Total
14752 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-29143 | 1 Open-emr | 1 Openemr | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection vulnerability in interface/reports/non_reported.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter. | |||||
| CVE-2020-29142 | 1 Open-emr | 1 Openemr | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the schedule_facility parameter when restrict_user_facility=on is in global settings. | |||||
| CVE-2020-29140 | 1 Open-emr | 1 Openemr | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection vulnerability in interface/reports/immunization_report.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter. | |||||
| CVE-2020-29139 | 1 Open-emr | 1 Openemr | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection vulnerability in interface/main/finder/patient_select.php from library/patient.inc in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the searchFields parameter. | |||||
| CVE-2020-29015 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement. | |||||
| CVE-2020-29011 | 1 Fortinet | 1 Fortisandbox | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Instances of SQL Injection vulnerabilities in the checksum search and MTA-quarantine modules of FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated attacker to execute unauthorized code on the underlying SQL interpreter via specifically crafted HTTP requests. | |||||
| CVE-2020-28994 | 1 Karenderia Multiple Restaurant System Project | 1 Karenderia Multiple Restaurant System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability was discovered in Karenderia Multiple Restaurant System, affecting versions 5.4.2 and below. The vulnerability allows for an unauthenticated attacker to perform various tasks such as modifying and leaking all contents of the database. | |||||
| CVE-2020-28960 | 1 Cct95 | 1 Chichen Tech Cms | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Chichen Tech CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the file product_list.php via the id and cid parameters. | |||||
| CVE-2020-28860 | 1 Openasset | 1 Digital Asset Management | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| OpenAssetDigital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input, incorporating it into its SQL queries, allowing for authenticated blind SQL injection. | |||||
| CVE-2020-28702 | 1 Pybbs Project | 1 Pybbs | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL injection vulnerability in TopicMapper.xml of PybbsCMS v5.2.1 allows attackers to access sensitive database information. | |||||
| CVE-2020-28679 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request. | |||||
| CVE-2020-28657 | 1 Bittacora | 1 Bpanel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) are accessible without authentication and allow SQL injections, which could lead to platform compromise. | |||||
| CVE-2020-28413 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 4.0 MEDIUM | 5.3 MEDIUM |
| In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP. | |||||
| CVE-2020-28183 | 1 Water Billing System Project | 1 Water Billing System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php. | |||||
| CVE-2020-28172 | 1 Simple College Project | 1 Simple College | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in Simple College Website 1.0 allows remote unauthenticated attackers to bypass the admin authentication mechanism in college_website/admin/ajax.php?action=login, thus gaining access to the website administrative panel. | |||||
| CVE-2020-28138 | 1 Online Clothing Store Project | 1 Online Clothing Store | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php. | |||||
| CVE-2020-28133 | 1 Simple Grocery Store Sales And Inventory Sales Project | 1 Simple Grocery Store Sales And Inventory System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in sales_inventory/login.php. | |||||
| CVE-2020-28115 | 1 Web-audimex | 1 Audimexee | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the object_path parameter. | |||||
| CVE-2020-28103 | 1 Chshcms | 1 Cscms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| cscms v4.1 allows for SQL injection via the "page_del" function. | |||||
| CVE-2020-28102 | 1 Chshcms | 1 Cscms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| cscms v4.1 allows for SQL injection via the "js_del" function. | |||||