Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-22807 | 1 Vtiger | 1 Vtiger Crm | 2021-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature. | |||||
| CVE-2015-9244 | 1 Mysqljs | 1 Mysql | 2021-05-18 | 7.5 HIGH | 9.8 CRITICAL |
| Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection. | |||||
| CVE-2017-10816 | 1 Intercom | 1 Malion | 2021-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to execute arbitrary SQL commands via Relay Service Server. | |||||
| CVE-2021-1365 | 1 Cisco | 1 Unified Communications Manager Im And Presence Service | 2021-05-14 | 5.5 MEDIUM | 8.1 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted parameters. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database. | |||||
| CVE-2021-1363 | 1 Cisco | 1 Unified Communications Manager Im And Presence Service | 2021-05-14 | 5.5 MEDIUM | 8.1 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted parameters. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database. | |||||
| CVE-2019-18229 | 1 Advantech | 1 Wise-paas\/rmm | 2021-05-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information. | |||||
| CVE-2021-32099 | 1 Artica | 1 Pandora Fms | 2021-05-11 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass. | |||||
| CVE-2021-32104 | 1 Open-emr | 1 Openemr | 2021-05-11 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability exists (with user privileges) in interface/forms/eye_mag/save.php in OpenEMR 5.0.2.1. | |||||
| CVE-2021-32102 | 1 Open-emr | 1 Openemr | 2021-05-11 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability exists (with user privileges) in library/custom_template/ajax_code.php in OpenEMR 5.0.2.1. | |||||
| CVE-2020-15153 | 1 Ampache | 1 Ampache | 2021-05-08 | 7.5 HIGH | 9.8 CRITICAL |
| Ampache before version 4.2.2 allows unauthenticated users to perform SQL injection. Refer to the referenced GitHub Security Advisory for details and a workaround. This is fixed in version 4.2.2 and the development branch. | |||||
| CVE-2020-19109 | 1 Projectworlds | 1 Online Book Store Project In Php | 2021-05-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2020-19108 | 1 Projectworlds | 1 Online Book Store Project In Php | 2021-05-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2020-19107 | 1 Projectworlds | 1 Online Book Store Project In Php | 2021-05-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2020-19114 | 1 Projectworlds | 1 Online Book Store Project In Php | 2021-05-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2020-19112 | 1 Projectworlds | 1 Online Book Store Project In Php | 2021-05-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2020-19110 | 1 Projectworlds | 1 Online Book Store Project In Php | 2021-05-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2021-31856 | 1 Layer5 | 1 Meshery | 2021-05-06 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in GetMesheryPatterns in models/meshery_pattern_persister.go). | |||||
| CVE-2021-25153 | 1 Arubanetworks | 1 Airwave | 2021-05-05 | 5.5 MEDIUM | 8.1 HIGH |
| A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability. | |||||
| CVE-2020-18020 | 1 Phpshe | 1 Mall System | 2021-05-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the "user_phone" parameter of a crafted HTTP request to the "admin.php" component. | |||||
| CVE-2020-18019 | 1 Xinfu | 1 Oa System | 2021-05-05 | 5.0 MEDIUM | 7.5 HIGH |
| SQL Injection in Xinhu OA System v1.8.3 allows remote attackers to obtain sensitive information by injecting arbitrary commands into the "typeid" variable of the "createfolderAjax" function in the "mode_worcAction.php" component. | |||||