Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25762 | 1 Seat Reservation System Project | 1 Seat Reservation System | 2020-10-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract sensitive information etc. | |||||
| CVE-2019-7316 | 1 Css-tricks | 1 Chat2 | 2020-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in CSS-TRICKS Chat2 through 2015-05-05. The userid parameter in jumpin.php has a SQL injection vulnerability. | |||||
| CVE-2020-26525 | 1 Damstratechnology | 1 Smart Asset | 2020-10-06 | 6.4 MEDIUM | 9.1 CRITICAL |
| Damstra Smart Asset 2020.7 has SQL injection via the API/api/Asset originator parameter. This allows forcing the database and server to initiate remote connections to third party DNS servers. | |||||
| CVE-2020-25990 | 1 Websitebaker | 1 Websitebaker | 2020-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. | |||||
| CVE-2020-20800 | 1 Metinfo | 1 Metinfo | 2020-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the install/index.php?action=adminsetup&cndata=yes&endata=yes&showdata=yes URI. | |||||
| CVE-2020-26042 | 1 Hoosk | 1 Hoosk | 2020-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php | |||||
| CVE-2020-12870 | 1 Rainbowfishsoftware | 1 Pacsone Server | 2020-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username parameter in the signup page. | |||||
| CVE-2020-15394 | 1 Zohocorp | 1 Manageengine Applications Manager | 2020-09-30 | 7.5 HIGH | 9.8 CRITICAL |
| The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution. | |||||
| CVE-2020-24623 | 1 Hpe | 1 Universal Api Framework | 2020-09-30 | 3.3 LOW | 6.5 MEDIUM |
| A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework. The vulnerability could be remotely exploited to allow SQL injection in HPE Universal API Framework for VMware Esxi v2.5.2 and HPE Universal API Framework for Microsoft Hyper-V (VHD). | |||||
| CVE-2017-17110 | 1 Techno - Portfolio Management Panel Project | 1 Techno - Portfolio Management Panel | 2020-09-30 | 7.5 HIGH | 9.8 CRITICAL |
| Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request. | |||||
| CVE-2020-25147 | 1 Observium | 1 Observium | 2020-09-30 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via username[0] to the default URI, because of includes/authenticate.inc.php. | |||||
| CVE-2020-25143 | 1 Observium | 1 Observium | 2020-09-30 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via /ajax/device_entities.php?entity_type=netscalervsvr&device_id[]= because of /ajax/device_entities.php. | |||||
| CVE-2020-25132 | 1 Observium | 1 Observium | 2020-09-30 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending the improper variable type Array allows a bypass of core SQL Injection sanitization. Users are able to inject malicious statements in multiple functions. This vulnerability leads to full authentication bypass: any unauthorized user with access to the application is able to exploit this vulnerability. This can occur via the Cookie header to the default URI, within includes/authenticate.inc.php. | |||||
| CVE-2020-25130 | 1 Observium | 1 Observium | 2020-09-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending an improper variable type of Array allows a bypass of core SQL Injection sanitization. Authenticated users are able to inject malicious SQL queries. This vulnerability leads to full database leak including ckeys that can be used in the authentication process without knowing the username and cleartext password. This can occur via the ajax/actions.php group_id field. | |||||
| CVE-2017-17589 | 1 Thumbtack Clone Project | 1 Thumbtack Clone | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter. | |||||
| CVE-2017-17643 | 1 Lynda Clone Project | 1 Lynda Clone | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tutorial/. | |||||
| CVE-2017-17587 | 1 Indiamart Clone Project | 1 Indiamart Clone | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token parameter, buyleads-details.php id parameter, or company/index.php c parameter. | |||||
| CVE-2017-17588 | 1 Imdb Clone Project | 1 Imdb Clone | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| FS IMDB Clone 1.0 has SQL Injection via the movie.php f parameter, tvshow.php s parameter, or show_misc_video.php id parameter. | |||||
| CVE-2017-17586 | 1 Olx Clone Project | 1 Olx Clone | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter or the message.php pid parameter. | |||||
| CVE-2017-17583 | 1 Shutterstock Clone Project | 1 Shutterstock Clone | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| FS Shutterstock Clone 1.0 has SQL Injection via the /Category keywords parameter. | |||||