Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40309 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A SQL injection vulnerability exists in the Take Attendance functionality of OS4Ed's OpenSIS 8.0. allows an attacker to inject their own SQL query. The cp_id_miss_attn parameter from TakeAttendance.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request as a user with access to "Take Attendance" functionality to trigger this vulnerability.
|
|||||
| CVE-2021-40282 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php. when registering ordinary users.
|
|||||
| CVE-2021-40281 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary users.
|
|||||
| CVE-2021-40280 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/dl_sendmail.php.
|
|||||
| CVE-2021-40279 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/bad.php.
|
|||||
| CVE-2021-40247 | 1 Oretnom23 | 1 Budget And Expense Tracker System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field.
|
|||||
| CVE-2021-40129 | 1 Cisco | 1 Common Services Platform Collector | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration dashboard. This vulnerability is due to insufficient input validation of uploaded files. An attacker could exploit this vulnerability by uploading a file containing a SQL query to the configuration dashboard. A successful exploit could allow the attacker to read restricted information from the CSPC SQL ...
Show More |
|||||
| CVE-2021-3958 | 1 Ipack | 1 Scada Automation | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Improper Handling of Parameters vulnerability in Ipack Automation Systems Ipack SCADA Software allows : Blind SQL Injection.This issue affects Ipack SCADA Software: from unspecified before 1.1.0.
|
|||||
| CVE-2021-3860 | 1 Jfrog | 1 Artifactory | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query.
|
|||||
| CVE-2021-3854 | 1 Glox | 1 Useroam Hotspot | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Glox Technology Useroam Hotspot allows SQL Injection. This issue affects Useroam Hotspot: before 5.1.0.15.
|
|||||
| CVE-2021-3817 | 1 Wbce | 1 Wbce Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
wbce_cms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
|
|||||
| CVE-2021-3604 | 1 Primion-digitek | 1 Secure 8 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database.
|
|||||
| CVE-2021-3286 | 1 Spotweb Project | 1 Spotweb | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545.
|
|||||
| CVE-2021-3278 | 1 Local Services Search Engine Management System Project | 1 Local Services Search Engine Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Local Service Search Engine Management System 1.0 has a vulnerability through authentication bypass using SQL injection . Using this vulnerability, an attacker can bypass the login page.
|
|||||
| CVE-2021-3264 | 1 Cxuu | 1 Cxuucms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php.
|
|||||
| CVE-2021-3262 | 1 Trispark | 2 Novusedu, Veo Transportation | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queries.
|
|||||
| CVE-2021-3242 | 1 Duxcms Project | 1 Duxcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
DuxCMS v3.1.3 was discovered to contain a SQL injection vulnerability via the component s/tools/SendTpl/index?keyword=.
|
|||||
| CVE-2021-3239 | 1 E-learning System Project | 1 E-learning System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
E-Learning System 1.0 suffers from an unauthenticated SQL injection vulnerability, which allows remote attackers to execute arbitrary code on the hosting web server and gain a reverse shell.
|
|||||
| CVE-2021-3118 | 1 Medicalexpo | 1 Ecs Imaging | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has multiple SQL Injection issues in the login form and the password-forgotten form (such as /req_password_user.php?email=). This allows an attacker to steal data in the database and obtain access to the application. (The database component runs as root.) NOTE: This vulnerability only affects products that are no longer supported by the maintainer
|
|||||
| CVE-2021-3110 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter.
|
|||||
| CVE-2021-3025 | 1 Invisioncommunity | 1 Ips Community Suite | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST API (the sortDir parameter in a sortBy=popular action to the GETindex() method in applications/downloads/api/files.php).
|
|||||
| CVE-2021-3021 | 1 Ispconfig | 1 Ispconfig | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
ISPConfig before 3.2.2 allows SQL injection.
|
|||||
| CVE-2021-3018 | 1 Ipeak | 1 Ipeakcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
ipeak Infosystems ibexwebCMS (aka IPeakCMS) 3.5 is vulnerable to an unauthenticated Boolean-based SQL injection via the id parameter on the /cms/print.php page.
|
|||||
| CVE-2021-39978 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Telephony application has a SQL Injection vulnerability.Successful exploitation of this vulnerability may cause privacy and security issues.
|
|||||
| CVE-2021-39379 | 1 Os4ed | 1 Opensis | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the ResetUserInfo.php password_stn_id parameter.
|
|||||
| CVE-2021-39378 | 1 Os4ed | 1 Opensis | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the NamesList.php str parameter.
|
|||||
| CVE-2021-39377 | 1 Os4ed | 1 Opensis | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the index.php username parameter.
|
|||||
| CVE-2021-39376 | 1 Philips | 1 Tasy Electronic Medical Record | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the CorCad_F2/executaConsultaEspecifico IE_CORPO_ASSIST or CD_USUARIO_CONVENIO parameter.
|
|||||
| CVE-2021-39375 | 1 Philips | 1 Tasy Electronic Medical Record | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter.
|
|||||
| CVE-2021-39302 | 1 Misp | 1 Misp | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
|
MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions['org'] value.
|
|||||
| CVE-2021-39179 | 1 Dhis2 | 1 Dhis 2 | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL Injection vulnerability in the Tracker component in DHIS2 Server allows authenticated remote attackers to execute arbitrary SQL commands via unspecified vectors. This vulnerability affects the `/api/trackedEntityInstances` and `/api/trackedEntityInstances/query` API endpoints in all DHIS2 versions 2.34, 2.35, and 2.36. It also affects versions 2.32 and 2.33 which have reached _end of supp ...
Show More |
|||||
| CVE-2021-39165 | 1 Chachethq | 1 Cachet | 2024-11-21 | 5.0 MEDIUM | 8.1 HIGH |
|
Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. The original repository of Cachet <https://github.com/CachetHQ/Cachet> is not active, the stable version 2.3.18 and it's developing 2.4 branch is affected.
|
|||||
| CVE-2021-39085 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Sterling B2b Integrator and 3 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 215888.
|
|||||
| CVE-2021-38840 | 1 Simple Water Refilling Station Management System Project | 1 Simple Water Refilling Station Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection can occur in Simple Water Refilling Station Management System 1.0 via the water_refilling/classes/Login.php username parameter.
|
|||||
| CVE-2021-38833 | 1 Apartment Visitors Management System Project | 1 Apartment Visitors Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in PHPGurukul Apartment Visitors Management System (AVMS) v. 1.0 allows attackers to execute arbitrary SQL statements and to gain RCE.
|
|||||
| CVE-2021-38754 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection vulnerability in Hospital Management System due to lack of input validation in messearch.php.
|
|||||
| CVE-2021-38727 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items
|
|||||
| CVE-2021-38723 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/items
|
|||||
| CVE-2021-38706 | 1 Cliniccases | 1 Cliniccases | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
messages_load.php in ClinicCases 7.3.3 suffers from a blind SQL injection vulnerability, which allows low-privileged attackers to execute arbitrary SQL commands through a vulnerable parameter.
|
|||||
| CVE-2021-38694 | 1 Softvibe | 1 Saraban | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
SoftVibe SARABAN for INFOMA 1.1 allows SQL Injection.
|
|||||