Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-30176 | 1 Zerof | 1 Expert | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The ZEROF Expert pro/2.0 application for mobile devices allows SQL Injection via the Authorization header to the /v2/devices/add endpoint.
|
|||||
| CVE-2021-30175 | 1 Zerof | 1 Web Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /HandleEvent endpoint for the login page.
|
|||||
| CVE-2021-30117 | 1 Kaseya | 1 Vsa | 2024-11-21 | 6.5 MEDIUM | 9.8 CRITICAL |
|
The API call /InstallTab/exportFldr.asp is vulnerable to a semi-authenticated boolean-based blind SQL injection in the parameter fldrId. Detailed description --- Given the following request: ``` GET /InstallTab/exportFldr.asp?fldrId=1’ HTTP/1.1 Host: 192.168.1.194 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:85.0) Gecko/20100101 Firefox/85.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, de ...
Show More |
|||||
| CVE-2021-30081 | 1 Emlog | 1 Emlog | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An issue was discovered in emlog 6.0.0stable. There is a SQL Injection vulnerability that can execute any SQL statement and query server sensitive data via admin/navbar.php?action=add_page.
|
|||||
| CVE-2021-30055 | 1 Eng | 1 Knowage | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A SQL injection vulnerability in Knowage Suite version 7.1 exists in the documentexecution/url analytics driver component via the 'par_year' parameter when running a report.
|
|||||
| CVE-2021-30000 | 1 Latrix Project | 1 Latrix | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in LATRIX 0.6.0. SQL injection in the txtaccesscode parameter of inandout.php leads to information disclosure and code execution.
|
|||||
| CVE-2021-29903 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 207506.
|
|||||
| CVE-2021-29798 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 203734.
|
|||||
| CVE-2021-29730 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 201164.
|
|||||
| CVE-2021-29378 | 1 Pearadmin | 1 Pear Admin Think | 2024-11-21 | N/A | 8.8 HIGH |
|
SQL Injection in pear-admin-think version 2.1.2, allows attackers to execute arbitrary code and escalate privileges via crafted GET request to Crud.php.
|
|||||
| CVE-2021-29350 | 1 Shipment 100-design Material Download System Project | 1 Shipment 100-design Material Download System | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
SQL injection in the getip function in conn/function.php in 发货100-设计素材下载系统 1.1 allows remote attackers to inject arbitrary SQL commands via the X-Forwarded-For header to admin/product_add.php.
|
|||||
| CVE-2021-29343 | 1 Ovidentia | 1 Ovidentia | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
Ovidentia CMS 6.x contains a SQL injection vulnerability in the "id" parameter of index.php. The "checkbox" property into "text" data can be extracted and displayed in the text region or in source code.
|
|||||
| CVE-2021-29114 | 1 Esri | 1 Arcgis Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL injection vulnerability in feature services provided by Esri ArcGIS Server 10.9 and below allows a remote, unauthenticated attacker to impact the confidentiality, integrity and availability of targeted services via specifically crafted queries.
|
|||||
| CVE-2021-29099 | 1 Esri | 1 Arcgis Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A SQL injection vulnerability exists in some configurations of ArcGIS Server versions 10.8.1 and earlier. Specially crafted web requests can expose information that is not intended to be disclosed (not customer datasets). Web Services that use file based data sources (file Geodatabase or Shape Files or tile cached services) are unaffected by this issue.
|
|||||
| CVE-2021-29090 | 1 Synology | 1 Photo Station | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL command via unspecified vectors.
|
|||||
| CVE-2021-29089 | 1 Synology | 1 Photo Station | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo Station before 6.8.14-3500 allows remote attackers users to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2021-29053 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1 allow remote authenticated users to execute arbitrary SQL commands via the classPKField parameter to (1) CommerceChannelRelFinder.countByC_C, or (2) CommerceChannelRelFinder.findByC_C.
|
|||||
| CVE-2021-29004 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely.
|
|||||
| CVE-2021-28993 | 1 Plixer | 1 Scrutinizer | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Plixer Scrutinizer 19.0.2 is affected by: SQL Injection. The impact is: obtain sensitive information (remote).
