Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-22204 | 1 Shopex | 1 Ecshop | 2021-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in ECShop 2.7.6 via the goods_number parameter to flow.php. . | |||||
| CVE-2020-22205 | 1 Shopex | 1 Ecshop | 2021-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in ECShop 3.0 via the id parameter to admin/shophelp.php. | |||||
| CVE-2020-22206 | 1 Shopex | 1 Ecshop | 2021-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in ECShop 3.0 via the aid parameter to admin/affiliate_ck.php. | |||||
| CVE-2020-22208 | 1 74cms | 1 74cms | 2021-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajax_street.php. | |||||
| CVE-2020-22209 | 1 74cms | 1 74cms | 2021-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajax_common.php. | |||||
| CVE-2020-22210 | 1 74cms | 1 74cms | 2021-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in 74cms 3.2.0 via the x parameter to ajax_officebuilding.php. | |||||
| CVE-2020-22211 | 1 74cms | 1 74cms | 2021-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajax_street.php. | |||||
| CVE-2020-22212 | 1 74cms | 1 74cms | 2021-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in 74cms 3.2.0 via the id parameter to wap/wap-company-show.php. | |||||
| CVE-2020-22199 | 1 Phpcms | 1 Phpcms | 2021-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in phpCMS 2007 SP6 build 0805 via the digg_mod parameter to digg_add.php. | |||||
| CVE-2021-24360 | 1 Kohsei-works | 1 Yes\/no Chart | 2021-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Yes/No Chart WordPress plugin before 1.0.12 did not sanitise its sid shortcode parameter before using it in a SQL statement, allowing medium privilege users (contributor+) to perform Blind SQL Injection attacks | |||||
| CVE-2013-4422 | 3 Postgresql, Qt, Quassel-irc | 3 Postgresql, Qt, Quassel Irc | 2021-06-16 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message. | |||||
| CVE-2021-24336 | 1 Zavedil | 1 Flightlog | 2021-06-14 | 6.5 MEDIUM | 7.2 HIGH |
| The FlightLog WordPress plugin through 3.0.2 does not sanitise, validate or escape various POST parameters before using them a SQL statement, leading to SQL injections exploitable by editor and administrator users | |||||
| CVE-2021-24340 | 1 Veronalabs | 1 Wp Statistics | 2021-06-14 | 5.0 MEDIUM | 7.5 HIGH |
| The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query. Additionally, the page, which should have been accessible to administrator only, was also available to any visitor, including unauthenticated ones. | |||||
| CVE-2020-24667 | 1 Tracefinanacial | 1 Crestbridge | 2021-06-11 | 6.5 MEDIUM | 8.8 HIGH |
| Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL injection vulnerability, which was fixed in 6.3.0.03. | |||||
| CVE-2020-24671 | 1 Tracefinanacial | 1 Crestbridge | 2021-06-11 | 6.5 MEDIUM | 8.8 HIGH |
| Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL injection vulnerability, which was fixed in 6.3.0.03. | |||||
| CVE-2021-29089 | 1 Synology | 1 Photo Station | 2021-06-10 | 10.0 HIGH | 9.8 CRITICAL |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo Station before 6.8.14-3500 allows remote attackers users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2021-29090 | 1 Synology | 1 Photo Station | 2021-06-10 | 9.0 HIGH | 7.2 HIGH |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL command via unspecified vectors. | |||||
| CVE-2020-35441 | 1 Fangfa | 1 Fdcms | 2021-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| FDCMS (aka Fangfa Content Management System) 4.0 contains a front-end SQL injection via Admin/Lib/Action/FloginAction.class.php. | |||||
| CVE-2020-25362 | 1 Online Shopping Alphaware Project | 1 Online Shopping Alphaware | 2021-06-09 | 5.0 MEDIUM | 7.5 HIGH |
| The id paramater in Online Shopping Alphaware 1.0 has been discovered to be vulnerable to an Error-Based blind SQL injection in the /alphaware/details.php path. This allows an attacker to retrieve all databases. | |||||
| CVE-2021-27828 | 1 In4velocity | 1 In4suite Erp | 2021-06-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| SQL injection in In4Suite ERP 3.2.74.1370 allows attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries. | |||||