Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7726 | 1 Nukeviet | 1 Nukeviet | 2021-01-05 | 7.5 HIGH | 9.8 CRITICAL |
| modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request (e.g., Referer and User-Agent). | |||||
| CVE-2020-29228 | 1 Egavilanmedia | 1 User Registration And Login System With Admin Panel | 2021-01-04 | 5.0 MEDIUM | 7.5 HIGH |
| EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by SQL injection in the User Login Page. | |||||
| CVE-2020-27848 | 1 Dotcms | 1 Dotcms | 2021-01-04 | 6.5 MEDIUM | 8.8 HIGH |
| dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. The PaginatorOrdered classes that are used to paginate results of a REST endpoints do not sanitize the orderBy parameter and in some cases it is vulnerable to SQL injection attacks. A user must be an authenticated manager in the dotCMS system to exploit this vulnerability. | |||||
| CVE-2020-35613 | 1 Joomla | 1 Joomla\! | 2020-12-30 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Joomla! 3.0.0 through 3.9.22. Improper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list. | |||||
| CVE-2020-35242 | 1 Flamingo Project | 1 Flamingo | 2020-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserTeamInfoInDbAndMemory. | |||||
| CVE-2020-35243 | 1 Flamingo Project | 1 Flamingo | 2020-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserInfoInDb. | |||||
| CVE-2020-35244 | 1 Flamingo Project | 1 Flamingo | 2020-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addGroup. | |||||
| CVE-2020-35245 | 1 Flamingo Project | 1 Flamingo | 2020-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addUser. | |||||
| CVE-2020-35708 | 1 Phplist | 1 Phplist | 2020-12-28 | 6.5 MEDIUM | 7.2 HIGH |
| phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page. | |||||
| CVE-2008-4080 | 1 Stash | 1 Stash | 2020-12-28 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in Stash 1.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username parameter to admin/library/authenticate.php and the (2) download parameter to downloadmp3.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2020-35666 | 1 Steedos | 1 Steedos | 2020-12-23 | 6.5 MEDIUM | 8.8 HIGH |
| Steedos Platform through 1.21.24 allows NoSQL injection because the /api/collection/findone implementation in server/packages/steedos_base.js mishandles req.body validation, as demonstrated by MongoDB operator attacks such as an X-User-Id[$ne]=1 value. | |||||
| CVE-2020-35276 | 1 Egavilanmedia | 1 Ecm Address Book | 2020-12-23 | 7.5 HIGH | 9.8 CRITICAL |
| EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. An attacker can bypass the Admin Login panel through SQLi and get Admin access and add or remove any user. | |||||
| CVE-2020-28070 | 1 Alumni Management System Project | 1 Alumni Management System | 2020-12-23 | 7.5 HIGH | 9.8 CRITICAL |
| SourceCodester Alumni Management System 1.0 is affected by SQL injection causing arbitrary remote code execution from GET input in view_event.php via the 'id' parameter. | |||||
| CVE-2020-28073 | 1 Library Management System Project | 1 Library Management System | 2020-12-23 | 7.5 HIGH | 9.8 CRITICAL |
| SourceCodester Library Management System 1.0 is affected by SQL Injection allowing an attacker to bypass the user authentication and impersonate any user on the system. | |||||
| CVE-2020-28074 | 1 Online Health Care System Project | 1 Online Health Care System | 2020-12-23 | 7.5 HIGH | 9.8 CRITICAL |
| SourceCodester Online Health Care System 1.0 is affected by SQL Injection which allows a potential attacker to bypass the authentication system and become an admin. | |||||
| CVE-2020-13968 | 1 Crk | 1 Business Platform | 2020-12-23 | 7.5 HIGH | 9.8 CRITICAL |
| CRK Business Platform <= 2019.1 allows can inject SQL statements against the DB on any path using the 'strSessao' parameter. | |||||
| CVE-2020-35151 | 1 Online Marriage Registration System Project | 1 Online Marriage Registration System | 2020-12-22 | 6.5 MEDIUM | 8.8 HIGH |
| The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection. | |||||
| CVE-2020-11717 | 1 Bilanc | 1 Bilanc | 2020-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Programi 014 31.01.2020. It has multiple SQL injection vulnerabilities. | |||||
| CVE-2020-21377 | 1 Yunyecms | 1 Yunyecms | 2020-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in yunyecms V2.0.1 via the selcart parameter. | |||||
| CVE-2020-21378 | 1 Seacms | 1 Seacms | 2020-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id parameter in an edit action to admin_members_group.php. | |||||