Total
15388 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40578 | 1 Online Enrollment Management System Project | 1 Online Enrollment Management System | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, that allows attackers to obtain sensitive information and execute arbitrary SQL commands via IDNO parameter. | |||||
| CVE-2021-40543 | 1 Os4ed | 1 Opensis | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters $_GET['usrid'] and $_GET['prof_id'] in the PasswordCheck.php file. | |||||
| CVE-2021-40493 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API. | |||||
| CVE-2021-40353 | 1 Os4ed | 1 Opensis | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the index.php USERNAME parameter. NOTE: this issue may exist because of an incomplete fix for CVE-2020-6637. | |||||
| CVE-2021-40317 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter. | |||||
| CVE-2021-40313 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Piwigo v11.5 was discovered to contain a SQL injection vulnerability via the parameter pwg_token in /admin/batch_manager_global.php. | |||||
| CVE-2021-40309 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability exists in the Take Attendance functionality of OS4Ed's OpenSIS 8.0. allows an attacker to inject their own SQL query. The cp_id_miss_attn parameter from TakeAttendance.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request as a user with access to "Take Attendance" functionality to trigger this vulnerability. | |||||
| CVE-2021-40282 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php. when registering ordinary users. | |||||
| CVE-2021-40281 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary users. | |||||
| CVE-2021-40280 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/dl_sendmail.php. | |||||
| CVE-2021-40279 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/bad.php. | |||||
| CVE-2021-40247 | 1 Oretnom23 | 1 Budget And Expense Tracker System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field. | |||||
| CVE-2021-40129 | 1 Cisco | 1 Common Services Platform Collector | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration dashboard. This vulnerability is due to insufficient input validation of uploaded files. An attacker could exploit this vulnerability by uploading a file containing a SQL query to the configuration dashboard. A successful exploit could allow the attacker to read restricted information from the CSPC SQL database. | |||||
| CVE-2021-3958 | 1 Ipack | 1 Scada Automation | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Improper Handling of Parameters vulnerability in Ipack Automation Systems Ipack SCADA Software allows : Blind SQL Injection.This issue affects Ipack SCADA Software: from unspecified before 1.1.0. | |||||
| CVE-2021-3860 | 1 Jfrog | 1 Artifactory | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query. | |||||
| CVE-2021-3854 | 1 Glox | 1 Useroam Hotspot | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Glox Technology Useroam Hotspot allows SQL Injection. This issue affects Useroam Hotspot: before 5.1.0.15. | |||||
| CVE-2021-3817 | 1 Wbce | 1 Wbce Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| wbce_cms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command | |||||
| CVE-2021-3604 | 1 Primion-digitek | 1 Secure 8 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database. | |||||
| CVE-2021-3286 | 1 Spotweb Project | 1 Spotweb | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545. | |||||
| CVE-2021-3278 | 1 Local Services Search Engine Management System Project | 1 Local Services Search Engine Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Local Service Search Engine Management System 1.0 has a vulnerability through authentication bypass using SQL injection . Using this vulnerability, an attacker can bypass the login page. | |||||