Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-18866 | 1 Blaauwproducts | 1 Remote Kiln Control | 2020-05-15 | 5.0 MEDIUM | 7.5 HIGH |
| Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3.00r4 allows a user to extract arbitrary data from the rkc database. | |||||
| CVE-2020-6241 | 1 Sap | 1 Adaptive Server Enterprise | 2020-05-14 | 6.5 MEDIUM | 8.8 HIGH |
| SAP Adaptive Server Enterprise, version 16.0, allows an authenticated user to execute crafted database queries to elevate privileges of users in the system, leading to SQL Injection. | |||||
| CVE-2020-11530 | 1 Idangero | 1 Chop Slider | 2020-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user. | |||||
| CVE-2020-12766 | 1 Solis | 1 Gnuteca | 2020-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| Gnuteca 3.8 allows action=main:search:simpleSearch SQL Injection via the exemplaryStatusId parameter. | |||||
| CVE-2020-12014 | 1 Advantech | 1 Webaccess | 2020-05-11 | 5.0 MEDIUM | 7.5 HIGH |
| Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL commands. | |||||
| CVE-2020-12104 | 1 Wp-advanced-search Project | 1 Wp-advanced-search | 2020-05-07 | 6.5 MEDIUM | 8.8 HIGH |
| The Import feature in the wp-advanced-search plugin 3.3.6 for WordPress is vulnerable to authenticated SQL injection via an uploaded .sql file. An attacker can use this to execute SQL commands without any validation. | |||||
| CVE-2020-11032 | 1 Glpi-project | 1 Glpi | 2020-05-07 | 6.5 MEDIUM | 7.2 HIGH |
| In GLPI before version 9.4.6, there is a SQL injection vulnerability for all helpdesk instances. Exploiting this vulnerability requires a technician account. This is fixed in version 9.4.6. | |||||
| CVE-2018-10759 | 1 Projectpier | 1 Projectpier | 2020-05-06 | 7.5 HIGH | 9.8 CRITICAL |
| PHP remote file inclusion vulnerability in public/patch/patch.php in Project Pier 0.8.8 and earlier allows remote attackers to execute arbitrary commands or SQL statements via the id parameter. | |||||
| CVE-2020-11886 | 1 Opennms | 2 Horizon, Meridian | 2020-05-05 | 5.5 MEDIUM | 8.1 HIGH |
| OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList.htm (aka the NodeListController) via snmpParm or snmpParmValue to addCriteriaForSnmpParm. This affects Horizon before 25.2.1, Meridian 2019 before 2019.1.4, Meridian 2018 before 2018.1.16, and Meridian 2017 before 2017.1.21. | |||||
| CVE-2020-11942 | 1 Opmantek | 1 Open-audit | 2020-05-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL Injections. | |||||
| CVE-2020-12461 | 1 Php-fusion | 1 Php-fusion | 2020-05-05 | 6.5 MEDIUM | 8.8 HIGH |
| PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a crafted payload that can be inserted into the sort_order GET parameter on the members.php members search page. This parameter allows for control over anything after the ORDER BY clause in the SQL query. | |||||
| CVE-2020-12429 | 1 Phpgurukul | 1 Online Course Registration | 2020-05-05 | 7.5 HIGH | 9.8 CRITICAL |
| Online Course Registration 2.0 has multiple SQL injections that would can lead to a complete database compromise and authentication bypass in the login pages: admin/change-password.php, admin/check_availability.php, admin/index.php, change-password.php, check_availability.php, includes/header.php, index.php, and pincode-verification.php. | |||||
| CVE-2020-12442 | 1 Ivanti | 1 Avalanche | 2020-05-01 | 7.5 HIGH | 9.8 CRITICAL |
| Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250. | |||||
| CVE-2020-11004 | 1 Admidio | 1 Admidio | 2020-05-01 | 5.0 MEDIUM | 7.5 HIGH |
| SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging in, can send a GET request with arbitrary SQL queries appended to the cookie parameter and execute SQL queries. The vulnerability impacts the confidentiality of the system. This has been patched in version 3.3.13. | |||||
| CVE-2020-10505 | 1 The School Manage System Project | 1 The School Manage System | 2020-04-30 | 7.5 HIGH | 9.8 CRITICAL |
| The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, an attacker can use a union based injection query string to get databases schema and username/password. | |||||
| CVE-2020-10512 | 1 Hgiga | 1 Oaklouds Ccm\@il | 2020-04-30 | 9.0 HIGH | 8.8 HIGH |
| HGiga C&Cmail CCMAILQ before olln-calendar-6.0-100.i386.rpm and CCMAILN before olln-calendar-5.0-100.i386.rpm contains a SQL Injection vulnerability which allows attackers to injecting SQL commands in the URL parameter to execute unauthorized commands. | |||||
| CVE-2020-11010 | 1 Tortoise Orm Project | 1 Tortoise Orm | 2020-04-28 | 6.5 MEDIUM | 8.8 HIGH |
| In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL are only affected when filtering with contains, starts_with, or ends_with filters (and their case-insensitive counterparts). | |||||
| CVE-2017-7991 | 1 Exponentcms | 1 Exponent Cms | 2020-04-28 | 7.5 HIGH | 9.8 CRITICAL |
| Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php. | |||||
| CVE-2020-11812 | 1 Rukovoditel | 1 Rukovoditel | 2020-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the filters[0][value] or filters[1][value] parameter. | |||||
| CVE-2019-20730 | 1 Netgear | 74 D3600, D3600 Firmware, D6000 and 71 more | 2020-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| Certain NETGEAR devices are affected by SQL injection. This affects D3600 before 1.0.0.68, D6000 before 1.0.0.68, D6200 before 1.1.00.28, D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7000v2 before 1.0.0.74, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DC112A before 1.0.0.40, EX8000 before 1.0.0.118, JR6150 before 1.0.1.18, R6050 before 1.0.1.18, R6220 before 1.1.0.66, R6250 before 1.0.4.26, R6300v2 before 1.0.4.24, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.44, R6700v2 before 1.2.0.16, R6800 before 1.2.0.16, R6900v2 before 1.2.0.16, R6900 before 1.0.1.44, R7000 before 1.0.9.26, R6900P before 1.3.0.20, R7000P before 1.3.0.20, R7100LG before 1.0.0.40, R7300DST before 1.0.0.62, R7500 before 1.0.0.118, R7500v2 before 1.0.3.26, R7800 before 1.0.2.40, R7900 before 1.0.2.10, R8000 before 1.0.4.12, R7900P before 1.3.0.10, R8000P before 1.3.0.10, R8300 before 1.0.2.116, R8500 before 1.0.2.116, R8900 before 1.0.3.6, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.102, WNDR3700v5 before 1.1.0.54, WNDR4300v1 before 1.0.2.98, WNDR4300v2 before 1.0.0.56, and WNDR4500v3 before 1.0.0.56. | |||||