Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42077 | 1 Kaysongroup | 1 Php Event Calendar | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
PHP Event Calendar before 2021-09-03 allows SQL injection, as demonstrated by the /server/ajax/user_manager.php username parameter. This can be used to execute SQL statements directly on the database, allowing an adversary in some cases to completely compromise the database system. It can also be used to bypass the login form.
|
|||||
| CVE-2021-42064 | 1 Sap | 1 Commerce | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
|
If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. The vulnerability is present if the parameterized "in" clause accepts more than 1000 values.
|
|||||
| CVE-2021-41971 | 1 Apache | 1 Superset | 2024-11-21 | 6.0 MEDIUM | 8.8 HIGH |
|
Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL.
|
|||||
| CVE-2021-41965 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized EN_tyid, theID and EID fields used when an Edit action on an existing record is being performed.
|
|||||
| CVE-2021-41947 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode.
|
|||||
| CVE-2021-41942 | 1 Msvod | 1 Msvod Cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The Magic CMS MSVOD v10 video system has a SQL injection vulnerability. Attackers can use vulnerabilities to obtain sensitive information in the database.
|
|||||
| CVE-2021-41932 | 1 Wolterskluwer | 1 Teammate\+ Audit | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A blind SQL injection vulnerability in search form in TeamMate+ Audit version 28.0.19.0 allows any authenticated user to create malicious SQL injections, which can result in complete database compromise, gaining information about other users, unauthorized access to audit data etc.
|
|||||
| CVE-2021-41931 | 1 Recruitment Management System Project | 1 Recruitment Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The Company's Recruitment Management System in id=2 of the parameter from view_vacancy app on-page appears to be vulnerable to SQL injection. The payloads 19424269' or '1309'='1309 and 39476597' or '2917'='2923 were each submitted in the id parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
|
|||||
| CVE-2021-41928 | 1 Try My Recipe Project | 1 Try My Recipe | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection in Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) 1.0 by oretnom23, allows attackers to execute arbitrary code via the rid parameter to the view_recipe page.
|
|||||
| CVE-2021-41920 | 1 Webtareas Project | 1 Webtareas | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. This allows an attacker to access all the data in the database and obtain access to the webTareas application.
|
|||||
| CVE-2021-41845 | 1 Thycotic | 1 Secret Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007. The only affected versions are 10.9.000032 through 11.0.000006.
|
|||||
| CVE-2021-41843 | 1 Open-emr | 1 Openemr | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
|
An authenticated SQL injection issue in the calendar search function of OpenEMR 6.0.0 before patch 3 allows an attacker to read data from all tables of the database via the parameter provider_id, as demonstrated by the /interface/main/calendar/index.php?module=PostCalendar&func=search URI.
|
|||||
| CVE-2021-41765 | 1 Montala | 1 Resourcespace | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of ResourceSpace 9.5 and 9.6 < rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of the ResourceSpace database, including user session cookies. An attacker who gets an admin user session cookie can use the session cookie to execute arbitrary code on the server.
|
|||||
| CVE-2021-41756 | 1 Dynamicvision | 1 Dynamicmarkt | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
dynamicMarkt <= 3.10 is affected by SQL injection in the kat parameter of index.php.
|
|||||
| CVE-2021-41755 | 1 Dynamicvision | 1 Dynamicmarkt | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
dynamicMarkt <= 3.10 is affected by SQL injection in the kat1 parameter of index.php.
|
|||||
| CVE-2021-41754 | 1 Dynamicvision | 1 Dynamicmarkt | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
dynamicMarkt <= 3.10 is affected by SQL injection in the parent parameter of index.php.
|
|||||
| CVE-2021-41746 | 1 Yonyou | 1 Turbocrm | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
SQL Injection vulnerability exists in all versions of Yonyou TurboCRM.via the orgcode parameter in changepswd.php. Attackers can use the vulnerabilities to obtain sensitive database information.
|
|||||
| CVE-2021-41695 | 1 Globaldatingsoftware | 1 Premiumdatingscript | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An SQL Injection vulnerability exists in Premiumdatingscript 4.2.7.7 via the ip parameter in connect.php. .
