Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19026 | 2 Linuxfoundation, Pivotal | 2 Harbor, Vmware Harbor Registry | 2021-05-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform. | |||||
| CVE-2019-19029 | 2 Linuxfoundation, Pivotal | 2 Harbor, Vmware Harbor Registry | 2021-05-21 | 6.5 MEDIUM | 7.2 HIGH |
| Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform. | |||||
| CVE-2020-13873 | 1 Codologic | 1 Codoforum | 2021-05-20 | 10.0 HIGH | 9.8 CRITICAL |
| A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers (pre-authentication) to bypass the admin page via a leaked password-reset token of the admin. (As an admin, an attacker can upload a PHP shell and execute remote code on the operating system.) | |||||
| CVE-2020-22807 | 1 Vtiger | 1 Vtiger Crm | 2021-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature. | |||||
| CVE-2015-9244 | 1 Mysqljs | 1 Mysql | 2021-05-18 | 7.5 HIGH | 9.8 CRITICAL |
| Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection. | |||||
| CVE-2017-10816 | 1 Intercom | 1 Malion | 2021-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to execute arbitrary SQL commands via Relay Service Server. | |||||
| CVE-2019-18229 | 1 Advantech | 1 Wise-paas\/rmm | 2021-05-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information. | |||||
| CVE-2021-32099 | 1 Artica | 1 Pandora Fms | 2021-05-11 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass. | |||||
| CVE-2021-32104 | 1 Open-emr | 1 Openemr | 2021-05-11 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability exists (with user privileges) in interface/forms/eye_mag/save.php in OpenEMR 5.0.2.1. | |||||
| CVE-2021-32102 | 1 Open-emr | 1 Openemr | 2021-05-11 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability exists (with user privileges) in library/custom_template/ajax_code.php in OpenEMR 5.0.2.1. | |||||
| CVE-2020-15153 | 1 Ampache | 1 Ampache | 2021-05-09 | 7.5 HIGH | 9.8 CRITICAL |
| Ampache before version 4.2.2 allows unauthenticated users to perform SQL injection. Refer to the referenced GitHub Security Advisory for details and a workaround. This is fixed in version 4.2.2 and the development branch. | |||||
| CVE-2020-19109 | 1 Projectworlds | 1 Online Book Store Project In Php | 2021-05-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2020-19108 | 1 Projectworlds | 1 Online Book Store Project In Php | 2021-05-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2020-19107 | 1 Projectworlds | 1 Online Book Store Project In Php | 2021-05-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2020-19114 | 1 Projectworlds | 1 Online Book Store Project In Php | 2021-05-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2020-19112 | 1 Projectworlds | 1 Online Book Store Project In Php | 2021-05-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2020-19110 | 1 Projectworlds | 1 Online Book Store Project In Php | 2021-05-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2021-31856 | 1 Layer5 | 1 Meshery | 2021-05-06 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in GetMesheryPatterns in models/meshery_pattern_persister.go). | |||||
| CVE-2021-25153 | 1 Arubanetworks | 1 Airwave | 2021-05-05 | 5.5 MEDIUM | 8.1 HIGH |
| A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability. | |||||
| CVE-2020-18020 | 1 Phpshe | 1 Mall System | 2021-05-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the "user_phone" parameter of a crafted HTTP request to the "admin.php" component. | |||||