Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-19217 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL Injection vulnerability in admin/batch_manager.php in piwigo v2.9.5, via the filter_category parameter to admin.php?page=batch_manager.
|
|||||
| CVE-2020-19216 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=group_perm.
|
|||||
| CVE-2020-19215 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=user_perm.
|
|||||
| CVE-2020-19213 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection vulnerability in cat_move.php in piwigo v2.9.5, via the selection parameter to move_categories.
|
|||||
| CVE-2020-19212 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
SQL Injection vulnerability in admin/group_list.php in piwigo v2.9.5, via the group parameter to delete.
|
|||||
| CVE-2020-19165 | 1 Phpshe | 1 Phpshe | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
PHPSHE 1.7 has SQL injection via the admin.php?mod=user&userlevel_id=1 userlevel_id[] parameter.
|
|||||
| CVE-2020-19114 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.
|
|||||
| CVE-2020-19112 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code.
|
|||||
| CVE-2020-19110 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code.
|
|||||
| CVE-2020-19109 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, which could let a remote malicious user execute arbitrary code.
|
|||||
| CVE-2020-19108 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary code.
|
|||||
| CVE-2020-19107 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.
|
|||||
| CVE-2020-18913 | 1 Ecisp | 1 Espcms-p8 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
EARCLINK ESPCMS-P8 was discovered to contain a SQL injection vulnerability in the espcms_web/Search.php component via the attr_array parameter. This vulnerability allows attackers to access sensitive database information.
|
|||||
| CVE-2020-18877 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'.
|
|||||
| CVE-2020-18746 | 1 Aitecms | 1 Aitecms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
SQL Injection in AiteCMS v1.0 allows remote attackers to execute arbitrary code via the component "aitecms/login/diy_list.php".
|
|||||
| CVE-2020-18717 | 1 Zzzcms | 1 Zzzphp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzz_template.php.
|
|||||
| CVE-2020-18716 | 1 Rockoa | 1 Rockoa | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php.
|
|||||
| CVE-2020-18714 | 1 Rockoa | 1 Rockoa | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordModel.php's getdata function.
|
|||||
| CVE-2020-18713 | 1 Rockoa | 1 Rockoa | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php
|
|||||
| CVE-2020-18667 | 1 Webport | 1 Webport | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection vulnerability in WebPort <=1.19.1 via the new connection, parameter name in type-conn.
|
|||||
| CVE-2020-18662 | 1 Sir | 1 Gnuboard | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection vulnerability in gnuboard5 <=v5.3.2.8 via the table_prefix parameter in install_db.php.
|
|||||
| CVE-2020-18544 | 1 Wms Project | 1 Wms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary code via the "username" parameter in the component "chkuser.php".
|
|||||
| CVE-2020-18477 | 1 Hucart | 1 Hucart | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enquiry field found in the Message con_content field.
|
|||||
| CVE-2020-18476 | 1 Hucart | 1 Hucart | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic information field found in the avatar usd_image field.
|
|||||
| CVE-2020-18263 | 1 Php-cms Project | 1 Php-cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability in the component search.php via the search parameter. This vulnerability allows attackers to access sensitive database information.
|
|||||
| CVE-2020-18262 | 1 Ed01-cms Project | 1 Ed01-cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
ED01-CMS v1.0 was discovered to contain a SQL injection in the component cposts.php via the cid parameter.
|
|||||
| CVE-2020-18215 | 1 Phpshe | 1 Phpshe | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.php via the (1) ad_id, (2) menu_id, and (3) cashout_id parameters, which could let a remote malicious user execute arbitrary code.
|
|||||
| CVE-2020-18175 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd action in basic.php.
|
|||||
| CVE-2020-18164 | 1 Tp-shop | 1 Tp-shop | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill parameter.
|
|||||
| CVE-2020-18155 | 1 Intelliants | 1 Subrion | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page if a website uses a PDO connection.
|
|||||
| CVE-2020-18144 | 1 Ectouch | 1 Ectouch | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection Vulnerability in ECTouch v2 via the integral_min parameter in index.php.
|
|||||
| CVE-2020-18116 | 1 Youdiancms | 1 Youdiancms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A lack of filtering for searched keywords in the search bar of YouDianCMS 8.0 allows attackers to perform SQL injection.
|
|||||
| CVE-2020-18106 | 1 Wms Project | 1 Wms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The GET parameter "id" in WMS v1.0 is passed without filtering, which allows attackers to perform SQL injection.
|
|||||
| CVE-2020-18081 | 1 Sem-cms | 1 Semcms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query.
|
|||||
| CVE-2020-18020 | 1 Phpshe | 1 Mall System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the "user_phone" parameter of a crafted HTTP request to the "admin.php" component.
|
|||||
| CVE-2020-18019 | 1 Xinfu | 1 Oa System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
SQL Injection in Xinhu OA System v1.8.3 allows remote attackers to obtain sensitive information by injecting arbitrary commands into the "typeid" variable of the "createfolderAjax" function in the "mode_worcAction.php" component.
|
|||||
| CVE-2020-18013 | 1 Whatsns | 1 Whatsns | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injextion vulnerability exists in Whatsns 4.0 via the ip parameter in index.php?admin_banned/add.htm.
|
|||||
| CVE-2020-17506 | 1 Articatech | 1 Web Proxy | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.
|
|||||
| CVE-2020-17373 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
|
SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection.
|
|||||
| CVE-2020-16629 | 1 Phpok | 1 Phpok | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target path.
|
|||||