Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-19961 | 1 Zzcms | 1 Zzcms | 2021-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php. | |||||
| CVE-2021-40618 | 1 Os4ed | 1 Opensis | 2021-10-19 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1) ADDR_CONT_USRN, 2) ADDR_CONT_PSWD, 3) SECN_CONT_USRN or 4) SECN_CONT_PSWD parameters in HoldAddressFields.php. | |||||
| CVE-2021-33736 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | |||||
| CVE-2021-33735 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | |||||
| CVE-2021-33734 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | |||||
| CVE-2021-33732 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | |||||
| CVE-2021-33733 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | |||||
| CVE-2021-33731 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | |||||
| CVE-2021-33730 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | |||||
| CVE-2021-33729 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker that is able to import firmware containers to an affected system could execute arbitrary commands in the local database. | |||||
| CVE-2021-40543 | 1 Os4ed | 1 Opensis | 2021-10-18 | 7.5 HIGH | 9.8 CRITICAL |
| Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters $_GET['usrid'] and $_GET['prof_id'] in the PasswordCheck.php file. | |||||
| CVE-2021-24400 | 1 Wp-display-users Project | 1 Wp-display-users | 2021-10-18 | 6.5 MEDIUM | 7.2 HIGH |
| The Edit Role functionality in the Display Users WordPress plugin through 2.0.0 had an `id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. | |||||
| CVE-2021-36621 | 1 Online Covid Vaccination Scheduler System Project | 1 Online Covid Vaccination Scheduler System | 2021-10-18 | 6.8 MEDIUM | 8.1 HIGH |
| Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection. The username parameter is vulnerable to time-based SQL injection. Upon successful dumping the admin password hash, an attacker can decrypt and obtain the plain-text password. Hence, the attacker could authenticate as Administrator. | |||||
| CVE-2021-29004 | 1 Rconfig | 1 Rconfig | 2021-10-16 | 6.5 MEDIUM | 8.8 HIGH |
| rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely. | |||||
| CVE-2020-21726 | 1 Opensns | 1 Opensns | 2021-10-15 | 7.5 HIGH | 9.8 CRITICAL |
| OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the cid parameter. | |||||
| CVE-2020-21725 | 1 Opensns | 1 Opensns | 2021-10-15 | 7.5 HIGH | 9.8 CRITICAL |
| OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the pid parameter. | |||||
| CVE-2021-41920 | 1 Webtareas Project | 1 Webtareas | 2021-10-15 | 5.0 MEDIUM | 7.5 HIGH |
| webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. This allows an attacker to access all the data in the database and obtain access to the webTareas application. | |||||
| CVE-2021-29798 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more | 2021-10-14 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 203734. | |||||
| CVE-2021-29903 | 1 Ibm | 1 Sterling B2b Integrator | 2021-10-14 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 207506. | |||||
| CVE-2021-25482 | 1 Google | 1 Android | 2021-10-13 | 3.6 LOW | 4.4 MEDIUM |
| SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1 allow untrusted application to overwrite some CMFA framework information. | |||||