Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-22209 | 1 74cms | 1 74cms | 2021-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajax_common.php. | |||||
| CVE-2020-22210 | 1 74cms | 1 74cms | 2021-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in 74cms 3.2.0 via the x parameter to ajax_officebuilding.php. | |||||
| CVE-2020-22212 | 1 74cms | 1 74cms | 2021-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in 74cms 3.2.0 via the id parameter to wap/wap-company-show.php. | |||||
| CVE-2020-22199 | 1 Phpcms | 1 Phpcms | 2021-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in phpCMS 2007 SP6 build 0805 via the digg_mod parameter to digg_add.php. | |||||
| CVE-2021-24360 | 1 Kohsei-works | 1 Yes\/no Chart | 2021-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Yes/No Chart WordPress plugin before 1.0.12 did not sanitise its sid shortcode parameter before using it in a SQL statement, allowing medium privilege users (contributor+) to perform Blind SQL Injection attacks | |||||
| CVE-2013-4422 | 3 Postgresql, Qt, Quassel-irc | 3 Postgresql, Qt, Quassel Irc | 2021-06-16 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message. | |||||
| CVE-2021-24336 | 1 Zavedil | 1 Flightlog | 2021-06-14 | 6.5 MEDIUM | 7.2 HIGH |
| The FlightLog WordPress plugin through 3.0.2 does not sanitise, validate or escape various POST parameters before using them a SQL statement, leading to SQL injections exploitable by editor and administrator users | |||||
| CVE-2021-24340 | 1 Veronalabs | 1 Wp Statistics | 2021-06-14 | 5.0 MEDIUM | 7.5 HIGH |
| The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query. Additionally, the page, which should have been accessible to administrator only, was also available to any visitor, including unauthenticated ones. | |||||
| CVE-2020-24667 | 1 Tracefinanacial | 1 Crestbridge | 2021-06-11 | 6.5 MEDIUM | 8.8 HIGH |
| Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL injection vulnerability, which was fixed in 6.3.0.03. | |||||
| CVE-2020-24671 | 1 Tracefinanacial | 1 Crestbridge | 2021-06-11 | 6.5 MEDIUM | 8.8 HIGH |
| Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL injection vulnerability, which was fixed in 6.3.0.03. | |||||
| CVE-2021-29089 | 1 Synology | 1 Photo Station | 2021-06-10 | 10.0 HIGH | 9.8 CRITICAL |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo Station before 6.8.14-3500 allows remote attackers users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2021-29090 | 1 Synology | 1 Photo Station | 2021-06-10 | 9.0 HIGH | 7.2 HIGH |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL command via unspecified vectors. | |||||
| CVE-2020-35441 | 1 Fangfa | 1 Fdcms | 2021-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| FDCMS (aka Fangfa Content Management System) 4.0 contains a front-end SQL injection via Admin/Lib/Action/FloginAction.class.php. | |||||
| CVE-2020-25362 | 1 Online Shopping Alphaware Project | 1 Online Shopping Alphaware | 2021-06-09 | 5.0 MEDIUM | 7.5 HIGH |
| The id paramater in Online Shopping Alphaware 1.0 has been discovered to be vulnerable to an Error-Based blind SQL injection in the /alphaware/details.php path. This allows an attacker to retrieve all databases. | |||||
| CVE-2021-27828 | 1 In4velocity | 1 In4suite Erp | 2021-06-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| SQL injection in In4Suite ERP 3.2.74.1370 allows attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries. | |||||
| CVE-2020-24862 | 1 Pharmacy Medical Store And Sale Point Project | 1 Pharmacy Medical Store And Sale Point | 2021-06-09 | 5.0 MEDIUM | 7.5 HIGH |
| The catID parameter in Pharmacy Medical Store and Sale Point v1.0 has been found to be vulnerable to a Time-Based blind SQL injection via the /medical/inventories.php path which allows attackers to retrieve all databases. | |||||
| CVE-2020-26668 | 1 Bigtreecms | 1 Bigtree Cms | 2021-06-09 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability was discovered in /core/feeds/custom.php in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to inject a malicious SQL query to the applications via the 'Create New Feed' function. | |||||
| CVE-2021-33180 | 1 Synology | 1 Media Server | 2021-06-08 | 7.5 HIGH | 9.8 CRITICAL |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2020-36004 | 1 Appcms | 1 Appcms | 2021-06-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| AppCMS 2.0.101 in /admin/download_frame.php has a SQL injection vulnerability which allows attackers to obtain sensitive database information. | |||||
| CVE-2011-2703 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2021-06-07 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support. | |||||