Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-30459 | 1 Jazzband | 1 Django Debug Toolbar | 2021-04-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form. | |||||
| CVE-2008-5197 | 1 Php-fusion | 1 Php-fusion | 2021-04-21 | 7.5 HIGH | N/A |
| SQL injection vulnerability in classifieds.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the lid parameter in a detail_adverts action. | |||||
| CVE-2021-28157 | 1 Devolutions | 1 Devolutions Server | 2021-04-21 | 6.5 MEDIUM | 7.2 HIGH |
| An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete. | |||||
| CVE-2016-2386 | 1 Sap | 1 Netweaver Application Server Java | 2021-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079. | |||||
| CVE-2017-7717 | 1 Sap | 1 Netweaver Application Server Java | 2021-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504. | |||||
| CVE-2021-26830 | 1 Tribalsystems | 1 Zenario | 2021-04-19 | 6.4 MEDIUM | 9.1 CRITICAL |
| SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module. | |||||
| CVE-2021-27130 | 1 Online Reviewer System Project | 1 Online Reviewer System | 2021-04-19 | 7.5 HIGH | 9.8 CRITICAL |
| Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload. | |||||
| CVE-2021-28142 | 1 Citsmart | 1 Citsmart | 2021-04-19 | 6.5 MEDIUM | 8.8 HIGH |
| CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete." | |||||
| CVE-2013-5957 | 1 Civicrm | 1 Civicrm | 2021-04-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location.php in CiviCRM before 4.2.12, 4.3.x before 4.3.7, and 4.4.x before 4.4.beta4 allow remote attackers to execute arbitrary SQL commands via the _value parameter to (1) ajax/jqState or (2) ajax/jqcounty. | |||||
| CVE-2008-3223 | 2 Drupal, Fedoraproject | 2 Drupal, Fedora | 2021-04-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields." | |||||
| CVE-2021-30175 | 1 Zerof | 1 Web Server | 2021-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /HandleEvent endpoint for the login page. | |||||
| CVE-2021-30176 | 1 Zerof | 1 Expert | 2021-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| The ZEROF Expert pro/2.0 application for mobile devices allows SQL Injection via the Authorization header to the /v2/devices/add endpoint. | |||||
| CVE-2021-30177 | 1 Phpnuke | 1 Php-nuke | 2021-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE. | |||||
| CVE-2021-24200 | 1 Tms-outsource | 1 Wpdatatables | 2021-04-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'length' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application. | |||||
| CVE-2021-24199 | 1 Tms-outsource | 1 Wpdatatables | 2021-04-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'start' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application. | |||||
| CVE-2021-28925 | 1 Nagios | 1 Network Analyzer | 2021-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Nagios Network Analyzer before 2.4.3 via the o[col] parameter to api/checks/read/. | |||||
| CVE-2020-23763 | 1 Online Book Store Project | 1 Online Book Store | 2021-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication. | |||||
| CVE-2014-8248 | 1 Broadcom | 1 Release Automation | 2021-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote authenticated users to execute arbitrary SQL commands via a crafted query. | |||||
| CVE-2018-13824 | 2 Broadcom, Ca | 2 Project Portfolio Management, Project Portfolio Management | 2021-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks. | |||||
| CVE-2018-9029 | 1 Broadcom | 1 Privileged Access Manager | 2021-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks. | |||||