Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26578 | 1 Hpe | 1 Network Orchestrator | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A potential security vulnerability has been identified in HPE Network Orchestrator (NetO) version(s): Prior to 2.5. The vulnerability could be remotely exploited with SQL injection.
|
|||||
| CVE-2021-26232 | 1 Simple College Website Project | 1 Simple College Website | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in SourceCodester Simple College Website v 1.0 allows remote attackers to execute arbitrary SQL statements via the id parameter to news.php.
|
|||||
| CVE-2021-26231 | 1 Fantastic Blog Cms Project | 1 Fantastic Blog Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in SourceCodester Fantastic Blog CMS v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to category.php.
|
|||||
| CVE-2021-26229 | 1 Casap Automated Enrollment System Project | 1 Casap Automated Enrollment System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_stud.php.
|
|||||
| CVE-2021-26228 | 1 Casap Automated Enrollment System Project | 1 Casap Automated Enrollment System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_class1.php.
|
|||||
| CVE-2021-26226 | 1 Casap Automated Enrollment System Project | 1 Casap Automated Enrollment System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_user.php.
|
|||||
| CVE-2021-26223 | 1 Casap Automated Enrollment System Project | 1 Casap Automated Enrollment System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to view_pay.php.
|
|||||
| CVE-2021-26201 | 1 Casap Automated Enrollment System Project | 1 Casap Automated Enrollment System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The Login Panel of CASAP Automated Enrollment System 1.0 is vulnerable to SQL injection authentication bypass. An attacker can obtain access to the admin panel by injecting a SQL query in the username field of the login page.
|
|||||
| CVE-2021-26200 | 1 Library System Project | 1 Library System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The user area for Library System 1.0 is vulnerable to SQL injection where a user can bypass the authentication and login as the admin user.
|
|||||
| CVE-2021-26114 | 1 Fortinet | 1 Fortiwan | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiWAN before 4.5.9 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
|
|||||
| CVE-2021-25899 | 1 Void | 1 Aurall Rec Monitor | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind time-based SQL Injection. The vulnerable parameter is param1.
|
|||||
| CVE-2021-25874 | 1 Youphptube | 1 Youphptube | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases information such as application passwords hashes.
|
|||||
| CVE-2021-25784 | 1 Taogogo | 1 Taocms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article.
|
|||||
| CVE-2021-25783 | 1 Taogogo | 1 Taocms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search.
|
|||||
| CVE-2021-25482 | 1 Google | 1 Android | 2024-11-21 | 3.6 LOW | 5.9 MEDIUM |
|
SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1 allow untrusted application to overwrite some CMFA framework information.
|
|||||
| CVE-2021-25427 | 1 Google | 1 Android | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
SQL injection vulnerability in Bluetooth prior to SMR July-2021 Release 1 allows unauthorized access to paired device information
|
|||||
| CVE-2021-25213 | 1 Travel Management System Project | 1 Travel Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in SourceCodester Travel Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the catid parameter to subcat.php.
|
|||||
| CVE-2021-25212 | 1 Alumni Management System Project | 1 Alumni Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in SourceCodester Alumni Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to manage_event.php.
|
|||||
| CVE-2021-25209 | 1 Theme Park Ticketing System Project | 1 Theme Park Ticketing System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in SourceCodester Theme Park Ticketing System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to view_user.php .
|
|||||
| CVE-2021-25205 | 1 E-commerce Website Project | 1 E-commerce Website | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in SourceCodester E-Commerce Website V 1.0 allows remote attackers to execute arbitrary SQL statements, via the update parameter to empViewUpdate.php .
|
|||||
| CVE-2021-25202 | 1 Sales And Inventory System Project | 1 Sales And Inventory System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in SourceCodester Sales and Inventory System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to \ahira\admin\inventory.php.
|
|||||
| CVE-2021-25201 | 1 Learning Management System Project | 1 Learning Management System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
SQL injection vulnerability in Learning Management System v 1.0 allows remote attackers to execute arbitrary SQL statements through the id parameter to obtain sensitive database information.
|
|||||
| CVE-2021-25153 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
|
|||||
| CVE-2021-25114 | 1 Strangerstudios | 1 Paid Memberships Pro | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape the discount_code in one of its REST route (available to unauthenticated users) before using it in a SQL statement, leading to a SQL injection
|
|||||
| CVE-2021-25109 | 1 Futuriowp | 1 Futurio Extra | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
|
The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting (XSS) against logged in admins by making send open a malicious link.
|
|||||
| CVE-2021-25076 | 1 Wedevs | 1 Wp User Frontend | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting
|
|||||
| CVE-2021-25070 | 1 Stopbadbots | 1 Block And Stop Bad Bots | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The Block Bad Bots WordPress plugin before 6.88 does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issue
|
|||||
| CVE-2021-25068 | 1 Dpl | 1 Sync Woocommerce Product Feed To Google Shopping | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
The Sync WooCommerce Product feed to Google Shopping WordPress plugin through 1.2.4 uses the 'feed_id' POST parameter which is not properly sanitized for use in a SQL statement, leading to a SQL injection vulnerability in the admin dashboard
|
|||||
| CVE-2021-25064 | 1 Wow-company | 1 Wow Countdowns | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
The Wow Countdowns WordPress plugin through 3.1.2 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection.
|
|||||
| CVE-2021-25054 | 1 Wow-company | 1 Wpcalc | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The WPcalc WordPress plugin through 2.1 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection vulnerability.
|
|||||
| CVE-2021-25045 | 1 Asgaros | 1 Asgaros Forum | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issue
|
|||||
| CVE-2021-25037 | 1 Aioseo | 1 All In One Seo | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was discovered during an internal audit by the Jetpack Scan team, and could grant attackers access to privileged information from the affected site’s database (e.g., usernames and hashed passwords).
|
|||||
| CVE-2021-25030 | 1 E-dynamics | 1 Events Made Easy | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The Events Made Easy WordPress plugin before 2.2.36 does not sanitise and escape the search_text parameter before using it in a SQL statement via the eme_searchmail AJAX action, available to any authenticated users. As a result, users with a role as low as subscriber can call it and perform SQL injection attacks
|
|||||
| CVE-2021-25023 | 1 Optimocha | 1 Speed Booster Pack | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escape the sbp_convert_table_name parameter before using it in a SQL statement to convert the related table, leading to an SQL injection
|
|||||
| CVE-2021-25007 | 1 Molie Instructure Canvas Linking Tool Project | 1 Molie Instructure Canvas Linking Tool | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The MOLIE WordPress plugin through 0.5 does not validate and escape a post parameter before using in a SQL statement, leading to an SQL Injection
|
|||||
| CVE-2021-24959 | 1 Techspawn | 1 Wp-email-users | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The WP Email Users WordPress plugin through 1.7.6 does not escape the data_raw parameter in the weu_selected_users_1 AJAX action, available to any authenticated users, allowing them to perform SQL injection attacks.
|
|||||
| CVE-2021-24957 | 1 Advanced Page Visit Counter Project | 1 Advanced Page Visit Counter | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The Advanced Page Visit Counter WordPress plugin before 6.1.6 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenticated user, leading to a SQL injection
|
|||||
| CVE-2021-24951 | 1 Thimpress | 1 Learnpress | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The LearnPress WordPress plugin before 4.1.4 does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Injections issues
|
|||||
| CVE-2021-24949 | 1 Posimyth | 1 The Plus Addons For Elementor | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The "WP Search Filters" widget of The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection
|
|||||
| CVE-2021-24946 | 1 Webnus | 1 Modern Events Calendar Lite | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue
|
|||||