Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-22781 | 1 Etherpad | 1 Etherpad | 2021-05-05 | 5.0 MEDIUM | 7.5 HIGH |
| In Etherpad < 1.8.3, a specially crafted URI would raise an unhandled exception in the cache mechanism and cause a denial of service (crash the instance). | |||||
| CVE-2020-15160 | 1 Prestashop | 1 Prestashop | 2021-05-05 | 7.5 HIGH | 9.8 CRITICAL |
| PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerable to a blind SQL Injection attack in the Catalog Product edition page with location parameter. The problem is fixed in 1.7.6.8 | |||||
| CVE-2018-20338 | 1 Zohocorp | 1 Manageengine Opmanager | 2021-05-04 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section. | |||||
| CVE-2018-18949 | 1 Zohocorp | 1 Manageengine Opmanager | 2021-05-04 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings. | |||||
| CVE-2018-20173 | 1 Zohocorp | 1 Manageengine Opmanager | 2021-05-04 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API. | |||||
| CVE-2019-17602 | 1 Zohocorp | 1 Manageengine Opmanager | 2021-05-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated. | |||||
| CVE-2021-27973 | 1 Piwigo | 1 Piwigo | 2021-04-30 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages. | |||||
| CVE-2020-35430 | 1 Inxedu | 1 Inxedu | 2021-04-30 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in com/inxedu/OS/edu/controller/letter/AdminMsgSystemController in Inxedu v2.0.6 via the ids parameter to admin/letter/delsystem. | |||||
| CVE-2021-21427 | 1 Openmage | 1 Magento | 2021-04-30 | 6.5 MEDIUM | 7.2 HIGH |
| Magento-lts is a long-term support alternative to Magento Community Edition (CE). A vulnerability in magento-lts versions before 19.4.13 and 20.0.9 potentially allows an administrator unauthorized access to restricted resources. This is a backport of CVE-2021-21024. The vulnerability is patched in versions 19.4.13 and 20.0.9. | |||||
| CVE-2021-28419 | 1 Seopanel | 1 Seo Panel | 2021-04-27 | 6.5 MEDIUM | 7.2 HIGH |
| The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases. | |||||
| CVE-2016-4999 | 1 Redhat | 3 Dashbuilder, Jboss Bpm Suite, Jboss Enterprise Brms Platform | 2021-04-27 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI. | |||||
| CVE-2021-28828 | 1 Tibco | 1 Administrator | 2021-04-23 | 6.5 MEDIUM | 8.8 HIGH |
| The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, and TIBCO Administrator - Enterprise Edition for z/Linux contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a SQL injection attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.10.2 and below, and TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.11.0 and 5.11.1. | |||||
| CVE-2013-5945 | 1 Dlink | 16 Dsr-1000, Dsr-1000 Firmware, Dsr-1000n and 13 more | 2021-04-23 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua. | |||||
| CVE-2020-36195 | 1 Qnap | 3 Media Streaming Add-on, Multimedia Console, Qts | 2021-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and later We have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively: QTS 4.3.3.1624 Build 20210416 or later QTS 4.3.6.1620 Build 20210322 or later | |||||
| CVE-2020-25952 | 1 User Registration \& Login And User Management System Project | 1 User Registration \& Login And User Management System | 2021-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication. | |||||
| CVE-2019-19292 | 1 Siemens | 2 Sinvr 3 Central Control Server, Sinvr 3 Video Server | 2021-04-22 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an SQL injection vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to read or modify the CCS database and potentially execute administrative database operations or operating system commands. | |||||
| CVE-2020-29472 | 1 Egavilanmedia | 1 Under Construction Page With Cpanel | 2021-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| EGavilan Media Under Construction page with cPanel 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution. | |||||
| CVE-2020-29474 | 1 Egavilanmedia | 1 Egm Address Book | 2021-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| EGavilan Media EGM Address Book 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution. | |||||
| CVE-2021-27545 | 1 Phpgurukul Beauty Parlour Management System Project | 1 Phpgurukul Beauty Parlour Management System | 2021-04-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter. | |||||
| CVE-2021-27672 | 1 Tribalsystems | 1 Zenario | 2021-04-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component. | |||||