Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-21121 | 1 Kliqqi | 1 Kliqqi Cms | 2021-09-28 | 7.5 HIGH | 9.8 CRITICAL |
| Pligg CMS 2.0.2 contains a time-based SQL injection vulnerability via the $recordIDValue parameter in the admin_update_module_widgets.php file. | |||||
| CVE-2021-40670 | 1 Wuzhicms | 1 Wuzhicms | 2021-09-27 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file. | |||||
| CVE-2021-40669 | 1 Wuzhicms | 1 Wuzhicms | 2021-09-27 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file. | |||||
| CVE-2021-23040 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2021-09-24 | 6.5 MEDIUM | 8.8 HIGH |
| On BIG-IP AFM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This issue is exposed only when BIG-IP AFM is provisioned. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2020-21127 | 1 Metinfo | 1 Metinfo | 2021-09-23 | 7.5 HIGH | 9.8 CRITICAL |
| MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs&c=index&a=dodel. | |||||
| CVE-2021-33688 | 1 Sap | 1 Business One | 2021-09-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| SAP Business One allows an attacker with business privileges to execute crafted database queries, exposing the back-end database. Due to framework restrictions, only some information can be obtained. | |||||
| CVE-2021-24726 | 1 Wpsimplebookingcalendar | 1 Wp Simple Booking Calendar | 2021-09-23 | 6.5 MEDIUM | 8.8 HIGH |
| The WP Simple Booking Calendar WordPress plugin before 2.0.6 did not escape, validate or sanitise the orderby parameter in its Search Calendars action, before using it in a SQL statement, leading to an authenticated SQL injection issue | |||||
| CVE-2021-24727 | 1 Stopbadbots | 1 Block And Stop Bad Bots | 2021-09-23 | 6.5 MEDIUM | 8.8 HIGH |
| The StopBadBots WordPress plugin before 6.60 did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections | |||||
| CVE-2021-38324 | 1 Smartypantsplugins | 1 Sp Rental Manager | 2021-09-22 | 5.0 MEDIUM | 7.5 HIGH |
| The SP Rental Manager WordPress plugin is vulnerable to SQL Injection via the orderby parameter found in the ~/user/shortcodes.php file which allows attackers to retrieve information contained in a site's database, in versions up to and including 1.5.3. | |||||
| CVE-2021-37593 | 1 Peel | 1 Peel Shopping | 2021-09-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| PEEL Shopping version 9.4.0 allows remote SQL injection. A public user/guest (unauthenticated) can inject a malicious SQL query in order to affect the execution of predefined SQL commands. Upon a successful SQL injection attack, an attacker can read sensitive data from the database and possibly modify database data. | |||||
| CVE-2021-27890 | 1 Mybb | 1 Mybb | 2021-09-21 | 6.8 MEDIUM | 8.8 HIGH |
| SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files. | |||||
| CVE-2021-35042 | 2 Djangoproject, Fedoraproject | 2 Django, Fedora | 2021-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application. | |||||
| CVE-2021-26764 | 1 Student Record System Project | 1 Student Record System | 2021-09-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in PHPGurukul Student Record System v 4.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit-std.php. | |||||
| CVE-2021-26765 | 1 Student Record System Project | 1 Student Record System | 2021-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the sid parameter to edit-sub.php. | |||||
| CVE-2020-35427 | 1 Employee Record Management System Project | 1 Employee Record Management System | 2021-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication. | |||||
| CVE-2021-26762 | 1 Student Record System Project | 1 Student Record System | 2021-09-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php. | |||||
| CVE-2021-38723 | 1 Thedaylightstudio | 1 Fuel Cms | 2021-09-20 | 6.5 MEDIUM | 8.8 HIGH |
| FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/items | |||||
| CVE-2021-37422 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2021-09-17 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases. | |||||
| CVE-2021-39378 | 1 Os4ed | 1 Opensis | 2021-09-16 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the NamesList.php str parameter. | |||||
| CVE-2021-40814 | 1 Mypresta | 1 Customer Photo Gallery | 2021-09-15 | 7.5 HIGH | 9.8 CRITICAL |
| The Customer Photo Gallery addon before 2.9.4 for PrestaShop is vulnerable to SQL injection. | |||||