Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42169 | 1 Simple Payroll System With Dynamic Tax Bracket Project | 1 Simple Payroll System With Dynamic Tax Bracket | 2021-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parameter (username) from the login form is not protected correctly and there is no security and escaping from malicious payloads. | |||||
| CVE-2019-7164 | 5 Debian, Opensuse, Oracle and 2 more | 9 Debian Linux, Backports Sle, Leap and 6 more | 2021-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. | |||||
| CVE-2021-43679 | 1 Shopex | 1 Ecshop | 2021-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api.php. | |||||
| CVE-2021-36328 | 1 Dell | 1 Emc Streaming Data Platform | 2021-12-01 | 6.5 MEDIUM | 8.8 HIGH |
| Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information from the database. | |||||
| CVE-2021-41511 | 1 Lodging Reservation Management System Project | 1 Lodging Reservation Management System | 2021-11-30 | 7.5 HIGH | 9.8 CRITICAL |
| The username and password field of login in Lodging Reservation Management System V1 can give access to any user by using SQL injection to bypass authentication. | |||||
| CVE-2021-42666 | 1 Engineers Online Portal Project | 1 Engineers Online Portal | 2021-11-30 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to quiz_question.php, which could let a malicious user extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server. | |||||
| CVE-2021-41947 | 1 Intelliants | 1 Subrion Cms | 2021-11-30 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode. | |||||
| CVE-2019-7548 | 5 Debian, Opensuse, Oracle and 2 more | 9 Debian Linux, Backports Sle, Leap and 6 more | 2021-11-30 | 6.8 MEDIUM | 7.8 HIGH |
| SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. | |||||
| CVE-2021-36807 | 1 Sophos | 1 Unified Threat Management Up2date | 2021-11-30 | 6.5 MEDIUM | 8.8 HIGH |
| An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8. | |||||
| CVE-2021-41678 | 1 Os4ed | 1 Opensis | 2021-11-30 | 6.8 MEDIUM | 9.8 CRITICAL |
| A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/users/Staff.php, staff{TITLE] parameter. | |||||
| CVE-2021-41679 | 1 Os4ed | 1 Opensis | 2021-11-30 | 6.8 MEDIUM | 9.8 CRITICAL |
| A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/grades/InputFinalGrades.php, period parameter. | |||||
| CVE-2021-41677 | 1 Os4ed | 1 Opensis | 2021-11-30 | 6.8 MEDIUM | 9.8 CRITICAL |
| A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/functions/GetStuListFnc.php &Grade= parameter. | |||||
| CVE-2021-44427 | 1 Rosariosis | 1 Rosariosis | 2021-11-30 | 7.5 HIGH | 9.8 CRITICAL |
| An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter. | |||||
| CVE-2021-24889 | 1 Ninjaforms | 1 Ninja Forms | 2021-11-29 | 6.5 MEDIUM | 7.2 HIGH |
| The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks | |||||
| CVE-2021-24860 | 1 Bannersky | 1 Bsk Pdf Manager | 2021-11-29 | 6.5 MEDIUM | 7.2 HIGH |
| The BSK PDF Manager WordPress plugin before 3.1.2 does not validate and escape the orderby and order parameters before using them in a SQL statement, leading to a SQL injection issue | |||||
| CVE-2021-24755 | 1 Mycred | 1 Mycred | 2021-11-29 | 6.5 MEDIUM | 8.8 HIGH |
| The myCred WordPress plugin before 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user | |||||
| CVE-2021-24748 | 1 Mandsconsulting | 1 Email Before Download | 2021-11-29 | 6.5 MEDIUM | 8.8 HIGH |
| The Email Before Download WordPress plugin before 6.8 does not properly validate and escape the order and orderby GET parameters before using them in SQL statements, leading to authenticated SQL injection issues | |||||
| CVE-2021-42667 | 1 Online Event Booking And Reservation System Project | 1 Online Event Booking And Reservation System | 2021-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web server and in some cases he can use this vulnerability in order to get a remote code execution on the remote web server. | |||||
| CVE-2021-38840 | 1 Simple Water Refilling Station Management System Project | 1 Simple Water Refilling Station Management System | 2021-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection can occur in Simple Water Refilling Station Management System 1.0 via the water_refilling/classes/Login.php username parameter. | |||||
| CVE-2021-38727 | 1 Thedaylightstudio | 1 Fuel Cms | 2021-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items | |||||