Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17580 | 1 Linkedin Clone Project | 1 Linkedin Clone | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter. | |||||
| CVE-2017-17581 | 1 Quibids Clone Project | 1 Quibids Clone | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter. | |||||
| CVE-2017-17578 | 1 Crowdfunding Script Project | 1 Crowdfunding Script | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter. | |||||
| CVE-2017-17577 | 1 Trademe Clone Project | 1 Trademe Clone | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter. | |||||
| CVE-2017-17576 | 1 Gigs Script Project | 1 Gigs Script | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter. | |||||
| CVE-2017-17575 | 1 Groupon Clone Project | 1 Groupon Clone | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter. | |||||
| CVE-2017-17574 | 1 Care Clone Project | 1 Care Clone | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| FS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or jobFrequency parameter. | |||||
| CVE-2017-17572 | 1 Amazon Clone Project | 1 Amazon Clone | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari. | |||||
| CVE-2017-17571 | 1 Foodpanda Clone Project | 1 Foodpanda Clone | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| FS Foodpanda Clone 1.0 has SQL Injection via the /food keywords parameter. | |||||
| CVE-2017-17570 | 1 Expedia Clone Project | 1 Expedia Clone | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php fl_orig or fl_dest parameter. | |||||
| CVE-2020-19447 | 1 Jdownloads | 1 Jdownloads | 2020-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| SQL injection exists in the jdownloads 3.2.63 component for Joomla! com_jdownloads/models/send.php via the f_marked_files_id parameter. | |||||
| CVE-2020-13504 | 1 Aveva | 1 Edna Enterprise Data Historian | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability. | |||||
| CVE-2020-19451 | 1 Jdownloads | 1 Jdownloads | 2020-09-28 | 5.0 MEDIUM | 7.5 HIGH |
| SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, updateLog function via the X-forwarded-for Header parameter. | |||||
| CVE-2020-19450 | 1 Jdownloads | 1 Jdownloads | 2020-09-28 | 5.0 MEDIUM | 7.5 HIGH |
| SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, getUserLimits function in the list parameter. | |||||
| CVE-2020-19455 | 1 Jdownloads | 1 Jdownloads | 2020-09-28 | 5.0 MEDIUM | 7.5 HIGH |
| SQL injection exists in the jdownloads 3.2.63 component for Joomla! via components/com_jdownloads/helpers/categories.php, order function via the filter_order parameter. | |||||
| CVE-2020-13505 | 1 Aveva | 1 Edna Enterprise Data Historian | 2020-09-25 | 7.5 HIGH | 9.8 CRITICAL |
| Parameter psClass in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability. | |||||
| CVE-2020-25751 | 1 Corephp | 1 Pago Commerce | 2020-09-24 | 6.5 MEDIUM | 8.8 HIGH |
| The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via the administrator/index.php?option=com_pago&view=comments filter_published parameter. | |||||
| CVE-2020-17506 | 1 Articatech | 1 Web Proxy | 2020-09-22 | 7.5 HIGH | 9.8 CRITICAL |
| Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php. | |||||
| CVE-2020-0352 | 1 Google | 1 Android | 2020-09-21 | 2.1 LOW | 5.5 MEDIUM |
| In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-132074310 | |||||
| CVE-2020-0344 | 1 Google | 1 Android | 2020-09-21 | 2.1 LOW | 5.5 MEDIUM |
| In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140729887 | |||||
| CVE-2020-23833 | 1 Projectworlds | 1 House Rental | 2020-09-18 | 7.5 HIGH | 9.8 CRITICAL |
| Projectworlds House Rental v1.0 suffers from an unauthenticated SQL Injection vulnerability, allowing remote attackers to execute arbitrary code on the hosting webserver via a malicious index.php POST request. | |||||
| CVE-2020-25379 | 1 Recall-products Project | 1 Recall-products | 2020-09-18 | 6.5 MEDIUM | 8.8 HIGH |
| Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the 'Manufacturer[]' parameter which allows an authenticated attacker to inject a malicious SQL query. | |||||
| CVE-2020-14349 | 2 Opensuse, Postgresql | 2 Leap, Postgresql | 2020-09-18 | 4.6 MEDIUM | 7.1 HIGH |
| It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication. | |||||
| CVE-2019-4671 | 1 Ibm | 1 Maximo Asset Management | 2020-09-16 | 6.5 MEDIUM | 6.3 MEDIUM |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171437. | |||||
| CVE-2020-13127 | 1 Loway | 1 Queuemetrics | 2020-09-15 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.04.1 allows remote authenticated attackers to execute arbitrary SQL commands via the TASKS_LIST__pt.querystring parameter. | |||||
| CVE-2020-24197 | 1 Stock Management System Project | 1 Stock Management System | 2020-09-15 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote attacker to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2020-24193 | 1 Daily Tracker System Project | 1 Daily Tracker System | 2020-09-10 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in login in Sourcecodetester Daily Tracker System 1.0 allows unauthenticated user to execute authentication bypass with SQL injection via the email parameter. | |||||
| CVE-2018-13792 | 1 Abbyy | 1 Flexicapture | 2020-09-10 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCapture before 12 Release 2 allow an attacker to execute arbitrary SQL commands via the mask, sortOrder, filter, or Order parameter. | |||||
