Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10802 | 5 Debian, Fedoraproject, Opensuse and 2 more | 7 Debian Linux, Fedora, Backports Sle and 4 more | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
|
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table.
|
|||||
| CVE-2020-10623 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Multiple vulnerabilities could allow an attacker with low privileges to perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information.
|
|||||
| CVE-2020-10617 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information.
|
|||||
| CVE-2020-10582 | 1 Invigo | 1 Automatic Device Management | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL injection on the /admin/display_errors.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to execute arbitrary SQL requests (including data reading and modification) on the database.
|
|||||
| CVE-2020-10563 | 1 Devome | 1 Grr | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in DEVOME GRR before 3.4.1c. frmcontactlist.php mishandles a SQL query.
|
|||||
| CVE-2020-10549 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
|
|||||
| CVE-2020-10548 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
|
|||||
| CVE-2020-10547 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
|
|||||
| CVE-2020-10546 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
|
|||||
| CVE-2020-10512 | 1 Hgiga | 1 Oaklouds Ccm\@il | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
HGiga C&Cmail CCMAILQ before olln-calendar-6.0-100.i386.rpm and CCMAILN before olln-calendar-5.0-100.i386.rpm contains a SQL Injection vulnerability which allows attackers to injecting SQL commands in the URL parameter to execute unauthorized commands.
|
|||||
| CVE-2020-10505 | 1 The School Manage System Project | 1 The School Manage System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, an attacker can use a union based injection query string to get databases schema and username/password.
|
|||||
| CVE-2020-10381 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated SQL injection in DATA24, allowing attackers to discover database and table names.
|
|||||
| CVE-2020-10380 | 1 R-consortium | 1 Rmysql | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
RMySQL through 0.10.19 allows SQL Injection.
|
|||||
| CVE-2020-10365 | 1 Logicaldoc | 1 Logicaldoc | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database. This list could be filtered by modifying some of the parameters. Some of them are not properly sanitized which could allow an authenticated attacker to perform arbitrary queries to the database.
|
|||||
| CVE-2020-10243 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype.
|
|||||
| CVE-2020-10230 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) allows SQL Injection via the /cwp_{SESSION_HASH}/admin/loader_ajax.php term parameter.
|
|||||
| CVE-2020-10220 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.
|
|||||
| CVE-2020-10218 | 1 Sapplica | 1 Sentrifugo | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function.
|
|||||
| CVE-2020-10190 | 1 Munkireport Project | 1 Munkireport | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An issue was discovered in MunkiReport before 5.3.0. An authenticated user could achieve SQL Injection in app/models/tablequery.php by crafting a special payload on the /datatables/data endpoint.
|
|||||
| CVE-2020-10184 | 1 Yubico | 1 Yubikey One Time Password Validation Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service; the issue does NOT affect YubiCloud.
|
|||||
| CVE-2020-10106 | 1 Phpgurukul | 1 Daily Expense Tracker System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injection, as demonstrated by the email parameter in index.php or register.php. The SQL injection allows to dump the MySQL database and to bypass the login prompt.
|
|||||
| CVE-2020-0352 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-132074310
|
|||||
| CVE-2020-0344 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140729887
|
|||||
| CVE-2020-0060 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
In query of SmsProvider.java and MmsSmsProvider.java, there is a possible permission bypass due to SQL injection. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143229845
|
|||||
| CVE-2019-9918 | 1 Harmistechnology | 1 Je Messenger | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database.
|
|||||
| CVE-2019-9885 | 1 Eclass | 1 Eclass Ip | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
eClass platform < ip.2.5.10.2.1 allows an attacker to execute SQL command via /admin/academic/studenview_left.php StudentID parameter.
|
|||||
| CVE-2019-9846 | 1 Rockoa | 1 Rockoa | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
|
RockOA 1.8.7 allows remote attackers to obtain sensitive information because the webmain/webmainAction.php publictreestore method constructs a SQL WHERE clause unsafely by using the pidfields and idfields parameters, aka background SQL injection.
|
|||||
| CVE-2019-9762 | 1 Phpshe | 1 Phpshe | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id. The vulnerability does not need any authentication.
|
|||||
| CVE-2019-9759 | 1 Tongda2000 | 1 Office Anywhere | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in TONGDA Office Anywhere 10.18.190121. There is a SQL Injection vulnerability via the general/approve_center/list/input_form/work_handle.php run_id parameter.
|
|||||
| CVE-2019-9693 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id), _AdjustNameSeq (parameter shownumber), _Updatepicture (parameter picture_id), and _Deletepicture (parameter picture_id).
|
|||||
| CVE-2019-9626 | 1 Phpshe | 1 Phpshe | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
PHPSHE 1.7 allows module/index/cart.php pintuan_id SQL Injection to index.php.
|
|||||
| CVE-2019-9615 | 1 Ofcms Project | 1 Ofcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
An issue was discovered in OFCMS before 1.1.3. It allows admin/system/generate/create?sql= SQL injection, related to SystemGenerateController.java.
|
|||||
| CVE-2019-9594 | 1 Bluecms Project | 1 Bluecms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
BlueCMS 1.6 allows SQL Injection via the user_id parameter in an uploads/admin/user.php?act=edit request.
|
|||||
| CVE-2019-9568 | 1 Incsub | 1 Forminator | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has SQL Injection via the wp-admin/admin.php?page=forminator-entries entry[] parameter if the attacker has the delete permission.
|
|||||
| CVE-2019-9566 | 1 Flarumchina | 1 Flarumchina | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
FlarumChina v0.1.0-beta.7C has SQL injection via a /?q= request.
|
|||||
| CVE-2019-9204 | 1 Nagios | 1 Incident Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands.
|
|||||
| CVE-2019-9184 | 1 J2store | 1 J2store | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the product_option[] parameter.
|
|||||
| CVE-2019-9165 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id.
|
|||||
| CVE-2019-9087 | 1 Digitaldruid | 1 Hoteldruid | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php numtariffa1 parameter.
|
|||||
| CVE-2019-9086 | 1 Digitaldruid | 1 Hoteldruid | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle.php anno parameter.
|
|||||