Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25751 | 1 Corephp | 1 Pago Commerce | 2020-09-24 | 6.5 MEDIUM | 8.8 HIGH |
| The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via the administrator/index.php?option=com_pago&view=comments filter_published parameter. | |||||
| CVE-2020-0344 | 1 Google | 1 Android | 2020-09-21 | 2.1 LOW | 5.5 MEDIUM |
| In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140729887 | |||||
| CVE-2020-0352 | 1 Google | 1 Android | 2020-09-21 | 2.1 LOW | 5.5 MEDIUM |
| In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-132074310 | |||||
| CVE-2020-23833 | 1 Projectworlds | 1 House Rental | 2020-09-18 | 7.5 HIGH | 9.8 CRITICAL |
| Projectworlds House Rental v1.0 suffers from an unauthenticated SQL Injection vulnerability, allowing remote attackers to execute arbitrary code on the hosting webserver via a malicious index.php POST request. | |||||
| CVE-2019-4671 | 1 Ibm | 1 Maximo Asset Management | 2020-09-16 | 6.5 MEDIUM | 6.3 MEDIUM |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171437. | |||||
| CVE-2020-13127 | 1 Loway | 1 Queuemetrics | 2020-09-15 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.04.1 allows remote authenticated attackers to execute arbitrary SQL commands via the TASKS_LIST__pt.querystring parameter. | |||||
| CVE-2020-24197 | 1 Stock Management System Project | 1 Stock Management System | 2020-09-15 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote attacker to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2020-24193 | 1 Daily Tracker System Project | 1 Daily Tracker System | 2020-09-10 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in login in Sourcecodetester Daily Tracker System 1.0 allows unauthenticated user to execute authentication bypass with SQL injection via the email parameter. | |||||
| CVE-2018-13792 | 1 Abbyy | 1 Flexicapture | 2020-09-10 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCapture before 12 Release 2 allow an attacker to execute arbitrary SQL commands via the mask, sortOrder, filter, or Order parameter. | |||||
| CVE-2020-20625 | 1 Slicedinvoices | 1 Sliced Invoices | 2020-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| Sliced Invoices plugin for WordPress 3.8.2 and earlier allows unauthenticated information disclosure and authenticated SQL injection via core/class-sliced.php. | |||||
| CVE-2012-3336 | 2 Ibm, Linux | 2 Infosphere Guardium, Linux Kernel | 2020-09-04 | 6.5 MEDIUM | 8.8 HIGH |
| IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to multiple scripts, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 78282. | |||||
| CVE-2020-25004 | 1 Heybbs Project | 1 Heybbs | 2020-09-04 | 7.5 HIGH | 9.8 CRITICAL |
| Heybbs v1.2 has a SQL injection vulnerability in user.php file via the ID parameter which may allow a remote attacker to execute arbitrary code. | |||||
| CVE-2020-25005 | 1 Heybbs Project | 1 Heybbs | 2020-09-04 | 7.5 HIGH | 9.8 CRITICAL |
| Heybbs v1.2 has a SQL injection vulnerability in msg.php file via the ID parameter which may allow a remote attacker to execute arbitrary code. | |||||
| CVE-2020-25006 | 1 Heybbs Project | 1 Heybbs | 2020-09-04 | 7.5 HIGH | 9.8 CRITICAL |
| Heybbs v1.2 has a SQL injection vulnerability in login.php file via the username parameter which may allow a remote attacker to execute arbitrary code. | |||||
| CVE-2020-14972 | 1 Pisay Online E-learning System Project | 1 Pisay Online E-learning System | 2020-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution (RCE) via the user_email, user_pass, and id parameters on the admin login-portal and the edit-lessons webpages. | |||||
| CVE-2019-18344 | 1 Online Grading System Project | 1 Online Grading System | 2020-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| Sourcecodester Online Grading System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the student, instructor, department, room, class, or user page (id or classid parameter). | |||||
| CVE-2020-6637 | 1 Os4ed | 1 Opensis | 2020-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php. | |||||
| CVE-2020-13380 | 1 Os4ed | 1 Opensis | 2020-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| openSIS before 7.4 allows SQL Injection. | |||||
| CVE-2014-8366 | 1 Os4ed | 1 Opensis | 2020-09-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote attackers to execute arbitrary SQL commands via the Username and password to index.php. | |||||
| CVE-2020-23973 | 1 Kandnconcepts Club Cms Project | 1 Kandnconcepts Club Cms | 2020-09-02 | 7.5 HIGH | 9.8 CRITICAL |
| KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the 'team.php,player.php,club.php' id parameter. | |||||