Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-46308 | 1 Online Railway Reservation System Project | 1 Online Railway Reservation System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An SQL Injection vulnerability exists in Sourcecodester Online Railway Reservation Sysytem 1.0 via the sid parameter.
|
|||||
| CVE-2021-46307 | 1 Projectworlds | 1 Online Examination System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An SQL Injection vulnerability exists in Projectworlds Online Examination System 1.0 via the eid parameter in account.php.
|
|||||
| CVE-2021-46204 | 1 Taogogo | 1 Taocms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php.
|
|||||
| CVE-2021-46201 | 1 Online Resort Management System Project | 1 Online Resort Management System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An SQL Injection vulnerability exists in Sourcecodester Online Resort Management System 1.0 via the id parameterv in /orms/ node.
|
|||||
| CVE-2021-46198 | 1 Courier Management System Project | 1 Courier Management System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An SQL Injection vulnerability exists in Sourceodester Courier Management System 1.0 via the email parameter in /cms/ajax.php app.
|
|||||
| CVE-2021-46110 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Online Shopping Portal v3.1 was discovered to contain multiple time-based SQL injection vulnerabilities via the email and contactno parameters.
|
|||||
| CVE-2021-46089 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges.
|
|||||
| CVE-2021-46061 | 1 Computer And Mobile Repair Shop Management System Project | 1 Computer And Mobile Repair Shop Management System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An SQL Injection vulnerability exists in Sourcecodester Computer and Mobile Repair Shop Management system (RSMS) 1.0 via the code parameter in /rsms/ node app.
|
|||||
| CVE-2021-46024 | 1 Projectworlds | 1 Online-shopping-webvsite-in-php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL Injection vulnerability via the "id" parameter in cart_add.php, No login is required.
|
|||||
| CVE-2021-45821 | 1 Btiteam | 1 Xbtit | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid parameter in ajaxchat/getHistoryChatData.php file that is accessible by a registered user. As a result, a malicious user can extract sensitive data such as usernames and passwords and in some cases use this vulnerability in order to get a remote code execution on the remote web server.
|
|||||
| CVE-2021-45814 | 1 Nettemp | 1 Nnt | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel with an administrative account.
|
|||||
| CVE-2021-45811 | 1 Enhancesoft | 1 Osticket | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
|
|||||
| CVE-2021-45803 | 1 Iresturant Project | 1 Iresturant | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because this view parameter value is added to the SQL query without additional verification when viewing reservation.
|
|||||
| CVE-2021-45802 | 1 Iresturant Project | 1 Iresturant | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because the email and phone parameter values are added to the SQL query without any verification at the time of membership registration.
|
|||||
| CVE-2021-45794 | 1 Slims | 1 Senayan Library Management System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can be obtained.
|
|||||
| CVE-2021-45793 | 1 Slims | 1 Senayan Library Management System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained.
|
|||||
| CVE-2021-45791 | 1 Slims | 1 Senayan Library Management System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users.
|
|||||
| CVE-2021-45788 | 1 Metersphere | 1 Metersphere | 2024-11-21 | N/A | 8.8 HIGH |
|
Time-based SQL Injection vulnerabilities were found in Metersphere v1.15.4 via the "orders" parameter.
|
|||||
| CVE-2021-45435 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An SQL Injection vulnerability exists in Sourcecodester Simple Cold Storage Management System using PHP/OOP 1.0 via the username field in login.php.
|
|||||
| CVE-2021-45406 | 1 Salonerp Project | 1 Salonerp | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password.
|
|||||
| CVE-2021-45334 | 1 Online Thesis Archiving System Project | 1 Online Thesis Archiving System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Sourcecodester Online Thesis Archiving System 1.0 is vulnerable to SQL Injection. An attacker can bypass admin authentication and gain access to admin panel using SQL Injection
|
|||||
| CVE-2021-45255 | 1 Video Sharing Website Project | 1 Video Sharing Website | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
The email parameter from ajax.php of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed.
