Search
Total
2383 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-29285 | 1 Point Of Sales In Php\/pdo Project | 1 Point Of Sales In Php\/pdo | 2020-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability was discovered in Point of Sales in PHP/PDO 1.0, which can be exploited via the id parameter to edit_category.php. | |||||
| CVE-2020-29282 | 1 Bloodx Project | 1 Bloodx | 2020-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication. | |||||
| CVE-2020-25839 | 1 Microfocus | 1 Identity Manager | 2020-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. This vulnerability is fixed in NetIQ IdM 4.8 SP2 HF1. | |||||
| CVE-2020-29280 | 1 Victor Cms Project | 1 Victor Cms | 2020-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page. | |||||
| CVE-2020-29287 | 1 Car Rental Management System Project | 1 Car Rental Management System | 2020-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php. | |||||
| CVE-2020-29288 | 1 Gym Management System Project | 1 Gym Management System | 2020-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL injection vulnerability was discovered in Gym Management System In manage_user.php file, GET parameter 'id' is vulnerable. | |||||
| CVE-2020-28133 | 1 Simple Grocery Store Sales And Inventory Sales Project | 1 Simple Grocery Store Sales And Inventory System | 2020-12-01 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in sales_inventory/login.php. | |||||
| CVE-2020-28183 | 1 Water Billing System Project | 1 Water Billing System | 2020-12-01 | 10.0 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php. | |||||
| CVE-2019-19876 | 1 Br-automation | 1 Industrial Automation Aprol | 2020-11-30 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An EnMon PHP script was vulnerable to SQL injection, a different vulnerability than CVE-2019-10006. | |||||
| CVE-2020-28994 | 1 Karenderia Multiple Restaurant System Project | 1 Karenderia Multiple Restaurant System | 2020-11-30 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability was discovered in Karenderia Multiple Restaurant System, affecting versions 5.4.2 and below. The vulnerability allows for an unauthenticated attacker to perform various tasks such as modifying and leaking all contents of the database. | |||||
| CVE-2020-25475 | 1 Newsscriptphp | 1 News Script Php Pro | 2020-11-27 | 7.5 HIGH | 9.8 CRITICAL |
| SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action. | |||||
| CVE-2020-13877 | 1 Resourcexpress | 1 Meeting Monitor | 2020-11-24 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection issues in various ASPX pages of ResourceXpress Meeting Monitor 4.9 could lead to remote code execution and information disclosure. | |||||
| CVE-2020-27481 | 1 Goodlayers | 1 Good Learning Management System | 2020-11-23 | 7.5 HIGH | 9.8 CRITICAL |
| An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the usage of "wp_ajax_nopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlr_lms_cancel_booking" where POST Parameter "id" was sent straight into SQL query without sanitization. | |||||
| CVE-2020-28138 | 1 Online Clothing Store Project | 1 Online Clothing Store | 2020-11-23 | 7.5 HIGH | 9.8 CRITICAL |
| SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php. | |||||
| CVE-2020-27886 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2020-11-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to exploit the username_available function of the includes/functions.php file (which is called by login.php). | |||||
| CVE-2020-27995 | 1 Zohocorp | 1 Manageengine Applications Manager | 2020-11-03 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter. | |||||
| CVE-2020-26944 | 2 Aptean, Microsoft | 2 Product Configurator, Windows | 2020-10-26 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Aptean Product Configurator 4.61.0000 on Windows. A Time based SQL injection affects the nameTxt parameter on the main login page (aka cse?cmd=LOGIN). This can be exploited directly, and remotely. | |||||
| CVE-2020-27615 | 1 Loginizer | 1 Loginizer | 2020-10-23 | 7.5 HIGH | 9.8 CRITICAL |
| The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip. | |||||
| CVE-2018-6373 | 1 Fastballproductions | 1 Fastball | 2020-10-19 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Fastball 2.5 component for Joomla! via the season parameter in a view=player action. | |||||
| CVE-2020-15533 | 1 Zohocorp | 1 Manageengine Applications Manager | 2020-10-13 | 7.5 HIGH | 9.8 CRITICAL |
| In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack. | |||||
| CVE-2020-26518 | 1 Artica | 1 Pandora Fms | 2020-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter. | |||||
| CVE-2020-15487 | 1 Re-desk | 1 Re\ | 2020-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Re:Desk 2.3 contains a blind unauthenticated SQL injection vulnerability in the getBaseCriteria() function in the protected/models/Ticket.php file. By modifying the folder GET parameter, it is possible to execute arbitrary SQL statements via a crafted URL. Unauthenticated remote command execution is possible by using this SQL injection to update certain database values, which are then executed by a bizRule eval() function in the yii/framework/web/auth/CAuthManager.php file. Resultant authorization bypass is also possible, by recovering or modifying password hashes and password reset tokens, allowing for administrative privileges to be obtained. | |||||
