Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24361 | 1 Ayecode | 1 Location Manager | 2021-06-24 | 7.5 HIGH | 9.8 CRITICAL |
| In the Location Manager WordPress plugin before 2.1.0.10, the AJAX action gd_popular_location_list did not properly sanitise or validate some of its POST parameters, which are then used in a SQL statement, leading to unauthenticated SQL Injection issues. | |||||
| CVE-2020-20469 | 1 White Shark Systems Project | 1 White Shark Systems | 2021-06-23 | 5.0 MEDIUM | 7.5 HIGH |
| White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the log_edit.php files failing to filter the csa_to_user parameter, remote attackers can exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2020-20473 | 1 White Shark Systems Project | 1 White Shark Systems | 2021-06-23 | 5.0 MEDIUM | 7.5 HIGH |
| White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the control_task.php, control_project.php, default_user.php files failing to filter the sort parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2020-20474 | 1 White Shark Systems Project | 1 White Shark Systems | 2021-06-23 | 5.0 MEDIUM | 7.5 HIGH |
| White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the default_task_edituser.php files failing to filter the csa_to_user parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2021-24341 | 1 Xllentech | 1 English Islamic Calendar | 2021-06-23 | 6.5 MEDIUM | 8.8 HIGH |
| When deleting a date in the Xllentech English Islamic Calendar WordPress plugin before 2.6.8, the year_number and month_number POST parameters are not sanitised, escaped or validated before being used in a SQL statement, leading to SQL injection. | |||||
| CVE-2021-23230 | 1 Gallagher | 1 Command Centre | 2021-06-22 | 3.5 LOW | 4.3 MEDIUM |
| A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions. | |||||
| CVE-2021-32582 | 1 Connectwise | 1 Connectwise Automate | 2021-06-22 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in ConnectWise Automate before 2021.5. A blind SQL injection vulnerability exists in core agent inventory communication that can enable an attacker to extract database information or administrative credentials from an instance via crafted monitor status responses. | |||||
| CVE-2021-33894 | 1 Progress | 1 Moveit Transfer | 2021-06-22 | 6.5 MEDIUM | 8.8 HIGH |
| In Progress MOVEit Transfer before 2019.0.6 (11.0.6), 2019.1.x before 2019.1.5 (11.1.5), 2019.2.x before 2019.2.2 (11.2.2), 2020.x before 2020.0.5 (12.0.5), 2020.1.x before 2020.1.4 (12.1.4), and 2021.x before 2021.0.1 (13.0.1), a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements. | |||||
| CVE-2020-29214 | 1 Alumni Management System Project | 1 Alumni Management System | 2021-06-22 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in SourceCodester Alumni Management System 1.0 allows the user to inject SQL payload to bypass the authentication via admin/login.php. | |||||
| CVE-2021-32932 | 1 Advantech | 1 Iview | 2021-06-21 | 5.0 MEDIUM | 7.5 HIGH |
| The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182). | |||||
| CVE-2020-22203 | 1 Phpcms | 1 Phpcms | 2021-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in phpCMS 2008 sp4 via the genre parameter to yp/job.php. | |||||
| CVE-2021-24345 | 1 Sendit Project | 1 Sendit | 2021-06-21 | 6.0 MEDIUM | 6.6 MEDIUM |
| The page lists-management feature of the Sendit WP Newsletter WordPress plugin through 2.5.1, available to Administrator users does not sanitise, validate or escape the id_lista POST parameter before using it in SQL statement, therefore leading to Blind SQL Injection. | |||||
| CVE-2020-22198 | 1 Dedecms | 1 Dedecms | 2021-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in DedeCMS 5.7 via mdescription parameter to member/ajax_membergroup.php. | |||||
| CVE-2020-22205 | 1 Shopex | 1 Ecshop | 2021-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in ECShop 3.0 via the id parameter to admin/shophelp.php. | |||||
| CVE-2020-22206 | 1 Shopex | 1 Ecshop | 2021-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in ECShop 3.0 via the aid parameter to admin/affiliate_ck.php. | |||||
| CVE-2020-22204 | 1 Shopex | 1 Ecshop | 2021-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in ECShop 2.7.6 via the goods_number parameter to flow.php. . | |||||
| CVE-2020-22208 | 1 74cms | 1 74cms | 2021-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajax_street.php. | |||||
| CVE-2020-22209 | 1 74cms | 1 74cms | 2021-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajax_common.php. | |||||
| CVE-2020-22211 | 1 74cms | 1 74cms | 2021-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajax_street.php. | |||||
| CVE-2020-22210 | 1 74cms | 1 74cms | 2021-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in 74cms 3.2.0 via the x parameter to ajax_officebuilding.php. | |||||