Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36621 | 1 Online Covid Vaccination Scheduler System Project | 1 Online Covid Vaccination Scheduler System | 2021-10-18 | 6.8 MEDIUM | 8.1 HIGH |
| Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection. The username parameter is vulnerable to time-based SQL injection. Upon successful dumping the admin password hash, an attacker can decrypt and obtain the plain-text password. Hence, the attacker could authenticate as Administrator. | |||||
| CVE-2021-29004 | 1 Rconfig | 1 Rconfig | 2021-10-15 | 6.5 MEDIUM | 8.8 HIGH |
| rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely. | |||||
| CVE-2020-21726 | 1 Opensns | 1 Opensns | 2021-10-15 | 7.5 HIGH | 9.8 CRITICAL |
| OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the cid parameter. | |||||
| CVE-2020-21725 | 1 Opensns | 1 Opensns | 2021-10-15 | 7.5 HIGH | 9.8 CRITICAL |
| OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the pid parameter. | |||||
| CVE-2021-41920 | 1 Webtareas Project | 1 Webtareas | 2021-10-15 | 5.0 MEDIUM | 7.5 HIGH |
| webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. This allows an attacker to access all the data in the database and obtain access to the webTareas application. | |||||
| CVE-2021-29798 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more | 2021-10-14 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 203734. | |||||
| CVE-2021-29903 | 1 Ibm | 1 Sterling B2b Integrator | 2021-10-14 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 207506. | |||||
| CVE-2021-39351 | 1 Wp Bannerize Project | 1 Wp Bannerize | 2021-10-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| The WP Bannerize WordPress plugin is vulnerable to authenticated SQL injection via the id parameter found in the ~/Classes/wpBannerizeAdmin.php file which allows attackers to exfiltrate sensitive information from vulnerable sites. This issue affects versions 2.0.0 - 4.0.2. | |||||
| CVE-2021-25482 | 1 Google | 1 Android | 2021-10-13 | 3.6 LOW | 4.4 MEDIUM |
| SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1 allow untrusted application to overwrite some CMFA framework information. | |||||
| CVE-2021-41651 | 1 Hotel Management System Project | 1 Hotel Management System | 2021-10-12 | 5.0 MEDIUM | 7.5 HIGH |
| A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. A malicious attacker can retrieve sensitive database information and interact with the database using the vulnerable cid parameter in process_update_profile.php. | |||||
| CVE-2021-24465 | 1 Meowapps | 1 Meow Gallery | 2021-10-08 | 5.5 MEDIUM | 8.1 HIGH |
| The Meow Gallery WordPress plugin before 4.1.9 does not sanitise, validate or escape the ids attribute of its gallery shortcode (available for users as low as Contributor) before using it in an SQL statement, leading to an authenticated SQL Injection issue. The injection also allows the returned values to be manipulated in a way that could lead to data disclosure and arbitrary objects to be deserialized. | |||||
| CVE-2020-21012 | 1 Hotel And Lodge Booking Management System Project | 1 Hotel And Lodge Booking Management System | 2021-10-08 | 7.5 HIGH | 9.8 CRITICAL |
| Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details. | |||||
| CVE-2020-21013 | 1 Emlog | 1 Emlog | 2021-10-08 | 6.5 MEDIUM | 7.2 HIGH |
| emlog v6.0.0 contains a SQL injection via /admin/comment.php. | |||||
| CVE-2021-41647 | 1 Online Food Ordering Web App Project | 1 Online Food Ordering Web App | 2021-10-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable "username" parameter in login.php and retrieve sensitive database information, as well as add an administrative user. | |||||
| CVE-2021-41845 | 1 Thycotic | 1 Secret Server | 2021-10-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007. The only affected versions are 10.9.000032 through 11.0.000006. | |||||
| CVE-2020-24673 | 1 Abb | 2 Symphony \+ Historian, Symphony \+ Operations | 2021-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. This can lead to a loss of confidentiality and data integrity or even affect the product behavior and its availability. | |||||
| CVE-2021-41288 | 1 Zohocorp | 1 Manageengine Opmanager | 2021-10-06 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API. | |||||
| CVE-2020-20120 | 1 Thinkphp | 1 Thinkphp | 2021-10-06 | 7.5 HIGH | 9.8 CRITICAL |
| ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods. | |||||
| CVE-2020-20122 | 1 Wuzhicms | 1 Wuzhi Cms | 2021-10-06 | 7.5 HIGH | 9.8 CRITICAL |
| Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php. | |||||
| CVE-2021-24666 | 1 Podlove | 1 Podlove Podcast Publisher | 2021-10-05 | 6.8 MEDIUM | 9.8 CRITICAL |
| The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (not activated by default), which adds the rest route '/services/contributor/(?P<id>[\d]+), takes an 'id' and 'category' parameters as arguments. Both parameters can be used for the SQLi. | |||||