Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2323 | 4 Debian, Lighttpd, Opensuse and 1 more | 5 Debian Linux, Lighttpd, Opensuse and 2 more | 2021-02-26 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname. | |||||
| CVE-2021-26686 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2021-02-26 | 5.5 MEDIUM | 6.5 MEDIUM |
| A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database. | |||||
| CVE-2020-24617 | 1 Mailtrain | 1 Mailtrain | 2021-02-25 | 6.0 MEDIUM | 8.8 HIGH |
| Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns.js via /campaigns/clicked/ajax because variable column names are not properly escaped. | |||||
| CVE-2017-1000060 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-25 | 10.0 HIGH | 9.8 CRITICAL |
| EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root | |||||
| CVE-2021-22856 | 1 Changjia Property Management System Project | 1 Changjia Property Management System | 2021-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| The CGE property management system contains SQL Injection vulnerabilities. Remote attackers can inject SQL commands into the parameters in Cookie and obtain data in the database without privilege. | |||||
| CVE-2021-22854 | 1 Hr Portal Project | 1 Hr Portal | 2021-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege. | |||||
| CVE-2021-27124 | 1 Doctor Appointment System Project | 1 Doctor Appointment System | 2021-02-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack. | |||||
| CVE-2021-25779 | 1 Baby Care System Project | 1 Baby Care System | 2021-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| Baby Care System v1.0 is vulnerable to SQL injection via the 'id' parameter on the contentsectionpage.php page. | |||||
| CVE-2020-9465 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the user_id field in a cookie. | |||||
| CVE-2020-27886 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to exploit the username_available function of the includes/functions.php file (which is called by login.php). | |||||
| CVE-2017-15880 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group). | |||||
| CVE-2017-15933 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php. | |||||
| CVE-2017-14402 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT CREATION" section, related to lack of input validation in include/function.php. | |||||
| CVE-2017-14252 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the group_id cookie to side.php. | |||||
| CVE-2017-14401 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT UPDATE" section. | |||||
| CVE-2017-14247 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue to CVE-2017-1000060. | |||||
| CVE-2017-14403 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php. | |||||
| CVE-2017-16000 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capacity_per_label/index.php. | |||||
| CVE-2021-26201 | 1 Casap Automated Enrollment System Project | 1 Casap Automated Enrollment System | 2021-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| The Login Panel of CASAP Automated Enrollment System 1.0 is vulnerable to SQL injection authentication bypass. An attacker can obtain access to the admin panel by injecting a SQL query in the username field of the login page. | |||||
| CVE-2020-29140 | 1 Open-emr | 1 Openemr | 2021-02-22 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection vulnerability in interface/reports/immunization_report.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter. | |||||