Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24841 | 1 Sdg | 1 Pnpscada | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in /browse.jsp. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
|||||
| CVE-2020-24791 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
|||||
| CVE-2020-24770 | 1 Nexusphp | 1 Nexusphp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2020-24769 | 1 Nexusphp | 1 Nexusphp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter.
|
|||||
| CVE-2020-24673 | 1 Abb | 2 Symphony \+ Historian, Symphony \+ Operations | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. This can lead to a loss of confidentiality and data integrity or even affect the product behavior and its availability.
|
|||||
| CVE-2020-24671 | 1 Tracefinanacial | 1 Crestbridge | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL injection vulnerability, which was fixed in 6.3.0.03.
|
|||||
| CVE-2020-24667 | 1 Tracefinanacial | 1 Crestbridge | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL injection vulnerability, which was fixed in 6.3.0.03.
|
|||||
| CVE-2020-24623 | 1 Hpe | 1 Universal Api Framework | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework. The vulnerability could be remotely exploited to allow SQL injection in HPE Universal API Framework for VMware Esxi v2.5.2 and HPE Universal API Framework for Microsoft Hyper-V (VHD).
|
|||||
| CVE-2020-24617 | 1 Mailtrain | 1 Mailtrain | 2024-11-21 | 6.0 MEDIUM | 8.8 HIGH |
|
Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns.js via /campaigns/clicked/ajax because variable column names are not properly escaped.
|
|||||
| CVE-2020-24593 | 1 Mitel | 1 Micloud Management Portal | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote attacker to conduct a SQL Injection attack and access user credentials due to improper input validation.
|
|||||
| CVE-2020-24569 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in attackers to discover arbitrary information.
|
|||||
| CVE-2020-24568 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the lancompenent component, allowing logged-in attackers to discover arbitrary information.
|
|||||
| CVE-2020-24400 | 1 Magento | 1 Magento | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
|
Magento versions 2.4.0 and 2.3.5 (and earlier) are affected by an SQL Injection vulnerability that could lead to sensitive information disclosure. This vulnerability could be exploited by an authenticated user with permissions to the product listing page to read data from the database.
|
|||||
| CVE-2020-24315 | 1 Wordpress Poll Project | 1 Wordpress Poll | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who craft specific SQL statements to dump the entire targets database.
|
|||||
| CVE-2020-24208 | 1 Online Shopping Alphaware Project | 1 Online Shopping Alphaware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL injection vulnerability in SourceCodester Online Shopping Alphaware 1.0 allows remote unauthenticated attackers to bypass the authentication process via email and password parameters.
|
|||||
| CVE-2020-24197 | 1 Stock Management System Project | 1 Stock Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote attacker to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2020-24193 | 1 Daily Tracker System Project | 1 Daily Tracker System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL injection vulnerability in login in Sourcecodetester Daily Tracker System 1.0 allows unauthenticated user to execute authentication bypass with SQL injection via the email parameter.
|
|||||
| CVE-2020-24000 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php.
|
|||||
| CVE-2020-23980 | 1 Designmasterevents | 1 Conference Management | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
DesignMasterEvents Conference management 1.0.0 allows SQL Injection via the username field on the administrator login page.
|
|||||
| CVE-2020-23979 | 1 13enforme | 1 13enforme Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
13enforme CMS 1.0 has SQL Injection via the 'content.php' id parameter.
|
|||||
| CVE-2020-23978 | 1 Soluzioneglobale | 1 Ecommerce Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection can occur in Soluzione Globale Ecommerce CMS v1 via the parameter " offerta.php"
|
|||||
| CVE-2020-23976 | 1 Webexcels | 1 Ecommerce Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Injection via the 'content.php' id parameter.
|
|||||
| CVE-2020-23973 | 1 Kandnconcepts Club Cms Project | 1 Kandnconcepts Club Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the 'team.php,player.php,club.php' id parameter.
|
|||||
| CVE-2020-23945 | 1 Victor Cms Project | 1 Victor Cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A SQL injection vulnerability exists in Victor CMS V1.0 in the cat_id parameter of the category.php file. This parameter can be used by sqlmap to obtain data information in the database.
|
|||||
| CVE-2020-23936 | 1 Phpgurukul | 1 Vehicle Parking Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
PHPGurukul Vehicle Parking Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)".
|
|||||
| CVE-2020-23833 | 1 Projectworlds | 1 House Rental | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Projectworlds House Rental v1.0 suffers from an unauthenticated SQL Injection vulnerability, allowing remote attackers to execute arbitrary code on the hosting webserver via a malicious index.php POST request.
|
|||||
| CVE-2020-23763 | 1 Online Book Store Project | 1 Online Book Store | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication.
|
|||||
| CVE-2020-23711 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php.
|
|||||
| CVE-2020-23685 | 1 Vtimecn | 1 188jianzhan | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection vulnerability in 188Jianzhan v2.1.0, allows attackers to execute arbitrary code and gain escalated privileges, via the username parameter to login.php.
|
|||||
| CVE-2020-23630 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A blind SQL injection vulnerability exists in zzcms ver201910 based on time (cookie injection).
|
|||||
| CVE-2020-23282 | 1 Mv | 1 Mconnect | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
SQL injection in Logon Page in MV's mConnect application, v02.001.00, allows an attacker to use a non existing user with a generic password to connect to the application and get access to unauthorized information.
|
|||||
| CVE-2020-23262 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in ming-soft MCMS v5.0, where a malicious user can exploit SQL injection without logging in through /mcms/view.do.
|
|||||
| CVE-2020-23150 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allows attackers to access sensitive database information via a crafted GET request to install/lib/ajaxHandlers/ajaxDbInstall.php.
|
|||||
| CVE-2020-23149 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a SQL injection and access sensitive database information.
|
|||||
| CVE-2020-23045 | 1 Macs Cms Project | 1 Macs Cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a SQL injection vulnerability via the 'roleId' parameter of the `editRole` and `deletUser` modules.
|
|||||
| CVE-2020-22807 | 1 Vtiger | 1 Vtiger Crm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature.
|
|||||
| CVE-2020-22781 | 1 Etherpad | 1 Etherpad | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Etherpad < 1.8.3, a specially crafted URI would raise an unhandled exception in the cache mechanism and cause a denial of service (crash the instance).
|
|||||
| CVE-2020-22425 | 1 Centreon | 1 Centreon | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command execution.
|
|||||
| CVE-2020-22226 | 1 Phpjabbers | 1 Fundraising Script | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionSetAmount function.
|
|||||
| CVE-2020-22225 | 1 Phpjabbers | 1 Fundraising Script | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoadForm function.
|
|||||