| CVE-2020-25762 | 1 Seat Reservation System Project | 1 Seat Reservation System | 2020-10-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract sensitive information etc. | |||||
| CVE-2019-7316 | 1 Css-tricks | 1 Chat2 | 2020-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in CSS-TRICKS Chat2 through 2015-05-05. The userid parameter in jumpin.php has a SQL injection vulnerability. | |||||
| CVE-2020-26525 | 1 Damstratechnology | 1 Smart Asset | 2020-10-06 | 6.4 MEDIUM | 9.1 CRITICAL |
| Damstra Smart Asset 2020.7 has SQL injection via the API/api/Asset originator parameter. This allows forcing the database and server to initiate remote connections to third party DNS servers. | |||||
| CVE-2020-25990 | 1 Websitebaker | 1 Websitebaker | 2020-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. | |||||
| CVE-2020-20800 | 1 Metinfo | 1 Metinfo | 2020-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the install/index.php?action=adminsetup&cndata=yes&endata=yes&showdata=yes URI. | |||||
| CVE-2020-26042 | 1 Hoosk | 1 Hoosk | 2020-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php | |||||
| CVE-2020-12870 | 1 Rainbowfishsoftware | 1 Pacsone Server | 2020-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username parameter in the signup page. | |||||
| CVE-2020-15394 | 1 Zohocorp | 1 Manageengine Applications Manager | 2020-09-30 | 7.5 HIGH | 9.8 CRITICAL |
| The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution. | |||||
| CVE-2017-17110 | 1 Techno - Portfolio Management Panel Project | 1 Techno - Portfolio Management Panel | 2020-09-30 | 7.5 HIGH | 9.8 CRITICAL |
| Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request. | |||||
| CVE-2020-25147 | 1 Observium | 1 Observium | 2020-09-30 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via username[0] to the default URI, because of includes/authenticate.inc.php. | |||||
| CVE-2020-25132 | 1 Observium | 1 Observium | 2020-09-30 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending the improper variable type Array allows a bypass of core SQL Injection sanitization. Users are able to inject malicious statements in multiple functions. This vulnerability leads to full authentication bypass: any unauthorized user with access to the application is able to exploit this vulnerability. This can occur via the Cookie header to the default URI, within includes/authenticate.inc.php. | |||||
| CVE-2020-8158 | 1 Typeorm | 1 Typeorm | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks. | |||||
| CVE-2017-17643 | 1 Lynda Clone Project | 1 Lynda Clone | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tutorial/. | |||||
| CVE-2017-17589 | 1 Thumbtack Clone Project | 1 Thumbtack Clone | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter. | |||||
| CVE-2017-17587 | 1 Indiamart Clone Project | 1 Indiamart Clone | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token parameter, buyleads-details.php id parameter, or company/index.php c parameter. | |||||
| CVE-2017-17588 | 1 Imdb Clone Project | 1 Imdb Clone | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| FS IMDB Clone 1.0 has SQL Injection via the movie.php f parameter, tvshow.php s parameter, or show_misc_video.php id parameter. | |||||
| CVE-2017-17586 | 1 Olx Clone Project | 1 Olx Clone | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter or the message.php pid parameter. | |||||
| CVE-2017-17585 | 1 Monster Clone Project | 1 Monster Clone | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| FS Monster Clone 1.0 has SQL Injection via the Employer_Details.php id parameter. | |||||
| CVE-2017-17584 | 1 Makemytrip Clone Project | 1 Makemytrip Clone | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| FS Makemytrip Clone 1.0 has SQL Injection via the show-flight-result.php fl_orig or fl_dest parameter. | |||||
| CVE-2017-17583 | 1 Shutterstock Clone Project | 1 Shutterstock Clone | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| FS Shutterstock Clone 1.0 has SQL Injection via the /Category keywords parameter. | |||||
| CVE-2017-17579 | 1 Freelancer Clone Project | 1 Freelancer Clone | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| FS Freelancer Clone 1.0 has SQL Injection via the profile.php u parameter. | |||||
| CVE-2017-17582 | 1 Grubhub Clone Project | 1 Grubhub Clone | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| FS Grubhub Clone 1.0 has SQL Injection via the /food keywords parameter. | |||||
| CVE-2017-17580 | 1 Linkedin Clone Project | 1 Linkedin Clone | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter. | |||||
| CVE-2017-17581 | 1 Quibids Clone Project | 1 Quibids Clone | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter. | |||||
| CVE-2017-17577 | 1 Trademe Clone Project | 1 Trademe Clone | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter. | |||||
| CVE-2017-17578 | 1 Crowdfunding Script Project | 1 Crowdfunding Script | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter. | |||||
| CVE-2017-17576 | 1 Gigs Script Project | 1 Gigs Script | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter. | |||||
| CVE-2017-17574 | 1 Care Clone Project | 1 Care Clone | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| FS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or jobFrequency parameter. | |||||