Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6249 | 1 Sap | 3 Master Data Governance \(s4core\), Master Data Governance \(s4fnd\), Master Data Governance \(sap Bs Fnd\) | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection.
|
|||||
| CVE-2020-6241 | 1 Sap | 1 Adaptive Server Enterprise | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SAP Adaptive Server Enterprise, version 16.0, allows an authenticated user to execute crafted database queries to elevate privileges of users in the system, leading to SQL Injection.
|
|||||
| CVE-2020-6145 | 1 Frappe | 1 Erpnext | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An SQL injection vulnerability exists in the frappe.desk.reportview.get functionality of ERPNext 11.1.38. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2020-6141 | 1 Os4ed | 1 Opensis | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can send an HTTP request to trigger this vulnerability.
|
|||||
| CVE-2020-6140 | 1 Os4ed | 1 Opensis | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability.
|
|||||
| CVE-2020-6139 | 1 Os4ed | 1 Opensis | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The username_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability.
|
|||||
| CVE-2020-6138 | 1 Os4ed | 1 Opensis | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The uname parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection An attacker can send an HTTP request to trigger this vulnerability.
|
|||||
| CVE-2020-6137 | 1 Os4ed | 1 Opensis | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability.
|
|||||
| CVE-2020-6136 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An exploitable SQL injection vulnerability exists in the DownloadWindow.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2020-6135 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An exploitable SQL injection vulnerability exists in the Validator.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2020-6134 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page MassDropModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2020-6133 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page CourseMoreInfo.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2020-6132 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability exists in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page ChooseCP.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2020-6131 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassScheduleSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.
|
|||||
| CVE-2020-6130 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassDropSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.
|
|||||
| CVE-2020-6129 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page CpSessionSet.php is vulnerable to SQL injection.An attacker can make an authenticated HTTP request to trigger these vulnerabilities.
|
|||||
| CVE-2020-6128 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. The meet_date parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2020-6127 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The id parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2020-6126 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The course_period_id parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.
|
|||||
| CVE-2020-6125 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An exploitable SQL injection vulnerability exists in the GetSchool.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2020-6124 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. The email parameter in the page EmailCheckOthers.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2020-6123 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. The email parameter in the page EmailCheck.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2020-6122 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The mn parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2020-6121 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The ln parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2020-6120 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The fn parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2020-6119 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The byear parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2020-6118 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bmonth parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2020-6117 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bday parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2020-6114 | 1 Icehrm | 1 Icehrm | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2020-6010 | 1 Thimpress | 1 Learnpress | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection
|
|||||
| CVE-2020-6009 | 1 Learndash | 1 Learndash | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL Injection.
|
|||||
| CVE-2020-5920 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
In versions 15.0.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a vulnerability in the BIG-IP AFM Configuration utility may allow any authenticated BIG-IP user to perform a read-only blind SQL injection attack.
|
|||||
| CVE-2020-5841 | 1 Opservices | 1 Opmon | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in OpServices OpMon 9.3.1-1. Using password change parameters, an attacker could perform SQL injection without authentication.
|
|||||
| CVE-2020-5768 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote, authenticated attacker to determine the value of database fields.
|
|||||
| CVE-2020-5766 | 1 Srs Simple Hits Counter Project | 1 Srs Simple Hits Counter | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4 allows a remote, unauthenticated attacker to determine the value of database fields.
|
|||||
| CVE-2020-5726 | 1 Grandstream | 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.
|
|||||
| CVE-2020-5725 | 1 Grandstream | 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the login action with a crafted username and, through the use of timing attacks, can discover user passwords.
|
|||||
| CVE-2020-5724 | 1 Grandstream | 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.
|
|||||
| CVE-2020-5659 | 1 Riken | 1 Xoonips | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in the XooNIps 3.49 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2020-5651 | 1 Tipsandtricks-hq | 1 Simple Download Monitor | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL.
|
|||||