Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-89
Total 6906 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-25784 1 Taogogo 1 Taocms 2021-12-03 6.5 MEDIUM 7.2 HIGH
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article.
CVE-2021-25783 1 Taogogo 1 Taocms 2021-12-03 6.5 MEDIUM 7.2 HIGH
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search.
CVE-2021-42169 1 Simple Payroll System With Dynamic Tax Bracket Project 1 Simple Payroll System With Dynamic Tax Bracket 2021-12-03 7.5 HIGH 9.8 CRITICAL
The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parameter (username) from the login form is not protected correctly and there is no security and escaping from malicious payloads.
CVE-2019-7164 5 Debian, Opensuse, Oracle and 2 more 9 Debian Linux, Backports Sle, Leap and 6 more 2021-12-03 7.5 HIGH 9.8 CRITICAL
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
CVE-2021-43679 1 Shopex 1 Ecshop 2021-12-03 7.5 HIGH 9.8 CRITICAL
ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api.php.
CVE-2021-43451 1 Employee Record Management System Project 1 Employee Record Management System 2021-12-03 7.5 HIGH 9.8 CRITICAL
SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php.
CVE-2020-35012 1 Wp-events-plugin 1 Events Manager 2021-12-03 6.5 MEDIUM 7.2 HIGH
The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to an SQL Injection
CVE-2021-44280 1 Attendance Management System Project 1 Attendance Management System 2021-12-02 7.5 HIGH 9.8 CRITICAL
attendance management system 1.0 is affected by a SQL injection vulnerability in admin/incFunctions.php through the makeSafe function.
CVE-2021-36328 1 Dell 1 Emc Streaming Data Platform 2021-12-01 6.5 MEDIUM 8.8 HIGH
Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information from the database.
CVE-2021-41511 1 Lodging Reservation Management System Project 1 Lodging Reservation Management System 2021-11-30 7.5 HIGH 9.8 CRITICAL
The username and password field of login in Lodging Reservation Management System V1 can give access to any user by using SQL injection to bypass authentication.
CVE-2021-26822 1 Teachers Record Management System Project 1 Teachers Record Management System 2021-11-30 7.5 HIGH 9.8 CRITICAL
Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in 'searchteacher' POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthenticated attacker to leak sensitive information and perform code execution attacks.
CVE-2021-42666 1 Engineers Online Portal Project 1 Engineers Online Portal 2021-11-30 6.5 MEDIUM 8.8 HIGH
A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to quiz_question.php, which could let a malicious user extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server.
CVE-2021-41947 1 Intelliants 1 Subrion Cms 2021-11-30 6.5 MEDIUM 7.2 HIGH
A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode.
CVE-2019-7548 5 Debian, Opensuse, Oracle and 2 more 9 Debian Linux, Backports Sle, Leap and 6 more 2021-11-30 6.8 MEDIUM 7.8 HIGH
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
CVE-2021-36807 1 Sophos 1 Unified Threat Management Up2date 2021-11-30 6.5 MEDIUM 8.8 HIGH
An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8.
CVE-2021-41678 1 Os4ed 1 Opensis 2021-11-30 6.8 MEDIUM 9.8 CRITICAL
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/users/Staff.php, staff{TITLE] parameter.
CVE-2021-41679 1 Os4ed 1 Opensis 2021-11-30 6.8 MEDIUM 9.8 CRITICAL
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/grades/InputFinalGrades.php, period parameter.
CVE-2021-41677 1 Os4ed 1 Opensis 2021-11-30 6.8 MEDIUM 9.8 CRITICAL
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/functions/GetStuListFnc.php &Grade= parameter.
CVE-2021-44427 1 Rosariosis 1 Rosariosis 2021-11-30 7.5 HIGH 9.8 CRITICAL
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
CVE-2021-24915 1 Contest Gallery 1 Contest Gallery 2021-11-30 7.5 HIGH 9.8 CRITICAL
The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections attacks, as well as get the list of all users registered on the blog, including their username and email address