Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36385 | 1 Cerner | 1 Mobile Care | 2021-08-30 | 10.0 HIGH | 9.8 CRITICAL |
| A SQL Injection vulnerability in Cerner Mobile Care 5.0.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via a Fullwidth Apostrophe (aka U+FF07) in the default.aspx User ID field. Arbitrary system commands can be executed through the use of xp_cmdshell. | |||||
| CVE-2021-24557 | 1 Nimble3 | 1 M-vslider | 2021-08-30 | 6.5 MEDIUM | 7.2 HIGH |
| The update functionality in the rslider_page uses an rs_id POST parameter which is not validated, sanitised or escaped before being inserted in sql query, therefore leading to SQL injection for users having Administrator role. | |||||
| CVE-2021-24497 | 1 Satollo | 1 Giveaway | 2021-08-30 | 6.5 MEDIUM | 7.2 HIGH |
| The Giveaway WordPress plugin through 1.2.2 is vulnerable to an SQL Injection issue which allows an administrative user to execute arbitrary SQL commands via the $post_id on the options.php page. | |||||
| CVE-2021-36748 | 1 Prestahome | 1 Blog | 2021-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL Injection issue in the list controller of the Prestahome Blog (aka ph_simpleblog) module before 1.7.8 for Prestashop allows a remote attacker to extract data from the database via the sb_category parameter. | |||||
| CVE-2021-37358 | 1 Seacms | 1 Seacms | 2021-08-27 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in SEACMS v210530 (2021-05-30) allows remote attackers to execute arbitrary code via the component "admin_ajax.php?action=checkrepeat&v_name=". | |||||
| CVE-2020-20675 | 1 Nuishop | 1 Nuishop | 2021-08-27 | 7.5 HIGH | 9.8 CRITICAL |
| Nuishop v2.3 contains a SQL injection vulnerability in /goods/getGoodsListByConditions/. | |||||
| CVE-2020-18477 | 1 Hucart | 1 Hucart | 2021-08-27 | 6.5 MEDIUM | 8.8 HIGH |
| SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enquiry field found in the Message con_content field. | |||||
| CVE-2020-18476 | 1 Hucart | 1 Hucart | 2021-08-27 | 6.5 MEDIUM | 8.8 HIGH |
| SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic information field found in the avatar usd_image field. | |||||
| CVE-2021-31777 | 1 Dynamic Content Elements Project | 1 Dynamic Content Elements | 2021-08-27 | 4.0 MEDIUM | 4.9 MEDIUM |
| The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 2.7.1, for TYPO3 allows SQL Injection via a backend user account. | |||||
| CVE-2021-24550 | 1 Broken Link Manager Project | 1 Broken Link Manager | 2021-08-26 | 6.5 MEDIUM | 7.2 HIGH |
| The Broken Link Manager WordPress plugin through 0.6.5 does not sanitise, validate or escape the url GET parameter before using it in a SQL statement when retrieving an URL to edit, leading to an authenticated SQL injection issue | |||||
| CVE-2021-24551 | 1 Edit Comments Project | 1 Edit Comments | 2021-08-26 | 7.5 HIGH | 9.8 CRITICAL |
| The Edit Comments WordPress plugin through 0.3 does not sanitise, validate or escape the jal_edit_comments GET parameter before using it in a SQL statement, leading to a SQL injection issue | |||||
| CVE-2021-24552 | 1 Simple Events Calendar Project | 1 Simple Events Calendar | 2021-08-26 | 6.5 MEDIUM | 7.2 HIGH |
| The Simple Events Calendar WordPress plugin through 1.4.0 does not sanitise, validate or escape the event_id POST parameter before using it in a SQL statement when deleting events, leading to an authenticated SQL injection issue | |||||
| CVE-2021-24553 | 1 Timeline Calendar Project | 1 Timeline Calendar | 2021-08-26 | 6.5 MEDIUM | 7.2 HIGH |
| The Timeline Calendar WordPress plugin through 1.2 does not sanitise, validate or escape the edit GET parameter before using it in a SQL statement when editing events, leading to an authenticated SQL injection issue. Other SQL Injections are also present in the plugin | |||||
| CVE-2021-24506 | 1 Quantumcloud | 1 Slider Hero | 2021-08-26 | 6.5 MEDIUM | 8.8 HIGH |
| The Slider Hero with Animation, Video Background & Intro Maker WordPress plugin before 8.2.7 does not sanitise or escape the id attribute of its hero-button shortcode before using it in a SQL statement, allowing users with a role as low as Contributor to perform SQL injection. | |||||
| CVE-2021-24554 | 1 Freelancetoindia | 1 Paytm-pay | 2021-08-26 | 6.5 MEDIUM | 7.2 HIGH |
| The Paytm – Donation Plugin WordPress plugin through 1.3.2 does not sanitise, validate or escape the id GET parameter before using it in a SQL statement when deleting donations, leading to an authenticated SQL injection issue | |||||
| CVE-2020-18164 | 1 Tp-shop | 1 Tp-shop | 2021-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill parameter. | |||||
| CVE-2021-27999 | 1 Local Services Search Engine Management System Project | 1 Local Services Search Engine Management System | 2021-08-24 | 4.0 MEDIUM | 4.9 MEDIUM |
| A SQL injection vulnerability was discovered in the editid parameter in Local Services Search Engine Management System Project 1.0. This vulnerability gives admin users the ability to dump all data from the database. | |||||
| CVE-2020-18746 | 1 Aitecms | 1 Aitecms | 2021-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| SQL Injection in AiteCMS v1.0 allows remote attackers to execute arbitrary code via the component "aitecms/login/diy_list.php". | |||||
| CVE-2020-22122 | 1 Find A Place Ljcms Project | 1 Find A Place Ljcms | 2021-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL injection vulnerability in /oa.php?c=Staff&a=read of Find a Place LJCMS v 1.3 allows attackers to access sensitive database information via a crafted POST request. | |||||
| CVE-2020-18877 | 1 Wuzhicms | 1 Wuzhicms | 2021-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'. | |||||