Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15971 | 1 Softdatepro | 1 Same Date Pro | 2020-08-19 | 7.5 HIGH | 9.8 CRITICAL |
| Same Sex Dating Software Pro 1.0 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15972. | |||||
| CVE-2013-2745 | 2 Debian, Minidlna Project | 2 Debian Linux, Minidlna | 2020-08-18 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0 | |||||
| CVE-2019-10208 | 1 Postgresql | 1 Postgresql | 2020-08-17 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. | |||||
| CVE-2020-7356 | 1 Cayintech | 1 Xpost | 2020-08-12 | 10.0 HIGH | 9.8 CRITICAL |
| CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinder_seqid' in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands. | |||||
| CVE-2020-16277 | 1 Carson-saint | 1 Saint Security Suite | 2020-08-11 | 6.5 MEDIUM | 8.8 HIGH |
| An SQL injection vulnerability in the Analytics component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database. | |||||
| CVE-2020-16276 | 1 Carson-saint | 1 Saint Security Suite | 2020-08-11 | 6.5 MEDIUM | 8.8 HIGH |
| An SQL injection vulnerability in the Assets component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database. | |||||
| CVE-2008-3784 | 2 Btitracker Project, Xbtitracker Project | 2 Btitracker, Xbtitracker | 2020-08-06 | 7.5 HIGH | N/A |
| SQL injection vulnerability in scrape.php in BtiTracker 1.4.7 and earlier and xBtiTracker 2.0.542 and earlier allows remote attackers to execute arbitrary SQL commands via the info_hash parameter. | |||||
| CVE-2020-16165 | 1 Springblade Project | 1 Springblade | 2020-08-05 | 7.5 HIGH | 9.8 CRITICAL |
| The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters. | |||||
| CVE-2015-9098 | 1 Red-gate | 1 Sql Monitor | 2020-08-04 | 10.0 HIGH | 9.8 CRITICAL |
| In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monitor is connecting to these machines using an account with SQL admin privileges, then code execution on the operating system can result in full system compromise (if Microsoft SQL Server is running with local administrator privileges). | |||||
| CVE-2020-4328 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2020-08-04 | 6.5 MEDIUM | 6.3 MEDIUM |
| IBM Financial Transaction Manager 3.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 177839. | |||||
| CVE-2020-10983 | 1 Gambio | 1 Gambio Gx | 2020-07-31 | 4.0 MEDIUM | 4.9 MEDIUM |
| Gambio GX before 4.0.1.0 allows SQL Injection in admin/mobile.php. | |||||
| CVE-2020-10982 | 1 Gambio | 1 Gambio Gx | 2020-07-31 | 4.0 MEDIUM | 4.9 MEDIUM |
| Gambio GX before 4.0.1.0 allows SQL Injection in admin/gv_mail.php. | |||||
| CVE-2015-7714 | 1 Realtyna | 1 Realtyna Property Listing | 2020-07-30 | 6.5 MEDIUM | 7.2 HIGH |
| Multiple SQL injection vulnerabilities in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allow remote administrators to execute arbitrary SQL commands via the (1) id, (2) copy_field in a data_copy action, (3) pshow in an update_field action, (4) css, (5) tip, (6) cat_id, (7) text_search, (8) plisting, or (9) pwizard parameter to administrator/index.php. | |||||
| CVE-2020-15713 | 1 Rconfig | 1 Rconfig | 2020-07-28 | 6.5 MEDIUM | 8.8 HIGH |
| rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.php script using the sortBy parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database. | |||||
| CVE-2020-15714 | 1 Rconfig | 1 Rconfig | 2020-07-28 | 6.5 MEDIUM | 8.8 HIGH |
| rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.crud.php script using the custom_Location parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database. | |||||
| CVE-2016-9488 | 1 Manageengine | 1 Applications Manager | 2020-07-27 | 7.5 HIGH | 9.8 CRITICAL |
| ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users' password hashes, which are MD5 hashes without salt, and, depending on the database type and its configuration, could also execute operating system commands using SQL queries. | |||||
| CVE-2017-11738 | 1 Zohocorp | 1 Manageengine Applications Manager | 2020-07-27 | 6.8 MEDIUM | 8.1 HIGH |
| In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack. | |||||
| CVE-2020-15924 | 1 Midasolutions | 1 Eframework | 2020-07-27 | 5.0 MEDIUM | 7.5 HIGH |
| There is a SQL Injection in Mida eFramework through 2.9.0 that leads to Information Disclosure. No authentication is required. The injection point resides in one of the authentication parameters. | |||||
| CVE-2020-15884 | 1 Munkireport Project | 1 Munkireport | 2020-07-27 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability in TableQuery.php in MunkiReport before 5.6.3 allows attackers to execute arbitrary SQL commands via the order[0][dir] field on POST requests to /datatables/data. | |||||
| CVE-2020-3468 | 1 Cisco | 1 Sd-wan Firmware | 2020-07-23 | 5.5 MEDIUM | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates values within SQL queries. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database or the operating system. | |||||