Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8554 | 1 Mantisbt | 1 Mantisbt | 2021-01-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary SQL commands via the project_id parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1609. | |||||
| CVE-2014-1608 | 2 Debian, Mantisbt | 2 Debian Linux, Mantisbt | 2021-01-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mc_issue_attachment_get SOAP request. | |||||
| CVE-2020-26045 | 1 Thedaylightstudio | 1 Fuel Cms | 2021-01-08 | 7.5 HIGH | 9.8 CRITICAL |
| FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. | |||||
| CVE-2020-35742 | 1 Hgiga | 4 Msr45 Isherlock-antispam, Msr45 Isherlock-user, Ssr45 Isherlock-antispam and 1 more | 2021-01-07 | 6.5 MEDIUM | 7.6 HIGH |
| HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter. | |||||
| CVE-2020-35743 | 1 Hgiga | 4 Msr45 Isherlock-antispam, Msr45 Isherlock-user, Ssr45 Isherlock-antispam and 1 more | 2021-01-07 | 6.5 MEDIUM | 7.6 HIGH |
| HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages. | |||||
| CVE-2020-36112 | 1 Cse Bookstore Project | 1 Cse Bookstore | 2021-01-07 | 7.5 HIGH | 9.8 CRITICAL |
| CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application is running. | |||||
| CVE-2021-3018 | 1 Ipeak | 1 Ipeakcms | 2021-01-07 | 7.5 HIGH | 9.8 CRITICAL |
| ipeak Infosystems ibexwebCMS (aka IPeakCMS) 3.5 is vulnerable to an unauthenticated Boolean-based SQL injection via the id parameter on the /cms/print.php page. | |||||
| CVE-2021-3021 | 1 Ispconfig | 1 Ispconfig | 2021-01-07 | 7.5 HIGH | 9.8 CRITICAL |
| ISPConfig before 3.2.2 allows SQL injection. | |||||
| CVE-2020-29437 | 1 Orangehrm | 1 Orangehrm | 2021-01-07 | 5.5 MEDIUM | 8.1 HIGH |
| SQL injection in the Buzz module of OrangeHRM through 4.6 allows remote authenticated attackers to execute arbitrary SQL commands via the orangehrmBuzzPlugin/lib/dao/BuzzDao.php loadMorePostsForm[profileUserId] parameter to the buzz/loadMoreProfile endpoint. | |||||
| CVE-2020-28413 | 1 Mantisbt | 1 Mantisbt | 2021-01-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP. | |||||
| CVE-2019-7726 | 1 Nukeviet | 1 Nukeviet | 2021-01-05 | 7.5 HIGH | 9.8 CRITICAL |
| modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request (e.g., Referer and User-Agent). | |||||
| CVE-2020-29228 | 1 Egavilanmedia | 1 User Registration And Login System With Admin Panel | 2021-01-04 | 5.0 MEDIUM | 7.5 HIGH |
| EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by SQL injection in the User Login Page. | |||||
| CVE-2020-27848 | 1 Dotcms | 1 Dotcms | 2021-01-04 | 6.5 MEDIUM | 8.8 HIGH |
| dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. The PaginatorOrdered classes that are used to paginate results of a REST endpoints do not sanitize the orderBy parameter and in some cases it is vulnerable to SQL injection attacks. A user must be an authenticated manager in the dotCMS system to exploit this vulnerability. | |||||
| CVE-2020-35613 | 1 Joomla | 1 Joomla\! | 2020-12-30 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Joomla! 3.0.0 through 3.9.22. Improper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list. | |||||
| CVE-2020-35242 | 1 Flamingo Project | 1 Flamingo | 2020-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserTeamInfoInDbAndMemory. | |||||
| CVE-2020-35243 | 1 Flamingo Project | 1 Flamingo | 2020-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserInfoInDb. | |||||
| CVE-2020-35244 | 1 Flamingo Project | 1 Flamingo | 2020-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addGroup. | |||||
| CVE-2020-35245 | 1 Flamingo Project | 1 Flamingo | 2020-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addUser. | |||||
| CVE-2020-35708 | 1 Phplist | 1 Phplist | 2020-12-28 | 6.5 MEDIUM | 7.2 HIGH |
| phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page. | |||||
| CVE-2008-4080 | 1 Stash | 1 Stash | 2020-12-28 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in Stash 1.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username parameter to admin/library/authenticate.php and the (2) download parameter to downloadmp3.php. NOTE: some of these details are obtained from third party information. | |||||