| CVE-2020-20625 | 1 Slicedinvoices | 1 Sliced Invoices | 2020-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| Sliced Invoices plugin for WordPress 3.8.2 and earlier allows unauthenticated information disclosure and authenticated SQL injection via core/class-sliced.php. | |||||
| CVE-2012-3336 | 2 Ibm, Linux | 2 Infosphere Guardium, Linux Kernel | 2020-09-04 | 6.5 MEDIUM | 8.8 HIGH |
| IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to multiple scripts, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 78282. | |||||
| CVE-2020-25005 | 1 Heybbs Project | 1 Heybbs | 2020-09-04 | 7.5 HIGH | 9.8 CRITICAL |
| Heybbs v1.2 has a SQL injection vulnerability in msg.php file via the ID parameter which may allow a remote attacker to execute arbitrary code. | |||||
| CVE-2020-25004 | 1 Heybbs Project | 1 Heybbs | 2020-09-04 | 7.5 HIGH | 9.8 CRITICAL |
| Heybbs v1.2 has a SQL injection vulnerability in user.php file via the ID parameter which may allow a remote attacker to execute arbitrary code. | |||||
| CVE-2020-25006 | 1 Heybbs Project | 1 Heybbs | 2020-09-04 | 7.5 HIGH | 9.8 CRITICAL |
| Heybbs v1.2 has a SQL injection vulnerability in login.php file via the username parameter which may allow a remote attacker to execute arbitrary code. | |||||
| CVE-2019-18344 | 1 Online Grading System Project | 1 Online Grading System | 2020-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| Sourcecodester Online Grading System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the student, instructor, department, room, class, or user page (id or classid parameter). | |||||
| CVE-2014-8366 | 1 Os4ed | 1 Opensis | 2020-09-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote attackers to execute arbitrary SQL commands via the Username and password to index.php. | |||||
| CVE-2020-23973 | 1 Kandnconcepts Club Cms Project | 1 Kandnconcepts Club Cms | 2020-09-02 | 7.5 HIGH | 9.8 CRITICAL |
| KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the 'team.php,player.php,club.php' id parameter. | |||||
| CVE-2020-5920 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2020-09-02 | 4.0 MEDIUM | 4.3 MEDIUM |
| In versions 15.0.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a vulnerability in the BIG-IP AFM Configuration utility may allow any authenticated BIG-IP user to perform a read-only blind SQL injection attack. | |||||
| CVE-2020-15886 | 1 Reportdata Project | 1 Reportdata | 2020-09-01 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability in reportdata_controller.php in the reportdata module before 3.5 for MunkiReport allows attackers to execute arbitrary SQL commands via the req parameter of the /module/reportdata/ip endpoint. | |||||
| CVE-2020-15887 | 1 Softwareupdate Project | 1 Softwareupdate | 2020-09-01 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability in softwareupdate_controller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter of the /module/softwareupdate/get_tab_data/ endpoint. | |||||
| CVE-2020-23980 | 1 Designmasterevents | 1 Conference Management | 2020-09-01 | 7.5 HIGH | 9.8 CRITICAL |
| DesignMasterEvents Conference management 1.0.0 allows SQL Injection via the username field on the administrator login page. | |||||
| CVE-2020-6637 | 1 Os4ed | 1 Opensis | 2020-09-01 | 7.5 HIGH | 9.8 CRITICAL |
| openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php. | |||||
| CVE-2020-24315 | 1 Wordpress Poll Project | 1 Wordpress Poll | 2020-09-01 | 5.0 MEDIUM | 7.5 HIGH |
| Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who craft specific SQL statements to dump the entire targets database. | |||||
| CVE-2020-5624 | 1 Riken | 1 Xoonips | 2020-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the XooNIps 3.48 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2020-23976 | 1 Webexcels | 1 Ecommerce Cms | 2020-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Injection via the 'content.php' id parameter. | |||||
| CVE-2019-3760 | 1 Dell | 2 Rsa Identity Governance And Lifecycle, Rsa Via Lifecycle And Governance | 2020-08-31 | 6.5 MEDIUM | 8.8 HIGH |
| The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a SQL Injection vulnerability in Workflow Architect. A remote authenticated malicious user could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain unauthorized access to the data by supplying specially crafted input data to the affected application. | |||||
| CVE-2020-23979 | 1 13enforme | 1 13enforme Cms | 2020-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| 13enforme CMS 1.0 has SQL Injection via the 'content.php' id parameter. | |||||
| CVE-2020-23978 | 1 Soluzioneglobale | 1 Ecommerce Cms | 2020-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection can occur in Soluzione Globale Ecommerce CMS v1 via the parameter " offerta.php" | |||||
| CVE-2016-4837 | 1 Ec-cube | 1 Discount Coupon | 2020-08-27 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the Seed Coupon plugin before 1.6 for EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-3458 | 1 Getsymphony | 1 Symphony | 2020-08-25 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lib/toolkit/events/event.section.php in Symphony CMS 2.0.7 and 2.1.1 allows remote attackers to execute arbitrary SQL commands via the send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2013-2559 | 1 Getsymphony | 1 Symphony | 2020-08-25 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Symphony CMS before 2.3.2 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter to system/authors/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands. | |||||