Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8967 | 1 Gesio | 1 Erp | 2020-06-04 | 7.5 HIGH | 9.8 CRITICAL |
| There is an improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability in php files of GESIO ERP. GESIO ERP all versions prior to 11.2 allows malicious users to retrieve all database information. | |||||
| CVE-2013-3527 | 1 Vanillaforums | 1 Vanilla | 2020-06-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest. | |||||
| CVE-2018-7315 | 1 Harmistechnology | 1 Ek Rishta | 2020-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the gender, age1, age2, religion, mothertounge, caste, or country parameter. | |||||
| CVE-2014-4928 | 1 Invisioncommunity | 1 Invision Power Board | 2020-06-03 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the cId parameter. | |||||
| CVE-2014-9239 | 2 Invisioncommunity, Invisionpower | 2 Invision Power Board, Invision Power Board | 2020-06-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter. | |||||
| CVE-2009-3974 | 1 Invisioncommunity | 1 Invision Power Board | 2020-06-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Invision Power Board (IPB or IP.Board) 3.0.0, 3.0.1, and 3.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) search_term parameter to admin/applications/core/modules_public/search/search.php and (2) aid parameter to admin/applications/core/modules_public/global/lostpass.php. NOTE: on 20090818, the vendor patched 3.0.2 without changing the version number. | |||||
| CVE-2014-8941 | 1 Piwigo | 1 Lexiglot | 2020-06-02 | 7.5 HIGH | 9.8 CRITICAL |
| Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI. | |||||
| CVE-2020-3184 | 1 Cisco | 1 Prime Collaboration Provisioning | 2020-05-27 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates user input for specific SQL queries. An attacker could exploit this vulnerability by authenticating to the application with valid administrative credentials and sending malicious requests to an affected system. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, or delete information from the database that they are not authorized to delete. | |||||
| CVE-2020-13433 | 1 Adminpanel Project | 1 Adminpanel | 2020-05-27 | 7.5 HIGH | 9.8 CRITICAL |
| Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php hidden parameter. | |||||
| CVE-2020-12034 | 1 Rockwellautomation | 5 Eds Subsystem, Rslinx, Rslinx Enterprise and 2 more | 2020-05-22 | 4.8 MEDIUM | 8.2 HIGH |
| Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior, RSNetWorx software: Version 28.00.00 and prior, Studio 5000 Logix Designer software: Version 32 and prior) is vulnerable.The EDS subsystem does not provide adequate input sanitation, which may allow an attacker to craft specialized EDS files to inject SQL queries and manipulate the database storing the EDS files. This can lead to denial-of-service conditions. | |||||
| CVE-2017-9730 | 1 Dfsol | 1 Nuevomailer | 2020-05-22 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the "r" parameter. | |||||
| CVE-2018-18761 | 1 Saltos | 1 Saltos | 2020-05-20 | 7.5 HIGH | 9.8 CRITICAL |
| SaltOS 3.1 r8126 allows action=login&querystring=&user=[SQL] SQL Injection. | |||||
| CVE-2020-13118 | 1 Mikrotik-router-monitoring-system Project | 1 Mikrotik-router-monitoring-system | 2020-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mikrotik-Router-Monitoring-System through 2018-10-22. SQL Injection exists in check_community.php via the parameter community. | |||||
| CVE-2020-4345 | 1 Ibm | 1 I | 2020-05-18 | 1.9 LOW | 3.3 LOW |
| IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a specific set of circumstances may allow a local user to obtain sensitive information that they should not have access to. IBM X-Force ID: 178318. | |||||
| CVE-2020-6249 | 1 Sap | 3 Master Data Governance \(s4core\), Master Data Governance \(s4fnd\), Master Data Governance \(sap Bs Fnd\) | 2020-05-15 | 6.5 MEDIUM | 8.8 HIGH |
| The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection. | |||||
| CVE-2020-6253 | 1 Sap | 1 Adaptive Server Enterprise | 2020-05-15 | 6.5 MEDIUM | 7.2 HIGH |
| Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute, leading to SQL Injection. | |||||
| CVE-2019-18866 | 1 Blaauwproducts | 1 Remote Kiln Control | 2020-05-15 | 5.0 MEDIUM | 7.5 HIGH |
| Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3.00r4 allows a user to extract arbitrary data from the rkc database. | |||||
| CVE-2020-6241 | 1 Sap | 1 Adaptive Server Enterprise | 2020-05-14 | 6.5 MEDIUM | 8.8 HIGH |
| SAP Adaptive Server Enterprise, version 16.0, allows an authenticated user to execute crafted database queries to elevate privileges of users in the system, leading to SQL Injection. | |||||
| CVE-2020-11530 | 1 Idangero | 1 Chop Slider | 2020-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user. | |||||
| CVE-2020-12766 | 1 Solis | 1 Gnuteca | 2020-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| Gnuteca 3.8 allows action=main:search:simpleSearch SQL Injection via the exemplaryStatusId parameter. | |||||