Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36540 | 1 Neetai | 1 Neetai Tech | 2024-11-21 | 7.5 HIGH | 6.3 MEDIUM |
|
A vulnerability, which was classified as critical, was found in Neetai Tech. Affected is an unknown function of the file /product.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2020-36539 | 1 Logicoycreativo | 1 Logico Y Creativo | 2024-11-21 | 7.5 HIGH | 6.3 MEDIUM |
|
A vulnerability was found in Lógico y Creativo 1.0 and classified as critical. This issue affects some unknown processing. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely.
|
|||||
| CVE-2020-36538 | 1 Etan | 1 Etan Cms | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in Eatan CMS. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The attack can be launched remotely.
|
|||||
| CVE-2020-36537 | 1 Everywhere | 1 Everywhere Cms | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in Everywhere CMS. It has been classified as critical. Affected is an unknown function. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely.
|
|||||
| CVE-2020-36536 | 1 Brandbugle | 1 Brandbugle | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in Brandbugle. It has been rated as critical. Affected by this issue is some unknown functionality of the file /main.php. The manipulation leads to sql injection. The attack may be launched remotely.
|
|||||
| CVE-2020-36535 | 1 Minmax | 1 Minmax | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability classified as critical has been found in MINMAX. This affects an unknown part of the file /newsDia.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely.
|
|||||
| CVE-2020-36530 | 1 Ibm | 1 Sevone Network Performance Management | 2024-11-21 | 6.0 MEDIUM | 6.3 MEDIUM |
|
A vulnerability classified as critical was found in SevOne Network Management System up to 5.7.2.22. This vulnerability affects the Alert Summary. The manipulation leads to sql injection. The attack can be initiated remotely.
|
|||||
| CVE-2020-36195 | 1 Qnap | 3 Media Streaming Add-on, Multimedia Console, Qts | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and la ...
Show More |
|||||
| CVE-2020-36136 | 1 Cskaza | 1 Cszcms | 2024-11-21 | N/A | 7.5 HIGH |
|
SQL Injection vulnerability in cskaza cszcms version 1.2.9, allows attackers to gain sensitive information via pm_sendmail parameter in csz_model.php.
|
|||||
| CVE-2020-36112 | 1 Cse Bookstore Project | 1 Cse Bookstore | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application is running.
|
|||||
| CVE-2020-36034 | 1 School Faculty Scheduling System Project | 1 School Faculty Scheduling System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQL Injection vulnerability in oretnom23 School Faculty Scheduling System version 1.0, allows remote attacker to execute arbitrary code, escalate privilieges, and gain sensitive information via crafted payload to id parameter in manage_user.php.
|
|||||
| CVE-2020-36033 | 1 Water Billing System Project | 1 Water Billing System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the id parameter to edituser.php.
|
|||||
| CVE-2020-36004 | 1 Appcms | 1 Appcms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
AppCMS 2.0.101 in /admin/download_frame.php has a SQL injection vulnerability which allows attackers to obtain sensitive database information.
|
|||||
| CVE-2020-36003 | 1 Online Book Store Project | 1 Online Book Store | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases.
|
|||||
| CVE-2020-36002 | 1 Seat-reservation-system Project | 1 Seat-reservation-system | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Seat-Reservation-System 1.0 has a SQL injection vulnerability in index.php in the id parameter where attackers can obtain sensitive database information.
|
|||||
| CVE-2020-35848 | 1 Agentejo | 1 Cockpit | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.
|
|||||
| CVE-2020-35847 | 1 Agentejo | 1 Cockpit | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.
|
|||||
| CVE-2020-35846 | 1 Agentejo | 1 Cockpit | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
|
|||||
| CVE-2020-35765 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.
|
|||||
| CVE-2020-35743 | 1 Hgiga | 4 Msr45 Isherlock-antispam, Msr45 Isherlock-user, Ssr45 Isherlock-antispam and 1 more | 2024-11-21 | 6.5 MEDIUM | 7.0 HIGH |
|
HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages.
