Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25514 | 1 Simple Library Management System Project | 1 Simple Library Management System | 2021-07-21 | 4.6 MEDIUM | 8.4 HIGH |
| Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http://<site>/lms/admin.php. | |||||
| CVE-2019-2195 | 1 Google | 1 Android | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| In tokenize of sqlite3_android.cpp, there is a possible attacker controlled INSERT statement due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139186193 | |||||
| CVE-2020-25273 | 1 Online Bus Booking System Project | 1 Online Bus Booking System | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| In SourceCodester Online Bus Booking System 1.0, there is Authentication bypass on the Admin Login screen in admin.php via username or password SQL injection. | |||||
| CVE-2020-14068 | 1 Mk-auth | 1 Mk-auth | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in MK-AUTH 19.01. The web login functionality allows an attacker to bypass authentication and gain client privileges via SQL injection in central/executar_login.php. | |||||
| CVE-2020-25608 | 1 Mitel | 1 Micollab | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| The SAS portal of Mitel MiCollab before 9.2 could allow an attacker to access user credentials due to improper input validation, aka SQL Injection. | |||||
| CVE-2020-6010 | 1 Thimpress | 1 Learnpress | 2021-07-19 | 6.5 MEDIUM | 8.8 HIGH |
| LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection | |||||
| CVE-2015-4724 | 1 Concretecms | 1 Concrete Cms | 2021-07-15 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in Concrete5 5.7.3.1. | |||||
| CVE-2021-24337 | 1 Video-embed-box Project | 1 Video-embed-box | 2021-07-15 | 6.5 MEDIUM | 8.8 HIGH |
| The id GET parameter of one of the Video Embed WordPress plugin through 1.0's page (available via forced browsing) is not sanitised, validated or escaped before being used in a SQL statement, allowing low privilege users, such as subscribers, to perform SQL injection. | |||||
| CVE-2012-2684 | 2 Redhat, Trevor Mckay | 2 Enterprise Mrg, Cumin | 2021-07-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the get_sample_filters_by_signature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to execute arbitrary SQL commands via the (1) agent or (2) object id. | |||||
| CVE-2013-4461 | 1 Redhat | 1 Enterprise Mrg | 2021-07-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the "filtering table operator." | |||||
| CVE-2021-24442 | 1 Wpdevart | 1 Poll\, Survey\, Questionnaire And Voting System | 2021-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, escape or validate the date_answers[] POST parameter before using it in a SQL statement when sending a Poll result, allowing unauthenticated users to perform SQL Injection attacks | |||||
| CVE-2021-29730 | 1 Ibm | 1 Infosphere Information Server | 2021-07-15 | 6.5 MEDIUM | 8.8 HIGH |
| IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 201164. | |||||
| CVE-2021-24385 | 1 Ninjateam | 1 Filebird | 2021-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the get_col function and it allows SQL injection. The Rest API endpoint which invokes this function also does not have any required permissions/authentication and can be accessed by an anonymous user. | |||||
| CVE-2015-5641 | 1 Basercms | 1 Basercms | 2021-07-15 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in baserCMS before 3.0.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2021-33578 | 1 Echobh | 1 Sharecare | 2021-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities when processing remote input from both authenticated and unauthenticated users, leading to the ability to bypass authentication, exfiltrate Structured Query Language (SQL) records, and manipulate data. | |||||
| CVE-2020-18544 | 1 Wms Project | 1 Wms | 2021-07-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary code via the "username" parameter in the component "chkuser.php". | |||||
| CVE-2021-25427 | 1 Google | 1 Android | 2021-07-14 | 3.3 LOW | 6.5 MEDIUM |
| SQL injection vulnerability in Bluetooth prior to SMR July-2021 Release 1 allows unauthorized access to paired device information | |||||
| CVE-2020-21133 | 1 Metinfo | 1 Metinfo | 2021-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpassword.php?lang=cn&a=dovalid. | |||||
| CVE-2020-21132 | 1 Metinfo | 1 Metinfo | 2021-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in Metinfo 7.0.0beta in index.php. | |||||
| CVE-2020-21131 | 1 Metinfo | 1 Metinfo | 2021-07-12 | 6.5 MEDIUM | 7.2 HIGH |
| SQL Injection vulnerability in MetInfo 7.0.0beta via admin/?n=language&c=language_web&a=doAddLanguage. | |||||