10 W908, Zxv10 W908 Firmware | 2020-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| A ZXELINK wireless controller has a SQL injection vulnerability. A remote attacker does not need to log in. By sending malicious SQL statements, because the device does not properly filter parameters, successful use can obtain management rights. This affects: ZXV10 W908 all versions before MIPS_A_1022IPV6R3T6P7Y20. | |||||
| CVE-2020-29283 | 1 Online Doctor Appointment Booking System Php And Mysql Project | 1 Online Doctor Appointment Booking System Php And Mysql | 2020-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php. | |||||
| CVE-2020-29284 | 1 Multi Restaurant Table Reservation System Project | 1 Multi Restaurant Table Reservation System | 2020-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability. | |||||