Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-18713 | 1 Rockoa | 1 Rockoa | 2021-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php | |||||
| CVE-2020-29163 | 1 Rainbowfishsoftware | 1 Pacsone Server | 2021-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by SQL injection. | |||||
| CVE-2020-5427 | 1 Vmware | 1 Spring Cloud Data Flow | 2021-02-04 | 6.5 MEDIUM | 7.2 HIGH |
| In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution. | |||||
| CVE-2020-21176 | 1 Thinkjs | 1 Thinkjs | 2021-02-03 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter. | |||||
| CVE-2020-5428 | 1 Vmware | 1 Spring Cloud Task | 2021-02-03 | 6.5 MEDIUM | 6.0 MEDIUM |
| In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer. | |||||
| CVE-2020-35263 | 1 Egavilanmedia | 1 User Registration And Login System With Admin Panel | 2021-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| EgavilanMedia User Registration & Login System 1.0 is affected by SQL injection to the admin panel, which may allow arbitrary code execution. | |||||
| CVE-2020-20296 | 1 Cmswing | 1 Cmswing | 2021-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands. | |||||
| CVE-2020-20295 | 1 Cmswing | 1 Cmswing | 2021-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands. | |||||
| CVE-2020-20294 | 1 Cmswing | 1 Cmswing | 2021-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands. | |||||
| CVE-2020-21180 | 1 Koa2-blog Project | 1 Koa2-blog | 2021-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signup page. | |||||
| CVE-2020-21179 | 1 Koa2-blog Project | 1 Koa2-blog | 2021-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signin page. | |||||
| CVE-2020-35270 | 1 Student Result Management System Project | 1 Student Result Management System | 2021-02-01 | 6.4 MEDIUM | 9.1 CRITICAL |
| Student Result Management System In PHP With Source Code is affected by SQL injection. An attacker can able to access of Admin Panel and manage every account of Result. | |||||
| CVE-2017-5611 | 3 Debian, Oracle, Wordpress | 3 Debian Linux, Data Integrator, Wordpress | 2021-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name. | |||||
| CVE-2018-7318 | 2 Belitsoft, Oracle | 2 Checklist, Data Integrator | 2021-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter. | |||||
| CVE-2018-9019 | 2 Dolibarr, Oracle | 2 Dolibarr, Data Integrator | 2021-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php. | |||||
| CVE-2021-3286 | 1 Spotweb Project | 1 Spotweb | 2021-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545. | |||||
| CVE-2020-23262 | 1 Mingsoft | 1 Mcms | 2021-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ming-soft MCMS v5.0, where a malicious user can exploit SQL injection without logging in through /mcms/view.do. | |||||
| CVE-2021-22847 | 1 Hyweb | 1 Hycms-j1 | 2021-01-28 | 6.5 MEDIUM | 8.8 HIGH |
| Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege. | |||||
| CVE-2021-1222 | 1 Cisco | 1 Smart Software Manager On-prem | 2021-01-28 | 5.5 MEDIUM | 8.1 HIGH |
| A vulnerability in the web-based management interface of Cisco Smart Software Manager Satellite could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates values within SQL queries. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database or the operating system. | |||||
| CVE-2021-1225 | 1 Cisco | 1 Sd-wan Vmanage | 2021-01-27 | 6.4 MEDIUM | 9.1 CRITICAL |
| Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities exist because the web-based management interface improperly validates values in SQL queries. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database or the operating system. | |||||