Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24140 | 1 Connekthq | 1 Ajax Load More | 2021-03-22 | 6.5 MEDIUM | 7.2 HIGH |
| Unvalidated input in the Ajax Load More WordPress plugin, versions before 5.3.2, lead to SQL Injection in POST /wp-admin/admin-ajax.php with param repeater=' or sleep(5)#&type=test. | |||||
| CVE-2021-24141 | 1 Sigmaplugin | 1 Advanced Database Cleaner | 2021-03-22 | 6.5 MEDIUM | 7.2 HIGH |
| Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users (admin+) to perform SQL attacks. | |||||
| CVE-2021-24143 | 1 Accesspressthemes | 1 Accesspress Social Icons | 2021-03-22 | 6.5 MEDIUM | 8.8 HIGH |
| Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections. | |||||
| CVE-2021-28381 | 1 Vhs Project | 1 Vhs | 2021-03-22 | 7.5 HIGH | 9.8 CRITICAL |
| The vhs (aka VHS: Fluid ViewHelpers) extension before 5.1.1 for TYPO3 allows SQL injection via isLanguageViewHelper. | |||||
| CVE-2020-24913 | 1 Qcubed | 1 Qcubed | 2021-03-22 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request. | |||||
| CVE-2021-28295 | 1 Online Ordering System Project | 1 Online Ordering System | 2021-03-22 | 5.0 MEDIUM | 7.5 HIGH |
| Online Ordering System 1.0 is vulnerable to unauthenticated SQL injection through /onlineordering/GPST/admin/design.php, which may lead to database information disclosure. | |||||
| CVE-2018-17254 | 1 Arkextensions | 1 Jck Editor | 2021-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter. | |||||
| CVE-2021-27947 | 1 Mybb | 1 Mybb | 2021-03-16 | 6.5 MEDIUM | 7.2 HIGH |
| SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. (issue 2 of 3). | |||||
| CVE-2021-27948 | 1 Mybb | 1 Mybb | 2021-03-16 | 6.5 MEDIUM | 7.2 HIGH |
| SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (issue 3 of 3). | |||||
| CVE-2020-24877 | 1 Zzzcms | 1 Zzzphp | 2021-03-16 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in zzzphp v1.8.0 through /form/index.php?module=getjson may lead to a possible access restriction bypass. | |||||
| CVE-2021-27581 | 1 Kentico | 1 Kentico Cms | 2021-03-15 | 7.5 HIGH | 9.8 CRITICAL |
| The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter. | |||||
| CVE-2021-23352 | 1 Madge Project | 1 Madge | 2021-03-13 | 7.5 HIGH | 9.8 CRITICAL |
| This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image(), .svg() or .dot() functions are called, is executed by the childprocess.exec function. | |||||
| CVE-2020-24791 | 1 Thedaylightstudio | 1 Fuel Cms | 2021-03-12 | 7.5 HIGH | 9.8 CRITICAL |
| FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. | |||||
| CVE-2021-26965 | 1 Arubanetworks | 1 Airwave | 2021-03-10 | 5.5 MEDIUM | 6.5 MEDIUM |
| A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database. | |||||
| CVE-2021-26966 | 1 Arubanetworks | 1 Airwave | 2021-03-10 | 5.5 MEDIUM | 6.5 MEDIUM |
| A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database. | |||||
| CVE-2020-35327 | 1 Courier Management System Project | 1 Courier Management System | 2021-03-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| SQL injection vulnerability was discovered in Courier Management System 1.0, which can be exploited via the ref_no (POST) parameter to admin_class.php | |||||
| CVE-2021-27314 | 1 Doctor Appointment System Project | 1 Doctor Appointment System | 2021-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page. | |||||
| CVE-2020-28657 | 1 Bittacora | 1 Bpanel | 2021-03-04 | 7.5 HIGH | 9.8 CRITICAL |
| In bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) are accessible without authentication and allow SQL injections, which could lead to platform compromise. | |||||
| CVE-2020-35329 | 1 Courier Management System Project | 1 Courier Management System | 2021-03-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Courier Management System 1.0 1.0 is affected by SQL Injection via 'MULTIPART street '. | |||||
| CVE-2021-26904 | 1 Isida | 1 Retriever | 2021-03-04 | 7.5 HIGH | 9.8 CRITICAL |
| LMA ISIDA Retriever 5.2 allows SQL Injection. | |||||