Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-29143 | 1 Open-emr | 1 Openemr | 2021-02-22 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection vulnerability in interface/reports/non_reported.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter. | |||||
| CVE-2021-26200 | 1 Library System Project | 1 Library System | 2021-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| The user area for Library System 1.0 is vulnerable to SQL injection where a user can bypass the authentication and login as the admin user. | |||||
| CVE-2020-29139 | 1 Open-emr | 1 Openemr | 2021-02-22 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection vulnerability in interface/main/finder/patient_select.php from library/patient.inc in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the searchFields parameter. | |||||
| CVE-2021-27234 | 1 Mutare | 1 Voice | 2021-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. The web application suffers from SQL injection on Adminlog.asp, Archivemsgs.asp, Deletelog.asp, Eventlog.asp, and Evmlog.asp. | |||||
| CVE-2020-24841 | 1 Sdg | 1 Pnpscada | 2021-02-19 | 7.5 HIGH | 9.8 CRITICAL |
| PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in /browse.jsp. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. | |||||
| CVE-2020-29142 | 1 Open-emr | 1 Openemr | 2021-02-18 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the schedule_facility parameter when restrict_user_facility=on is in global settings. | |||||
| CVE-2020-36003 | 1 Online Book Store Project | 1 Online Book Store | 2021-02-18 | 5.0 MEDIUM | 7.5 HIGH |
| The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases. | |||||
| CVE-2020-35765 | 1 Zohocorp | 1 Manageengine Applications Manager | 2021-02-17 | 6.5 MEDIUM | 8.8 HIGH |
| doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do. | |||||
| CVE-2021-26751 | 1 Nedi | 1 Nedi | 2021-02-14 | 4.0 MEDIUM | 8.8 HIGH |
| NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access to the NeDi application. | |||||
| CVE-2020-18215 | 1 Phpshe | 1 Phpshe | 2021-02-12 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.php via the (1) ad_id, (2) menu_id, and (3) cashout_id parameters, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2021-22658 | 1 Advantech | 1 Iview | 2021-02-12 | 7.5 HIGH | 9.8 CRITICAL |
| Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'. | |||||
| CVE-2021-22654 | 1 Advantech | 1 Iview | 2021-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information. | |||||
| CVE-2020-26051 | 1 College Management System Project | 1 College Management System | 2021-02-10 | 7.5 HIGH | 9.8 CRITICAL |
| College Management System Php 1.0 suffers from SQL injection vulnerabilities in the index.php page from POST parameters 'unametxt' and 'pwdtxt', which are not filtered before passing a SQL query. | |||||
| CVE-2020-16629 | 1 Phpok | 1 Phpok | 2021-02-10 | 7.5 HIGH | 9.8 CRITICAL |
| PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target path. | |||||
| CVE-2020-35700 | 1 Librenms | 1 Librenms | 2021-02-09 | 6.5 MEDIUM | 8.8 HIGH |
| A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-settings endpoint. | |||||
| CVE-2021-26754 | 1 Wpdatatables | 1 Wpdatatables | 2021-02-09 | 10.0 HIGH | 9.8 CRITICAL |
| wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=get_wdtable order[0][dir] SQL injection. | |||||
| CVE-2020-18717 | 1 Zzzcms | 1 Zzzphp | 2021-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzz_template.php. | |||||
| CVE-2021-20016 | 1 Sonicwall | 11 Sma 100, Sma 100 Firmware, Sma 200 and 8 more | 2021-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x. | |||||
| CVE-2020-18716 | 1 Rockoa | 1 Rockoa | 2021-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php. | |||||
| CVE-2020-18714 | 1 Rockoa | 1 Rockoa | 2021-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordModel.php's getdata function. | |||||