Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25005 | 1 Heybbs Project | 1 Heybbs | 2020-09-04 | 7.5 HIGH | 9.8 CRITICAL |
| Heybbs v1.2 has a SQL injection vulnerability in msg.php file via the ID parameter which may allow a remote attacker to execute arbitrary code. | |||||
| CVE-2020-25006 | 1 Heybbs Project | 1 Heybbs | 2020-09-04 | 7.5 HIGH | 9.8 CRITICAL |
| Heybbs v1.2 has a SQL injection vulnerability in login.php file via the username parameter which may allow a remote attacker to execute arbitrary code. | |||||
| CVE-2020-14972 | 1 Pisay Online E-learning System Project | 1 Pisay Online E-learning System | 2020-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution (RCE) via the user_email, user_pass, and id parameters on the admin login-portal and the edit-lessons webpages. | |||||
| CVE-2019-18344 | 1 Online Grading System Project | 1 Online Grading System | 2020-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| Sourcecodester Online Grading System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the student, instructor, department, room, class, or user page (id or classid parameter). | |||||
| CVE-2014-8366 | 1 Os4ed | 1 Opensis | 2020-09-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote attackers to execute arbitrary SQL commands via the Username and password to index.php. | |||||
| CVE-2020-6637 | 1 Os4ed | 1 Opensis | 2020-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php. | |||||
| CVE-2020-13380 | 1 Os4ed | 1 Opensis | 2020-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| openSIS before 7.4 allows SQL Injection. | |||||
| CVE-2020-23973 | 1 Kandnconcepts Club Cms Project | 1 Kandnconcepts Club Cms | 2020-09-02 | 7.5 HIGH | 9.8 CRITICAL |
| KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the 'team.php,player.php,club.php' id parameter. | |||||
| CVE-2020-5920 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2020-09-02 | 4.0 MEDIUM | 4.3 MEDIUM |
| In versions 15.0.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a vulnerability in the BIG-IP AFM Configuration utility may allow any authenticated BIG-IP user to perform a read-only blind SQL injection attack. | |||||
| CVE-2020-15886 | 1 Reportdata Project | 1 Reportdata | 2020-09-01 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability in reportdata_controller.php in the reportdata module before 3.5 for MunkiReport allows attackers to execute arbitrary SQL commands via the req parameter of the /module/reportdata/ip endpoint. | |||||
| CVE-2020-15887 | 1 Softwareupdate Project | 1 Softwareupdate | 2020-09-01 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability in softwareupdate_controller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter of the /module/softwareupdate/get_tab_data/ endpoint. | |||||
| CVE-2020-23980 | 1 Designmasterevents | 1 Conference Management | 2020-09-01 | 7.5 HIGH | 9.8 CRITICAL |
| DesignMasterEvents Conference management 1.0.0 allows SQL Injection via the username field on the administrator login page. | |||||
| CVE-2020-24315 | 1 Wordpress Poll Project | 1 Wordpress Poll | 2020-09-01 | 5.0 MEDIUM | 7.5 HIGH |
| Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who craft specific SQL statements to dump the entire targets database. | |||||
| CVE-2020-5624 | 1 Riken | 1 Xoonips | 2020-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the XooNIps 3.48 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2020-23976 | 1 Webexcels | 1 Ecommerce Cms | 2020-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Injection via the 'content.php' id parameter. | |||||
| CVE-2019-3760 | 1 Dell | 2 Rsa Identity Governance And Lifecycle, Rsa Via Lifecycle And Governance | 2020-08-31 | 6.5 MEDIUM | 8.8 HIGH |
| The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a SQL Injection vulnerability in Workflow Architect. A remote authenticated malicious user could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain unauthorized access to the data by supplying specially crafted input data to the affected application. | |||||
| CVE-2020-23978 | 1 Soluzioneglobale | 1 Ecommerce Cms | 2020-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection can occur in Soluzione Globale Ecommerce CMS v1 via the parameter " offerta.php" | |||||
| CVE-2020-23979 | 1 13enforme | 1 13enforme Cms | 2020-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| 13enforme CMS 1.0 has SQL Injection via the 'content.php' id parameter. | |||||
| CVE-2016-4837 | 1 Ec-cube | 1 Discount Coupon | 2020-08-27 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the Seed Coupon plugin before 1.6 for EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-3458 | 1 Getsymphony | 1 Symphony | 2020-08-25 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lib/toolkit/events/event.section.php in Symphony CMS 2.0.7 and 2.1.1 allows remote attackers to execute arbitrary SQL commands via the send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information. | |||||