Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-21132 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection vulnerability in Metinfo 7.0.0beta in index.php.
|
|||||
| CVE-2020-21131 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
SQL Injection vulnerability in MetInfo 7.0.0beta via admin/?n=language&c=language_web&a=doAddLanguage.
|
|||||
| CVE-2020-21127 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs&c=index&a=dodel.
|
|||||
| CVE-2020-21121 | 1 Kliqqi | 1 Kliqqi Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Pligg CMS 2.0.2 contains a time-based SQL injection vulnerability via the $recordIDValue parameter in the admin_update_module_widgets.php file.
|
|||||
| CVE-2020-21013 | 1 Emlog | 1 Emlog | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
emlog v6.0.0 contains a SQL injection via /admin/comment.php.
|
|||||
| CVE-2020-21012 | 1 Hotel And Lodge Booking Management System Project | 1 Hotel And Lodge Booking Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details.
|
|||||
| CVE-2020-20981 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information.
|
|||||
| CVE-2020-20975 | 1 Gxlcms | 1 Gxlcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter.
|
|||||
| CVE-2020-20800 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the install/index.php?action=adminsetup&cndata=yes&endata=yes&showdata=yes URI.
|
|||||
| CVE-2020-20797 | 1 Flamecms Project | 1 Flamecms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
FlameCMS 3.3.5 contains a time-based blind SQL injection vulnerability in /account/register.php.
|
|||||
| CVE-2020-20796 | 1 Flamecms Project | 1 Flamecms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
FlameCMS 3.3.5 contains a SQL injection vulnerability in /master/article.php via the "Id" parameter.
|
|||||
| CVE-2020-20692 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php.
|
|||||
| CVE-2020-20675 | 1 Nuishop | 1 Nuishop | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Nuishop v2.3 contains a SQL injection vulnerability in /goods/getGoodsListByConditions/.
|
|||||
| CVE-2020-20625 | 1 Slicedinvoices | 1 Sliced Invoices | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Sliced Invoices plugin for WordPress 3.8.2 and earlier allows unauthenticated information disclosure and authenticated SQL injection via core/class-sliced.php.
|
|||||
| CVE-2020-20585 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A blind SQL injection in /admin/?n=logs&c=index&a=dode of Metinfo 7.0 beta allows attackers to access sensitive database information.
|
|||||
| CVE-2020-20583 | 1 8cms | 1 Ljcms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A SQL injection vulnerability in /question.php of LJCMS Version v4.3.R60321 allows attackers to obtain sensitive database information.
|
|||||
| CVE-2020-20474 | 1 White Shark Systems Project | 1 White Shark Systems | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the default_task_edituser.php files failing to filter the csa_to_user parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information.
|
|||||
| CVE-2020-20473 | 1 White Shark Systems Project | 1 White Shark Systems | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the control_task.php, control_project.php, default_user.php files failing to filter the sort parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information.
|
|||||
| CVE-2020-20469 | 1 White Shark Systems Project | 1 White Shark Systems | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the log_edit.php files failing to filter the csa_to_user parameter, remote attackers can exploit the vulnerability to obtain database sensitive information.
|
|||||
| CVE-2020-20392 | 1 Txjia | 1 Imcat | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters in coms/add_coms.php.
|
|||||
| CVE-2020-20340 | 1 S-cms | 1 S-cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A SQL injection vulnerability in the 4.edu.php\conn\function.php component of S-CMS v1.0 allows attackers to access sensitive database information.
|
|||||
| CVE-2020-20300 | 1 Weiphp | 1 Weiphp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in the wp_where function in WeiPHP 5.0.
|
|||||
| CVE-2020-20296 | 1 Cmswing | 1 Cmswing | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands.
|
|||||
| CVE-2020-20295 | 1 Cmswing | 1 Cmswing | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands.
|
|||||
| CVE-2020-20294 | 1 Cmswing | 1 Cmswing | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands.
|
|||||
| CVE-2020-20289 | 1 Yccms | 1 Yccms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Sql injection vulnerability in the yccms 3.3 project. The no_top function's improper judgment of the request parameters, triggers a sql injection vulnerability.
|
|||||
| CVE-2020-20189 | 1 Newpk Project | 1 Newpk | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection vulnerability in NewPK 1.1 via the title parameter to admin\newpost.php.
|
|||||
| CVE-2020-20120 | 1 Thinkphp | 1 Thinkphp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods.
|
|||||
| CVE-2020-1937 | 1 Apache | 1 Kylin | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries.
|
|||||
| CVE-2020-19961 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php.
|
|||||
| CVE-2020-19960 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendsms.php page cookie.
|
|||||
| CVE-2020-19959 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendmail.php page cookie.
|
|||||
| CVE-2020-19957 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the id parameter on the /dl/dl_print.php page.
|
|||||
| CVE-2020-19853 | 1 Bluecms Project | 1 Bluecms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
BlueCMS v1.6 contains a SQL injection vulnerability via /ad_js.php.
|
|||||
| CVE-2020-19821 | 1 Wdoyo | 1 Doyocms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A SQL injection vulnerability in admin.php of DOYOCMS 2.3 allows attackers to execute arbitrary SQL commands via the orders[] parameter.
|
|||||
| CVE-2020-19705 | 1 Thinkphp-zcms Project | 1 Thinkphp-zcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
thinkphp-zcms as of 20190715 allows SQL injection via index.php?m=home&c=message&a=add.
|
|||||
| CVE-2020-19455 | 1 Jdownloads | 1 Jdownloads | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
SQL injection exists in the jdownloads 3.2.63 component for Joomla! via components/com_jdownloads/helpers/categories.php, order function via the filter_order parameter.
|
|||||
| CVE-2020-19451 | 1 Jdownloads | 1 Jdownloads | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, updateLog function via the X-forwarded-for Header parameter.
|
|||||
| CVE-2020-19450 | 1 Jdownloads | 1 Jdownloads | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, getUserLimits function in the list parameter.
|
|||||
| CVE-2020-19447 | 1 Jdownloads | 1 Jdownloads | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
SQL injection exists in the jdownloads 3.2.63 component for Joomla! com_jdownloads/models/send.php via the f_marked_files_id parameter.
|
|||||