|
|||||
| CVE-2020-35742 | 1 Hgiga | 4 Msr45 Isherlock-antispam, Msr45 Isherlock-user, Ssr45 Isherlock-antispam and 1 more | 2024-11-21 | 6.5 MEDIUM | 7.0 HIGH |
|
HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter.
|
|||||
| CVE-2020-35708 | 1 Phplist | 1 Phplist | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page.
|
|||||
| CVE-2020-35701 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution.
|
|||||
| CVE-2020-35700 | 1 Librenms | 1 Librenms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-settings endpoint.
|
|||||
| CVE-2020-35674 | 1 Bigprof | 1 Online Invoicing System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
BigProf Online Invoicing System before 2.9 suffers from an unauthenticated SQL Injection found in /membership_passwordReset.php (the endpoint that is responsible for issuing self-service password resets). An unauthenticated attacker is able to send a request containing a crafted payload that can result in sensitive information being extracted from the database, eventually leading into an application takeover. This vulnerability was introduced as a result of the developer trying to roll their own ...
Show More |
|||||
| CVE-2020-35666 | 1 Steedos | 1 Steedos | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Steedos Platform through 1.21.24 allows NoSQL injection because the /api/collection/findone implementation in server/packages/steedos_base.js mishandles req.body validation, as demonstrated by MongoDB operator attacks such as an X-User-Id[$ne]=1 value.
|
|||||
| CVE-2020-35613 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Joomla! 3.0.0 through 3.9.22. Improper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list.
|
|||||
| CVE-2020-35597 | 1 Victor Cms Project | 1 Victor Cms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_update_categories.php.
|
|||||
| CVE-2020-35545 | 1 Spotweb Project | 1 Spotweb | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Time-based SQL injection exists in Spotweb 1.4.9 via the query string.
|
|||||
| CVE-2020-35441 | 1 Fangfa | 1 Fdcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
FDCMS (aka Fangfa Content Management System) 4.0 contains a front-end SQL injection via Admin/Lib/Action/FloginAction.class.php.
|
|||||
| CVE-2020-35430 | 1 Inxedu | 1 Inxedu | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection in com/inxedu/OS/edu/controller/letter/AdminMsgSystemController in Inxedu v2.0.6 via the ids parameter to admin/letter/delsystem.
|
|||||
| CVE-2020-35427 | 1 Phpgurukul | 1 Employee Record Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.
|
|||||
| CVE-2020-35382 | 1 Classroombookings | 1 Classroombookings | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user.
|
|||||
| CVE-2020-35378 | 1 Online Bus Ticket Reservation Project | 1 Online Bus Ticket Reservation | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute arbitrary SQL commands and bypass authentication via the username and password fields.
|
|||||
| CVE-2020-35337 | 1 Thinksaas | 1 Thinksaas | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands.
|
|||||
| CVE-2020-35329 | 1 Courier Management System Project | 1 Courier Management System | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Courier Management System 1.0 1.0 is affected by SQL Injection via 'MULTIPART street '.
|
|||||
| CVE-2020-35327 | 1 Courier Management System Project | 1 Courier Management System | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
SQL injection vulnerability was discovered in Courier Management System 1.0, which can be exploited via the ref_no (POST) parameter to admin_class.php
|
|||||
| CVE-2020-35276 | 1 Egavilanmedia | 1 Ecm Address Book | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. An attacker can bypass the Admin Login panel through SQLi and get Admin access and add or remove any user.
|
|||||
| CVE-2020-35270 | 1 Student Result Management System Project | 1 Student Result Management System | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
Student Result Management System In PHP With Source Code is affected by SQL injection. An attacker can able to access of Admin Panel and manage every account of Result.
|
|||||
| CVE-2020-35263 | 1 Egavilanmedia | 1 User Registration And Login System With Admin Panel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
EgavilanMedia User Registration & Login System 1.0 is affected by SQL injection to the admin panel, which may allow arbitrary code execution.
|
|||||