Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17570 | 1 Expedia Clone Project | 1 Expedia Clone | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php fl_orig or fl_dest parameter. | |||||
| CVE-2020-19447 | 1 Jdownloads | 1 Jdownloads | 2020-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| SQL injection exists in the jdownloads 3.2.63 component for Joomla! com_jdownloads/models/send.php via the f_marked_files_id parameter. | |||||
| CVE-2020-13504 | 1 Aveva | 1 Edna Enterprise Data Historian | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability. | |||||
| CVE-2020-19450 | 1 Jdownloads | 1 Jdownloads | 2020-09-28 | 5.0 MEDIUM | 7.5 HIGH |
| SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, getUserLimits function in the list parameter. | |||||
| CVE-2020-19451 | 1 Jdownloads | 1 Jdownloads | 2020-09-28 | 5.0 MEDIUM | 7.5 HIGH |
| SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, updateLog function via the X-forwarded-for Header parameter. | |||||
| CVE-2020-19455 | 1 Jdownloads | 1 Jdownloads | 2020-09-28 | 5.0 MEDIUM | 7.5 HIGH |
| SQL injection exists in the jdownloads 3.2.63 component for Joomla! via components/com_jdownloads/helpers/categories.php, order function via the filter_order parameter. | |||||
| CVE-2020-13505 | 1 Aveva | 1 Edna Enterprise Data Historian | 2020-09-25 | 7.5 HIGH | 9.8 CRITICAL |
| Parameter psClass in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability. | |||||
| CVE-2020-25751 | 1 Corephp | 1 Pago Commerce | 2020-09-24 | 6.5 MEDIUM | 8.8 HIGH |
| The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via the administrator/index.php?option=com_pago&view=comments filter_published parameter. | |||||
| CVE-2020-0344 | 1 Google | 1 Android | 2020-09-21 | 2.1 LOW | 5.5 MEDIUM |
| In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140729887 | |||||
| CVE-2020-0352 | 1 Google | 1 Android | 2020-09-21 | 2.1 LOW | 5.5 MEDIUM |
| In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-132074310 | |||||
| CVE-2020-23833 | 1 Projectworlds | 1 House Rental | 2020-09-18 | 7.5 HIGH | 9.8 CRITICAL |
| Projectworlds House Rental v1.0 suffers from an unauthenticated SQL Injection vulnerability, allowing remote attackers to execute arbitrary code on the hosting webserver via a malicious index.php POST request. | |||||
| CVE-2020-25379 | 1 Recall-products Project | 1 Recall-products | 2020-09-18 | 6.5 MEDIUM | 8.8 HIGH |
| Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the 'Manufacturer[]' parameter which allows an authenticated attacker to inject a malicious SQL query. | |||||
| CVE-2019-4671 | 1 Ibm | 1 Maximo Asset Management | 2020-09-15 | 6.5 MEDIUM | 6.3 MEDIUM |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171437. | |||||
| CVE-2020-13127 | 1 Loway | 1 Queuemetrics | 2020-09-15 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.04.1 allows remote authenticated attackers to execute arbitrary SQL commands via the TASKS_LIST__pt.querystring parameter. | |||||
| CVE-2020-24197 | 1 Stock Management System Project | 1 Stock Management System | 2020-09-15 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote attacker to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2020-24193 | 1 Daily Tracker System Project | 1 Daily Tracker System | 2020-09-10 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in login in Sourcecodetester Daily Tracker System 1.0 allows unauthenticated user to execute authentication bypass with SQL injection via the email parameter. | |||||
| CVE-2018-13792 | 1 Abbyy | 1 Flexicapture | 2020-09-10 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCapture before 12 Release 2 allow an attacker to execute arbitrary SQL commands via the mask, sortOrder, filter, or Order parameter. | |||||
| CVE-2020-20625 | 1 Slicedinvoices | 1 Sliced Invoices | 2020-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| Sliced Invoices plugin for WordPress 3.8.2 and earlier allows unauthenticated information disclosure and authenticated SQL injection via core/class-sliced.php. | |||||
| CVE-2012-3336 | 2 Ibm, Linux | 2 Infosphere Guardium, Linux Kernel | 2020-09-04 | 6.5 MEDIUM | 8.8 HIGH |
| IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to multiple scripts, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 78282. | |||||
| CVE-2020-25004 | 1 Heybbs Project | 1 Heybbs | 2020-09-04 | 7.5 HIGH | 9.8 CRITICAL |
| Heybbs v1.2 has a SQL injection vulnerability in user.php file via the ID parameter which may allow a remote attacker to execute arbitrary code. | |||||