Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14207 | 1 Divebook Project | 1 Divebook | 2020-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| The DiveBook plugin 1.1.4 for WordPress was prone to a SQL injection within divelog.php, allowing unauthenticated users to retrieve data from the database via the divelog.php filter_diver parameter. | |||||
| CVE-2020-3984 | 1 Vmware | 1 Sd-wan Orchestrator | 2020-12-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 does not apply correct input validation which allows for SQL-injection. An authenticated SD-WAN Orchestrator user may exploit a vulnerable API call using specially crafted SQL queries which may lead to unauthorized data access. | |||||
| CVE-2020-4003 | 1 Vmware | 1 Sd-wan Orchestrator | 2020-12-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. An authenticated SD-WAN Orchestrator user may inject code into SQL queries which may lead to information disclosure. | |||||
| CVE-2020-6880 | 1 Zte | 2 Zxv10 W908, Zxv10 W908 Firmware | 2020-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| A ZXELINK wireless controller has a SQL injection vulnerability. A remote attacker does not need to log in. By sending malicious SQL statements, because the device does not properly filter parameters, successful use can obtain management rights. This affects: ZXV10 W908 all versions before MIPS_A_1022IPV6R3T6P7Y20. | |||||
| CVE-2020-29283 | 1 Online Doctor Appointment Booking System Php And Mysql Project | 1 Online Doctor Appointment Booking System Php And Mysql | 2020-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php. | |||||
| CVE-2020-29284 | 1 Multi Restaurant Table Reservation System Project | 1 Multi Restaurant Table Reservation System | 2020-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability. | |||||
| CVE-2020-29285 | 1 Point Of Sales In Php\/pdo Project | 1 Point Of Sales In Php\/pdo | 2020-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability was discovered in Point of Sales in PHP/PDO 1.0, which can be exploited via the id parameter to edit_category.php. | |||||
| CVE-2020-29282 | 1 Bloodx Project | 1 Bloodx | 2020-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication. | |||||
| CVE-2020-29280 | 1 Victor Cms Project | 1 Victor Cms | 2020-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page. | |||||
| CVE-2020-29287 | 1 Car Rental Management System Project | 1 Car Rental Management System | 2020-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php. | |||||
| CVE-2020-28091 | 1 Cxuu | 1 Cxuucms | 2020-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php. | |||||
| CVE-2020-21667 | 1 Fastadmin-tp6 Project | 1 Fastadmin-tp6 | 2020-12-01 | 6.5 MEDIUM | 7.2 HIGH |
| In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the 'table' parameter passed is not filtered so a malicious parameter can be passed for SQL injection. | |||||
| CVE-2020-28133 | 1 Simple Grocery Store Sales And Inventory Sales Project | 1 Simple Grocery Store Sales And Inventory System | 2020-12-01 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in sales_inventory/login.php. | |||||
| CVE-2020-28183 | 1 Water Billing System Project | 1 Water Billing System | 2020-12-01 | 10.0 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php. | |||||
| CVE-2013-4313 | 1 Moodle | 1 Moodle | 2020-12-01 | 7.5 HIGH | N/A |
| Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string. | |||||
| CVE-2010-1615 | 1 Moodle | 1 Moodle | 2020-12-01 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the add_to_log function in mod/wiki/view.php in the wiki module, or (2) "data validation in some forms elements" related to lib/form/selectgroups.php. | |||||
| CVE-2012-3395 | 1 Moodle | 1 Moodle | 2020-12-01 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in mod/feedback/complete.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to execute arbitrary SQL commands via crafted form data. | |||||
| CVE-2009-4305 | 1 Moodle | 1 Moodle | 2020-12-01 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file (Course_Title)." | |||||
| CVE-2012-2363 | 1 Moodle | 1 Moodle | 2020-12-01 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in calendar/event.php in the calendar implementation in Moodle 1.9.x before 1.9.18 allows remote authenticated users to execute arbitrary SQL commands via a crafted calendar event. | |||||
| CVE-2020-21665 | 1 Fastadmin | 1 Fastadmin | 2020-11-30 | 6.5 MEDIUM | 7.2 HIGH |
| In fastadmin V1.0.0.20191212_beta, when a user with administrator rights has logged in, a malicious parameter can be passed for SQL injection in URL /admin/ajax/weigh. | |||||