Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-27481 | 1 Goodlayers | 1 Good Learning Management System | 2020-11-23 | 7.5 HIGH | 9.8 CRITICAL |
| An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the usage of "wp_ajax_nopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlr_lms_cancel_booking" where POST Parameter "id" was sent straight into SQL query without sanitization. | |||||
| CVE-2020-4647 | 1 Ibm | 1 Sterling File Gateway | 2020-11-23 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. | |||||
| CVE-2020-4655 | 1 Ibm | 1 Sterling B2b Integrator | 2020-11-23 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 186091. | |||||
| CVE-2020-28138 | 1 Online Clothing Store Project | 1 Online Clothing Store | 2020-11-23 | 7.5 HIGH | 9.8 CRITICAL |
| SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php. | |||||
| CVE-2020-13769 | 1 Ivanti | 1 Endpoint Manager | 2020-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request. | |||||
| CVE-2020-5659 | 1 Riken | 1 Xoonips | 2020-11-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the XooNIps 3.49 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2020-26805 | 1 Sapplica | 1 Sentrifugo | 2020-11-17 | 6.5 MEDIUM | 7.2 HIGH |
| In Sentrifugo 3.2, admin can edit employee's informations via this endpoint --> /sentrifugo/index.php/empadditionaldetails/edit/userid/2. In this POST request, "employeeNumId" parameter is affected by SQLi vulnerability. Attacker can inject SQL commands into query, read data from database or write data into the database. | |||||
| CVE-2011-2688 | 3 Apache, Debian, Mod Authnz External Project | 3 Http Server, Debian Linux, Mod Authnz External | 2020-11-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field. | |||||
| CVE-2020-24400 | 1 Magento | 1 Magento | 2020-11-12 | 5.5 MEDIUM | 7.1 HIGH |
| Magento versions 2.4.0 and 2.3.5 (and earlier) are affected by an SQL Injection vulnerability that could lead to sensitive information disclosure. This vulnerability could be exploited by an authenticated user with permissions to the product listing page to read data from the database. | |||||
| CVE-2020-5504 | 3 Debian, Phpmyadmin, Suse | 3 Debian Linux, Phpmyadmin, Suse Linux Enterprise Server | 2020-11-10 | 6.5 MEDIUM | 8.8 HIGH |
| In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server. | |||||
| CVE-2020-28115 | 1 Web-audimex | 1 Audimexee | 2020-11-10 | 6.5 MEDIUM | 8.8 HIGH |
| SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the object_path parameter. | |||||
| CVE-2018-19952 | 1 Qnap | 2 Music Station, Qts | 2020-11-04 | 5.0 MEDIUM | 7.5 HIGH |
| If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. | |||||
| CVE-2020-7759 | 1 Pimcore | 1 Pimcore | 2020-11-03 | 6.5 MEDIUM | 7.2 HIGH |
| The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the following request: http://vulnerable.pimcore.example/admin/classificationstore/relations?relationIds=[{"keyId"%3a"''","groupId"%3a"'asd'))+or+1%3d1+union+(select+1,2,3,4,5,6,name,8,password,'',11,12,'',14+from+users)+--+"}] | |||||
| CVE-2020-27995 | 1 Zohocorp | 1 Manageengine Applications Manager | 2020-11-03 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter. | |||||
| CVE-2020-25034 | 1 Fireeye | 2 Email Malware Protection System, Ex 3500 | 2020-10-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| eMPS prior to eMPS 9.0 FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort, sort_by, search{URL], or search[attachment] parameter to the email search feature. | |||||
| CVE-2020-5651 | 1 Tipsandtricks-hq | 1 Simple Download Monitor | 2020-10-27 | 6.8 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL. | |||||
| CVE-2020-23945 | 1 Victor Cms Project | 1 Victor Cms | 2020-10-27 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL injection vulnerability exists in Victor CMS V1.0 in the cat_id parameter of the category.php file. This parameter can be used by sqlmap to obtain data information in the database. | |||||
| CVE-2016-3046 | 1 Ibm | 5 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile, Security Access Manager For Mobile Appliance and 2 more | 2020-10-27 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Access Manager for Web is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements which could allow the attacker to view information in the back-end database. | |||||
| CVE-2020-26944 | 2 Aptean, Microsoft | 2 Product Configurator, Windows | 2020-10-26 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Aptean Product Configurator 4.61.0000 on Windows. A Time based SQL injection affects the nameTxt parameter on the main login page (aka cse?cmd=LOGIN). This can be exploited directly, and remotely. | |||||
| CVE-2020-27615 | 1 Loginizer | 1 Loginizer | 2020-10-23 | 7.5 HIGH | 9.8 CRITICAL |
| The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip. | |||||