|
|||||
| CVE-2021-41679 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
|
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/grades/InputFinalGrades.php, period parameter.
|
|||||
| CVE-2021-41678 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
|
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/users/Staff.php, staff{TITLE] parameter.
|
|||||
| CVE-2021-41677 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
|
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/functions/GetStuListFnc.php &Grade= parameter.
|
|||||
| CVE-2021-41676 | 1 Pharmacy Point Of Sale System Project | 1 Pharmacy Point Of Sale System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point of Sale System 1.0 in the login function in actions.php.
|
|||||
| CVE-2021-41674 | 1 E-negosyo System Project | 1 E-negosyo System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An SQL Injection vulnerability exists in Sourcecodester E-Negosyo System 1.0 via the user_email parameter in /admin/login.php.
|
|||||
| CVE-2021-41672 | 1 Peel | 1 Peel Shopping | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection in utilisateurs.php. A user that belongs to the administrator group can inject a malicious SQL query in order to affect the execution logic of the application and retrive information from the database.
|
|||||
| CVE-2021-41662 | 1 South Gate Inn Online Reservation System Project | 1 South Gate Inn Online Reservation System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The South Gate Inn Online Reservation System v1.0 contains an SQL injection vulnerability that can be chained with a malicious PHP file upload, which is caused by improper file handling in the editImg function. This vulnerability leads to remote code execution.
|
|||||
| CVE-2021-41661 | 1 Church Management System Project | 1 Church Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory. This can lead to RCE on the web server by uploading a PHP webshell.
|
|||||
| CVE-2021-41660 | 1 Patient Appointment Scheduler System Project | 1 Patient Appointment Scheduler System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in Sourcecodester Patient Appointment Scheduler System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password fields to login.php.
|
|||||
| CVE-2021-41654 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php
|
|||||
| CVE-2021-41651 | 1 Hotel Management System Project | 1 Hotel Management System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. A malicious attacker can retrieve sensitive database information and interact with the database using the vulnerable cid parameter in process_update_profile.php.
|
|||||
| CVE-2021-41649 | 1 Online-shopping-system-advanced Project | 1 Online-shopping-system-advanced | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user input.
|
|||||
| CVE-2021-41648 | 1 Online-shopping-system-advanced Project | 1 Online-shopping-system-advanced | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /action.php prId parameter. Using a post request does not sanitize the user input.
|
|||||
| CVE-2021-41647 | 1 Online Food Ordering Web App Project | 1 Online Food Ordering Web App | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable "username" parameter in login.php and retrieve sensitive database information, as well as add an administrative user.
|
|||||
| CVE-2021-41609 | 1 Classapps | 1 Selectsurvey.net | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection in the ID parameter of the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve data from the application's backend database via boolean-based blind and UNION injection.
|
|||||
| CVE-2021-41511 | 1 Lodging Reservation Management System Project | 1 Lodging Reservation Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The username and password field of login in Lodging Reservation Management System V1 can give access to any user by using SQL injection to bypass authentication.
|
|||||
| CVE-2021-41492 | 1 Simple Cashiering System Project | 1 Simple Cashiering System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple Cashiering System (POS) 1.0 via the (1) Product Code in the pos page in cashiering. (2) id parameter in manage_products and the (3) t paramater in actions.php.
|
|||||
| CVE-2021-41487 | 1 Nokia | 1 Vitalsuite | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName'.
|
|||||
| CVE-2021-41472 | 1 Simple Membership System Using Php And Ajax Project | 1 Simple Membership System Using Php And Ajax | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in Sourcecodester Simple Membership System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password parameters.
|
|||||
| CVE-2021-41471 | 1 South Gate Inn Online Reservation System Project | 1 South Gate Inn Online Reservation System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in Sourcecodester South Gate Inn Online Reservation System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the email and Password parameters.
|
|||||
| CVE-2021-41460 | 1 Shopex | 1 Ecshop | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information.
|
|||||
| CVE-2021-41408 | 1 Voipmonitor | 1 Voipmonitor | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter.
|
|||||