Total
14754 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35742 | 1 Hgiga | 4 Msr45 Isherlock-antispam, Msr45 Isherlock-user, Ssr45 Isherlock-antispam and 1 more | 2024-11-21 | 6.5 MEDIUM | 7.0 HIGH |
| HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter. | |||||
| CVE-2020-35708 | 1 Phplist | 1 Phplist | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page. | |||||
| CVE-2020-35701 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution. | |||||
| CVE-2020-35700 | 1 Librenms | 1 Librenms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-settings endpoint. | |||||
| CVE-2020-35674 | 1 Bigprof | 1 Online Invoicing System | 2024-11-21 | N/A | 9.8 CRITICAL |
| BigProf Online Invoicing System before 2.9 suffers from an unauthenticated SQL Injection found in /membership_passwordReset.php (the endpoint that is responsible for issuing self-service password resets). An unauthenticated attacker is able to send a request containing a crafted payload that can result in sensitive information being extracted from the database, eventually leading into an application takeover. This vulnerability was introduced as a result of the developer trying to roll their own sanitization implementation in order to allow the application to be used in legacy environments. | |||||
| CVE-2020-35666 | 1 Steedos | 1 Steedos | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Steedos Platform through 1.21.24 allows NoSQL injection because the /api/collection/findone implementation in server/packages/steedos_base.js mishandles req.body validation, as demonstrated by MongoDB operator attacks such as an X-User-Id[$ne]=1 value. | |||||
| CVE-2020-35613 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Joomla! 3.0.0 through 3.9.22. Improper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list. | |||||
| CVE-2020-35597 | 1 Victor Cms Project | 1 Victor Cms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_update_categories.php. | |||||
| CVE-2020-35545 | 1 Spotweb Project | 1 Spotweb | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Time-based SQL injection exists in Spotweb 1.4.9 via the query string. | |||||
| CVE-2020-35441 | 1 Fangfa | 1 Fdcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| FDCMS (aka Fangfa Content Management System) 4.0 contains a front-end SQL injection via Admin/Lib/Action/FloginAction.class.php. | |||||
| CVE-2020-35430 | 1 Inxedu | 1 Inxedu | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in com/inxedu/OS/edu/controller/letter/AdminMsgSystemController in Inxedu v2.0.6 via the ids parameter to admin/letter/delsystem. | |||||
| CVE-2020-35427 | 1 Phpgurukul | 1 Employee Record Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication. | |||||
| CVE-2020-35382 | 1 Classroombookings | 1 Classroombookings | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user. | |||||
| CVE-2020-35378 | 1 Online Bus Ticket Reservation Project | 1 Online Bus Ticket Reservation | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute arbitrary SQL commands and bypass authentication via the username and password fields. | |||||
| CVE-2020-35337 | 1 Thinksaas | 1 Thinksaas | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands. | |||||
| CVE-2020-35329 | 1 Courier Management System Project | 1 Courier Management System | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Courier Management System 1.0 1.0 is affected by SQL Injection via 'MULTIPART street '. | |||||
| CVE-2020-35327 | 1 Courier Management System Project | 1 Courier Management System | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| SQL injection vulnerability was discovered in Courier Management System 1.0, which can be exploited via the ref_no (POST) parameter to admin_class.php | |||||
| CVE-2020-35276 | 1 Egavilanmedia | 1 Ecm Address Book | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. An attacker can bypass the Admin Login panel through SQLi and get Admin access and add or remove any user. | |||||
| CVE-2020-35270 | 1 Student Result Management System Project | 1 Student Result Management System | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Student Result Management System In PHP With Source Code is affected by SQL injection. An attacker can able to access of Admin Panel and manage every account of Result. | |||||
| CVE-2020-35263 | 1 Egavilanmedia | 1 User Registration And Login System With Admin Panel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| EgavilanMedia User Registration & Login System 1.0 is affected by SQL injection to the admin panel, which may allow arbitrary code execution. | |||||