Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8656 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2022-01-01 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php. | |||||
| CVE-2020-8427 | 1 Unitrends | 1 Backup | 2022-01-01 | 7.5 HIGH | 9.8 CRITICAL |
| In Unitrends Backup before 10.4.1, an HTTP request parameter was not properly sanitized, allowing for SQL injection that resulted in an authentication bypass. | |||||
| CVE-2020-25760 | 1 Projectworlds | 1 Visitor Management System In Php | 2022-01-01 | 6.5 MEDIUM | 8.8 HIGH |
| Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database. | |||||
| CVE-2020-1937 | 1 Apache | 1 Kylin | 2021-12-30 | 6.5 MEDIUM | 8.8 HIGH |
| Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries. | |||||
| CVE-2021-42313 | 1 Microsoft | 1 Defender For Iot | 2021-12-30 | 10.0 HIGH | 9.8 CRITICAL |
| Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889. | |||||
| CVE-2021-43851 | 1 Anuko | 1 Time Tracker | 2021-12-28 | 6.5 MEDIUM | 8.8 HIGH |
| Anuko Time Tracker is an open source, web-based time tracking application written in PHP. SQL injection vulnerability exist in multiple files in Time Tracker version 1.19.33.5606 and prior due to not properly checking of the "group" and "status" parameters in POST requests. Group parameter is posted along when navigating between organizational subgroups (groups.php file). Status parameter is used in multiple files to change a status of an entity such as making a project, task, or user inactive. This issue has been patched in version 1.19.33.5607. An upgrade is highly recommended. If an upgrade is not practical, introduce ttValidStatus function as in the latest version and start using it user input check blocks wherever status field is used. For groups.php fix, introduce ttValidInteger function as in the latest version and use it in the access check block in the file. | |||||
| CVE-2021-43157 | 1 Projectworlds | 1 Online Shopping System In Php | 2021-12-28 | 7.5 HIGH | 9.8 CRITICAL |
| Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL injection via the id parameter in cart_remove.php. | |||||
| CVE-2021-43629 | 1 Projectworlds | 1 Hospital Management System In Php | 2021-12-28 | 7.5 HIGH | 9.8 CRITICAL |
| Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in admin_home.php. | |||||
| CVE-2021-43630 | 1 Projectworlds | 1 Hospital Management System In Php | 2021-12-28 | 6.5 MEDIUM | 8.8 HIGH |
| Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in add_patient.php. As a result, an authenticated malicious user can compromise the databases system and in some cases leverage this vulnerability to get remote code execution on the remote web server. | |||||
| CVE-2021-43631 | 1 Projectworlds | 1 Hospital Management System In Php | 2021-12-28 | 7.5 HIGH | 9.8 CRITICAL |
| Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the appointment_no parameter in payment.php. | |||||
| CVE-2021-43628 | 1 Projectworlds | 1 Hospital Management System In Php | 2021-12-28 | 7.5 HIGH | 9.8 CRITICAL |
| Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the email parameter in hms-staff.php. | |||||
| CVE-2021-43155 | 1 Projectworlds | 1 Online Book Store Project In Php | 2021-12-28 | 7.5 HIGH | 9.8 CRITICAL |
| Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injection via the "bookisbn" parameter in cart.php. | |||||
| CVE-2021-44874 | 1 Dalmark | 1 Systeam Enterprise Resource Planning | 2021-12-27 | 6.5 MEDIUM | 8.8 HIGH |
| Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Insecure design on report build via SQL query. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. The bi report module exposes direct SQL commands via POST data in order to select data for report generation. A malicious actor can use the bi report endpoint as a direct SQL prompt under the authenticated user. | |||||
| CVE-2021-45253 | 1 Simple Cold Storage Management System Project | 1 Simple Cold Storage Managment System | 2021-12-27 | 7.5 HIGH | 9.8 CRITICAL |
| The id parameter in view_storage.php from Simple Cold Storage Management System 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed. | |||||
| CVE-2021-45252 | 1 Simple Forum\/discussion System Project | 1 Simple Forum\/discussion System | 2021-12-27 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities are found on Simple Forum-Discussion System 1.0 For example on three applications which are manage_topic.php, manage_user.php, and ajax.php. The attacker can be retrieving all information from the database of this system by using this vulnerability. | |||||
| CVE-2021-24846 | 1 Ni Woocommerce Custom Order Status Project | 1 Ni Woocommerce Custom Order Status | 2021-12-27 | 6.5 MEDIUM | 8.8 HIGH |
| The get_query() function of the Ni WooCommerce Custom Order Status WordPress plugin before 1.9.7, used by the niwoocos_ajax AJAX action, available to all authenticated users, does not properly sanitise the sort parameter before using it in a SQL statement, leading to an SQL injection, exploitable by any authenticated users, such as subscriber | |||||
| CVE-2021-24849 | 1 Wclovers | 1 Frontend Manager For Woocommerce Along With Bookings Subscription Listings Compatible | 2021-12-27 | 7.5 HIGH | 9.8 CRITICAL |
| The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections | |||||
| CVE-2020-18081 | 1 Sem-cms | 1 Semcms | 2021-12-22 | 5.0 MEDIUM | 7.5 HIGH |
| The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query. | |||||
| CVE-2021-41843 | 1 Open-emr | 1 Openemr | 2021-12-22 | 6.8 MEDIUM | 6.5 MEDIUM |
| An authenticated SQL injection issue in the calendar search function of OpenEMR 6.0.0 before patch 3 allows an attacker to read data from all tables of the database via the parameter provider_id, as demonstrated by the /interface/main/calendar/index.php?module=PostCalendar&func=search URI. | |||||
| CVE-2021-43451 | 1 Employee Record Management System Project | 1 Employee Record Management System | 2021-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php. | |||||