|
|||||
| CVE-2021-28970 | 1 Fireeye | 2 Email Malware Protection System, Ex 3500 | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the job_id parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3.
|
|||||
| CVE-2021-28969 | 1 Fireeye | 2 Email Malware Protection System, Ex 3500 | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort_by parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3. NOTE: this is different from CVE-2020-25034 and affects newer versions of the software.
|
|||||
| CVE-2021-28925 | 1 Nagios | 1 Network Analyzer | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in Nagios Network Analyzer before 2.4.3 via the o[col] parameter to api/checks/read/.
|
|||||
| CVE-2021-28890 | 1 J2eefast | 1 J2eefast | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the (1) compId parameter to fast/sys/user/list, (2) deptId parameter to fast/sys/role/list, or (3) roleId parameter to fast/sys/role/authUser/list, related to the use of ${} to join SQL statements.
|
|||||
| CVE-2021-28828 | 1 Tibco | 1 Administrator | 2024-11-21 | 6.5 MEDIUM | 7.6 HIGH |
|
The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, and TIBCO Administrator - Enterprise Edition for z/Linux contains an easily exploitable vulnerability that allows a low privileged attacker with n ...
Show More |
|||||
| CVE-2021-28668 | 1 Xerox | 20 Altalink B8045, Altalink B8045 Firmware, Altalink B8055 and 17 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities.
|
|||||
| CVE-2021-28419 | 1 Seopanel | 1 Seo Panel | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases.
|
|||||
| CVE-2021-28381 | 1 Vhs Project | 1 Vhs | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The vhs (aka VHS: Fluid ViewHelpers) extension before 5.1.1 for TYPO3 allows SQL injection via isLanguageViewHelper.
|
|||||
| CVE-2021-28295 | 1 Online Ordering System Project | 1 Online Ordering System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Online Ordering System 1.0 is vulnerable to unauthenticated SQL injection through /onlineordering/GPST/admin/design.php, which may lead to database information disclosure.
|
|||||
| CVE-2021-28245 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
PbootCMS 3.0.4 contains a SQL injection vulnerability through index.php via the search parameter that can reveal sensitive information through adding an admin account.
|
|||||
| CVE-2021-28242 | 1 B2evolution | 1 B2evolution | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cf_name" parameter when creating a new filter under the "Collections" tab.
|
|||||
| CVE-2021-28157 | 1 Devolutions | 1 Devolutions Server | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete.
|
|||||
| CVE-2021-28142 | 1 Citsmart | 1 Citsmart | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete."
|
|||||
| CVE-2021-28053 | 1 Centreon | 1 Centreon | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A SQL injection vulnerability in "Configuration > Users > Contacts / Users" allows remote authenticated users to execute arbitrary SQL commands via the Additional Information parameters.
|
|||||
| CVE-2021-28022 | 1 Servicetonic | 1 Servicetonic | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Blind SQL injection in the login form in ServiceTonic Helpdesk software < 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries.
|
|||||
| CVE-2021-27999 | 1 Local Services Search Engine Management System Project | 1 Local Services Search Engine Management System | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
A SQL injection vulnerability was discovered in the editid parameter in Local Services Search Engine Management System Project 1.0. This vulnerability gives admin users the ability to dump all data from the database.
|
|||||
| CVE-2021-27973 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages.
|
|||||
| CVE-2021-27950 | 1 Sitasoftware | 1 Azurcms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through 1.2.3.12 allows an authenticated attacker to execute arbitrary SQL commands via the id parameter to mesdocs.ajax.php in azurWebEngine/eShop. By default, the query is executed as DBA.
|
|||||
| CVE-2021-27948 | 1 Mybb | 1 Mybb | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (issue 3 of 3).
|
|||||
| CVE-2021-27947 | 1 Mybb | 1 Mybb | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. (issue 2 of 3).
|
|||||
| CVE-2021-27946 | 1 Mybb | 1 Mybb | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. (issue 1 of 3).
|
|||||