Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27973 | 1 Piwigo | 1 Piwigo | 2021-04-30 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages. | |||||
| CVE-2020-35430 | 1 Inxedu | 1 Inxedu | 2021-04-30 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in com/inxedu/OS/edu/controller/letter/AdminMsgSystemController in Inxedu v2.0.6 via the ids parameter to admin/letter/delsystem. | |||||
| CVE-2021-21427 | 1 Openmage | 1 Magento | 2021-04-30 | 6.5 MEDIUM | 7.2 HIGH |
| Magento-lts is a long-term support alternative to Magento Community Edition (CE). A vulnerability in magento-lts versions before 19.4.13 and 20.0.9 potentially allows an administrator unauthorized access to restricted resources. This is a backport of CVE-2021-21024. The vulnerability is patched in versions 19.4.13 and 20.0.9. | |||||
| CVE-2021-28419 | 1 Seopanel | 1 Seo Panel | 2021-04-27 | 6.5 MEDIUM | 7.2 HIGH |
| The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases. | |||||
| CVE-2016-4999 | 1 Redhat | 3 Dashbuilder, Jboss Bpm Suite, Jboss Enterprise Brms Platform | 2021-04-27 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI. | |||||
| CVE-2013-5945 | 1 Dlink | 16 Dsr-1000, Dsr-1000 Firmware, Dsr-1000n and 13 more | 2021-04-23 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua. | |||||
| CVE-2020-36195 | 1 Qnap | 3 Media Streaming Add-on, Multimedia Console, Qts | 2021-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and later We have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively: QTS 4.3.3.1624 Build 20210416 or later QTS 4.3.6.1620 Build 20210322 or later | |||||
| CVE-2020-29472 | 1 Egavilanmedia | 1 Under Construction Page With Cpanel | 2021-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| EGavilan Media Under Construction page with cPanel 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution. | |||||
| CVE-2020-29474 | 1 Egavilanmedia | 1 Egm Address Book | 2021-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| EGavilan Media EGM Address Book 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution. | |||||
| CVE-2021-27672 | 1 Tribalsystems | 1 Zenario | 2021-04-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component. | |||||
| CVE-2021-23276 | 1 Eaton | 3 Intelligent Power Manager, Intelligent Power Manager Virtual Appliance, Intelligent Power Protector | 2021-04-21 | 6.5 MEDIUM | 8.8 HIGH |
| Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated SQL injection. A malicious user can send a specially crafted packet to exploit the vulnerability. Successful exploitation of this vulnerability can allow attackers to add users in the data base. | |||||
| CVE-2007-5187 | 1 Php-fusion | 1 Expanded Calendar Module | 2021-04-21 | 7.5 HIGH | N/A |
| SQL injection vulnerability in infusions/calendar_events_panel/show_single.php in the Expanded Calendar 2.x module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the sel parameter. | |||||
| CVE-2021-30459 | 1 Jazzband | 1 Django Debug Toolbar | 2021-04-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form. | |||||
| CVE-2008-5197 | 1 Php-fusion | 1 Php-fusion | 2021-04-21 | 7.5 HIGH | N/A |
| SQL injection vulnerability in classifieds.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the lid parameter in a detail_adverts action. | |||||
| CVE-2021-28157 | 1 Devolutions | 1 Devolutions Server | 2021-04-21 | 6.5 MEDIUM | 7.2 HIGH |
| An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete. | |||||
| CVE-2017-7717 | 1 Sap | 1 Netweaver Application Server Java | 2021-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504. | |||||
| CVE-2021-26830 | 1 Tribalsystems | 1 Zenario | 2021-04-19 | 6.4 MEDIUM | 9.1 CRITICAL |
| SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module. | |||||
| CVE-2021-27130 | 1 Online Reviewer System Project | 1 Online Reviewer System | 2021-04-19 | 7.5 HIGH | 9.8 CRITICAL |
| Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload. | |||||
| CVE-2021-28142 | 1 Citsmart | 1 Citsmart | 2021-04-19 | 6.5 MEDIUM | 8.8 HIGH |
| CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete." | |||||
| CVE-2013-5957 | 1 Civicrm | 1 Civicrm | 2021-04-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location.php in CiviCRM before 4.2.12, 4.3.x before 4.3.7, and 4.4.x before 4.4.beta4 allow remote attackers to execute arbitrary SQL commands via the _value parameter to (1) ajax/jqState or (2) ajax/jqcounty. | |||||