Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3264 | 1 Cxuu | 1 Cxuucms | 2021-09-01 | 6.5 MEDIUM | 7.2 HIGH |
| SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php. | |||||
| CVE-2021-39376 | 1 Philips | 1 Tasy Electronic Medical Record | 2021-08-31 | 6.5 MEDIUM | 8.8 HIGH |
| Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the CorCad_F2/executaConsultaEspecifico IE_CORPO_ASSIST or CD_USUARIO_CONVENIO parameter. | |||||
| CVE-2021-37538 | 1 Smartdatasoft | 1 Smartblog | 2021-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to execute arbitrary SQL commands via the day, month, or year parameter to the controllers/front/archive.php archive controller, or the id_category parameter to the controllers/front/category.php category controller. | |||||
| CVE-2021-36385 | 1 Cerner | 1 Mobile Care | 2021-08-31 | 10.0 HIGH | 9.8 CRITICAL |
| A SQL Injection vulnerability in Cerner Mobile Care 5.0.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via a Fullwidth Apostrophe (aka U+FF07) in the default.aspx User ID field. Arbitrary system commands can be executed through the use of xp_cmdshell. | |||||
| CVE-2021-24557 | 1 Nimble3 | 1 M-vslider | 2021-08-30 | 6.5 MEDIUM | 7.2 HIGH |
| The update functionality in the rslider_page uses an rs_id POST parameter which is not validated, sanitised or escaped before being inserted in sql query, therefore leading to SQL injection for users having Administrator role. | |||||
| CVE-2021-24497 | 1 Satollo | 1 Giveaway | 2021-08-30 | 6.5 MEDIUM | 7.2 HIGH |
| The Giveaway WordPress plugin through 1.2.2 is vulnerable to an SQL Injection issue which allows an administrative user to execute arbitrary SQL commands via the $post_id on the options.php page. | |||||
| CVE-2021-36748 | 1 Prestahome | 1 Blog | 2021-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL Injection issue in the list controller of the Prestahome Blog (aka ph_simpleblog) module before 1.7.8 for Prestashop allows a remote attacker to extract data from the database via the sb_category parameter. | |||||
| CVE-2021-37358 | 1 Seacms | 1 Seacms | 2021-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in SEACMS v210530 (2021-05-30) allows remote attackers to execute arbitrary code via the component "admin_ajax.php?action=checkrepeat&v_name=". | |||||
| CVE-2020-20675 | 1 Nuishop | 1 Nuishop | 2021-08-27 | 7.5 HIGH | 9.8 CRITICAL |
| Nuishop v2.3 contains a SQL injection vulnerability in /goods/getGoodsListByConditions/. | |||||
| CVE-2020-18477 | 1 Hucart | 1 Hucart | 2021-08-27 | 6.5 MEDIUM | 8.8 HIGH |
| SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enquiry field found in the Message con_content field. | |||||
| CVE-2020-18476 | 1 Hucart | 1 Hucart | 2021-08-27 | 6.5 MEDIUM | 8.8 HIGH |
| SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic information field found in the avatar usd_image field. | |||||
| CVE-2021-24550 | 1 Broken Link Manager Project | 1 Broken Link Manager | 2021-08-26 | 6.5 MEDIUM | 7.2 HIGH |
| The Broken Link Manager WordPress plugin through 0.6.5 does not sanitise, validate or escape the url GET parameter before using it in a SQL statement when retrieving an URL to edit, leading to an authenticated SQL injection issue | |||||
| CVE-2021-24551 | 1 Edit Comments Project | 1 Edit Comments | 2021-08-26 | 7.5 HIGH | 9.8 CRITICAL |
| The Edit Comments WordPress plugin through 0.3 does not sanitise, validate or escape the jal_edit_comments GET parameter before using it in a SQL statement, leading to a SQL injection issue | |||||
| CVE-2021-24552 | 1 Simple Events Calendar Project | 1 Simple Events Calendar | 2021-08-26 | 6.5 MEDIUM | 7.2 HIGH |
| The Simple Events Calendar WordPress plugin through 1.4.0 does not sanitise, validate or escape the event_id POST parameter before using it in a SQL statement when deleting events, leading to an authenticated SQL injection issue | |||||
| CVE-2021-24553 | 1 Timeline Calendar Project | 1 Timeline Calendar | 2021-08-26 | 6.5 MEDIUM | 7.2 HIGH |
| The Timeline Calendar WordPress plugin through 1.2 does not sanitise, validate or escape the edit GET parameter before using it in a SQL statement when editing events, leading to an authenticated SQL injection issue. Other SQL Injections are also present in the plugin | |||||
| CVE-2021-24506 | 1 Quantumcloud | 1 Slider Hero | 2021-08-26 | 6.5 MEDIUM | 8.8 HIGH |
| The Slider Hero with Animation, Video Background & Intro Maker WordPress plugin before 8.2.7 does not sanitise or escape the id attribute of its hero-button shortcode before using it in a SQL statement, allowing users with a role as low as Contributor to perform SQL injection. | |||||
| CVE-2020-18164 | 1 Tp-shop | 1 Tp-shop | 2021-08-25 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill parameter. | |||||
| CVE-2020-18746 | 1 Aitecms | 1 Aitecms | 2021-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| SQL Injection in AiteCMS v1.0 allows remote attackers to execute arbitrary code via the component "aitecms/login/diy_list.php". | |||||
| CVE-2020-22122 | 1 Find A Place Ljcms Project | 1 Find A Place Ljcms | 2021-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL injection vulnerability in /oa.php?c=Staff&a=read of Find a Place LJCMS v 1.3 allows attackers to access sensitive database information via a crafted POST request. | |||||
| CVE-2020-18877 | 1 Wuzhicms | 1 Wuzhicms | 2021-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'. | |||||