|
|||||
| CVE-2021-45253 | 1 Simple Cold Storage Management System Project | 1 Simple Cold Storage Managment System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The id parameter in view_storage.php from Simple Cold Storage Management System 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed.
|
|||||
| CVE-2021-45252 | 1 Oretnom23 | 1 Simple Forum\/discussion System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple SQL injection vulnerabilities are found on Simple Forum-Discussion System 1.0 For example on three applications which are manage_topic.php, manage_user.php, and ajax.php. The attacker can be retrieving all information from the database of this system by using this vulnerability.
|
|||||
| CVE-2021-45041 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL injection via the Tooltips action in the Project module, involving resource_id and start_date.
|
|||||
| CVE-2021-45014 | 1 Taogogo | 1 Taocms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26
|
|||||
| CVE-2021-44966 | 1 Phpgurukul | 1 Employee Record Management System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php. An attacker can log in as an admin account of this system and can destroy, change or manipulate all sensitive information on the system.
|
|||||
| CVE-2021-44915 | 1 Taogogo | 1 Taocms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category.
|
|||||
| CVE-2021-44874 | 1 Dalmark | 1 Systeam Enterprise Resource Planning | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Insecure design on report build via SQL query. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. The bi report module exposes direct SQL commands via POST data in order to select data for report generation. A malicious actor can use the bi report endpoint as a direct SQL prompt under the authenticated user.
|
|||||
| CVE-2021-44868 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A problem was found in ming-soft MCMS v5.1. There is a sql injection vulnerability in /ms/cms/content/list.do
|
|||||
| CVE-2021-44866 | 1 Projectworlds | 1 Online Movie Ticket Booking System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The file about.php does not perform input validation on the 'id' paramter. An attacker can append SQL queries to the input to extract sensitive information from the database.
|
|||||
| CVE-2021-44835 | 1 Aivhub | 1 Active Intelligence Visualization | 2024-11-21 | N/A | 9.8 CRITICAL |
|
An issue was discovered in Active Intelligent Visualization 5. The Vdc header is used in a SQL query without being sanitized. This causes SQL injection.
|
|||||
| CVE-2021-44779 | 1 \[gwa\] Autoresponder Project | 1 \[gwa\] Autoresponder | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
|
Unauthenticated SQL Injection (SQLi) vulnerability discovered in [GWA] AutoResponder WordPress plugin (versions <= 2.3), vulnerable at (&listid). No patched version available, plugin closed.
|
|||||
| CVE-2021-44655 | 1 Online Pre-owned\/used Car Showroom Management System Project | 1 Online Pre-owned\/used Car Showroom Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQL injection authentication bypass vulnerability. Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to get admin access on the application.
|
|||||
| CVE-2021-44653 | 1 Oretnom23 | 1 Online Magazine Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. The Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to gain access as admin to the application.
|
|||||
| CVE-2021-44617 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated.
|
|||||
| CVE-2021-44610 | 1 Bloofox | 1 Bloofoxcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple SQL Injection vulnerabilities exist in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) URLs, (2) lang_id, (3) tmpl_id, (4) mod_rewrite (5) eta_doctype. (6) meta_charset, (7) default_group, and (8) page group parameters in the settings mode in admin/index.php.
|
|||||
| CVE-2021-44599 | 1 Online Enrollment Management System Project | 1 Online Enrollment Management System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The id parameter from Online Enrollment Management System 1.0 system appears to be vulnerable to SQL injection attacks. A crafted payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed. The attacker can retrieve sensitive information for all users of this system.
|
|||||
| CVE-2021-44593 | 1 Simple College Website Project | 1 Simple College Website | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
Simple College Website 1.0 is vulnerable to unauthenticated file upload & remote code execution via UNION-based SQL injection in the username parameter on /admin/login.php.
|
|||||
| CVE-2021-44581 | 1 Kreado | 1 Kreasfero | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An SQL Injection vulnerabilty exists in Kreado Kreasfero 1.5 via the id parameter.
|
|||||