Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7567 | 1 Yeager | 1 Yeager Cms | 2020-02-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the "passwordreset&token" parameter. | |||||
| CVE-2013-2018 | 1 Berkeley | 1 Boinc | 2020-02-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-9613 | 1 Netsweeper | 1 Netsweeper | 2020-02-20 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to webadmin/auth/verification.php or (2) dpid parameter to webadmin/deny/index.php. | |||||
| CVE-2020-9269 | 1 Soplanning | 1 Soplanning | 2020-02-20 | 9.0 HIGH | 7.2 HIGH |
| SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by export_ical.php. | |||||
| CVE-2014-9612 | 1 Netsweeper | 1 Netsweeper | 2020-02-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in remotereporter/load_logfiles.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to execute arbitrary SQL commands via the server parameter. | |||||
| CVE-2014-8089 | 3 Fedoraproject, Redhat, Zend | 3 Fedora, Enterprise Linux, Zend Framework | 2020-02-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte. | |||||
| CVE-2020-8611 | 2 Progess, Progress | 2 Moveit Transfer, Moveit Transfer | 2020-02-19 | 6.5 MEDIUM | 8.8 HIGH |
| In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database via the REST API. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or destroy database elements. | |||||
| CVE-2018-5986 | 1 Easycarscript | 1 Easycarscript | 2020-02-19 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Easy Car Script 2014 via the s_order or s_row parameter to site_search.php. | |||||
| CVE-2020-9268 | 1 Soplanning | 1 Soplanning | 2020-02-19 | 5.0 MEDIUM | 7.5 HIGH |
| SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&by= substring. | |||||
| CVE-2020-8802 | 1 Salesagility | 1 Suitecrm | 2020-02-19 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation. | |||||
| CVE-2013-1401 | 1 Cardozatechnologies | 1 Wordpress Poll | 2020-02-19 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple security bypass vulnerabilities in the editAnswer, deleteAnswer, addAnswer, and deletePoll functions in WordPress Poll Plugin 34.5 for WordPress allow a remote attacker to add, edit, and delete an answer and delete a poll. | |||||
| CVE-2013-1400 | 1 Cardozatechnologies | 1 Wordpress Poll | 2020-02-19 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress allow attackers to execute arbitrary SQL commands via the pollid or poll_id parameter in a viewPollResults or userlogs action. | |||||
| CVE-2010-4897 | 1 Bluecms Project | 1 Bluecms | 2020-02-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comment.php in BlueCMS 1.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header in a send action. | |||||
| CVE-2015-5617 | 1 Enorth | 1 Webpublisher Cms | 2020-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in pub/m_pending_news/delete_pending_news.jsp in Enorth Webpublisher CMS allows remote attackers to execute arbitrary SQL commands via the cbNewsId parameter. | |||||
| CVE-2012-1124 | 1 Phxeventmanager Project | 1 Phxeventmanager | 2020-02-13 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter. | |||||
| CVE-2020-8841 | 1 Testlink | 1 Testlink | 2020-02-12 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in TestLink 1.9.19. The relation_type parameter of the lib/requirements/reqSearch.php endpoint is vulnerable to authenticated SQL Injection. | |||||
| CVE-2015-3423 | 1 Netcracker | 1 Resource Management System | 2020-02-12 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple SQL injection vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) ctrl, (2) h____%2427, (3) h____%2439, (4) param0, (5) param1, (6) param2, (7) param3, (8) param4, (9) filter_INSERT_COUNT, (10) filter_MINOR_FALLOUT, (11) filter_UPDATE_COUNT, (12) sort, or (13) sessid parameter. | |||||
| CVE-2019-15622 | 1 Nextcloud | 1 Nextcloud | 2020-02-12 | 2.1 LOW | 2.4 LOW |
| Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries. | |||||
| CVE-2013-3638 | 1 Boonex | 1 Dolphin | 2020-02-12 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL commands via the 'pathes' parameter in 'categories.php'. | |||||
| CVE-2020-8645 | 1 Simplejobscript | 1 Simplejobscript | 2020-02-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Simplejobscript.com SJS through 1.66. There is an unauthenticated SQL injection via the job applications search function. The vulnerable parameter is job_id. The function is getJobApplicationsByJobId(). The file is _lib/class.JobApplication.php. | |||||