Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46017 | 1 Code-projects | 1 Blood Bank | 2023-11-16 | N/A | 5.5 MEDIUM |
| SQL Injection vulnerability in receiverLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via 'remail' and 'rpassword' parameters. | |||||
| CVE-2021-43609 | 1 Spiceworks | 1 Help Desk Server | 2023-11-16 | N/A | 8.8 HIGH |
| An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A Blind Boolean SQL injection vulnerability within the order_by_for_ticket function in app/models/reporting/database_query.rb allows an authenticated attacker to execute arbitrary SQL commands via the sort parameter. This can be leveraged to leak local files from the host system, leading to remote code execution (RCE) through deserialization of malicious data. | |||||
| CVE-2021-4088 | 1 Mcafee | 1 Data Loss Prevention | 2023-11-15 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead to remote code execution on the ePO server with privilege escalation. | |||||
| CVE-2022-0842 | 1 Mcafee | 1 Epolicy Orchestrator | 2023-11-15 | 4.0 MEDIUM | 4.9 MEDIUM |
| A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. The data obtained is dependent on the privileges the attacker has and to obtain sensitive data the attacker would require administrator privileges. | |||||
| CVE-2022-1258 | 1 Mcafee | 1 Agent | 2023-11-15 | 6.0 MEDIUM | 7.2 HIGH |
| A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server. | |||||
| CVE-2021-31849 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2023-11-15 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker logged into ePO as an administrator to inject arbitrary SQL into the ePO database through the user management section of the DLP ePO extension. | |||||
| CVE-2020-5307 | 1 Phpgurukul | 1 Dairy Farm Shop Management System | 2023-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php. | |||||
| CVE-2021-27545 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2023-11-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter. | |||||
| CVE-2023-37687 | 1 Phpgurukul | 1 Online Nurse Hiring System | 2023-11-14 | N/A | 7.2 HIGH |
| Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the View Request of Nurse Page in the Admin portal. | |||||
| CVE-2021-26762 | 1 Phpgurukul | 1 Student Record System | 2023-11-14 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php. | |||||
| CVE-2021-26765 | 1 Phpgurukul | 1 Student Record System | 2023-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the sid parameter to edit-sub.php. | |||||
| CVE-2021-26764 | 1 Phpgurukul | 1 Student Record System | 2023-11-14 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in PHPGurukul Student Record System v 4.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit-std.php. | |||||
| CVE-2021-42224 | 1 Phpgurukul | 1 Ifsc Code Finder | 2023-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php. | |||||
| CVE-2020-35151 | 1 Phpgurukul | 1 Online Marriage Registration System | 2023-11-14 | 6.5 MEDIUM | 8.8 HIGH |
| The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection. | |||||
| CVE-2021-26822 | 1 Phpgurukul | 1 Teachers Record Management System | 2023-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in 'searchteacher' POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthenticated attacker to leak sensitive information and perform code execution attacks. | |||||
| CVE-2022-36198 | 1 Phpgurukul | 1 Bus Pass Management System | 2023-11-14 | N/A | 9.8 CRITICAL |
| Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/admin/search-pass.php, buspassms/admin/edit-category-detail.php, and buspassms/admin/edit-pass-detail.php | |||||
| CVE-2023-42284 | 1 Tyk | 1 Tyk | 2023-11-14 | N/A | 9.8 CRITICAL |
| Blind SQL injection in api_version parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query. | |||||
| CVE-2020-25487 | 1 Phpgurukul | 1 Zoo Management System | 2023-11-14 | 4.6 MEDIUM | 7.8 HIGH |
| PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php. | |||||
| CVE-2022-27992 | 1 Phpgurukul | 1 Zoo Management System | 2023-11-14 | 6.5 MEDIUM | 8.8 HIGH |
| Zoo Management System v1.0 was discovered to contain a SQL injection vulnerability at /public_html/animals via the class_id parameter. | |||||
| CVE-2022-2803 | 1 Phpgurukul | 1 Zoo Management System | 2023-11-14 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Zoo Management System and classified as critical. This issue affects some unknown processing of the file /pages/animals.php. The manipulation of the argument class_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206249 was assigned to this vulnerability. | |||||