Total
14749 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-27236 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the compnomenclature parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-27235 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the description parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-27234 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the serviceUID parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-27233 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the supplierUID parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-27232 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exists in ‘manageServiceStocks.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-27231 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findDistrict parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-27230 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findSector parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-27229 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findPersonID parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-27226 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exists in ‘quickFile.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-26944 | 2 Aptean, Microsoft | 2 Product Configurator, Windows | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Aptean Product Configurator 4.61.0000 on Windows. A Time based SQL injection affects the nameTxt parameter on the main login page (aka cse?cmd=LOGIN). This can be exploited directly, and remotely. | |||||
| CVE-2020-26935 | 4 Debian, Fedoraproject, Opensuse and 1 more | 5 Debian Linux, Fedora, Backports Sle and 2 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query. | |||||
| CVE-2020-26805 | 1 Sapplica | 1 Sentrifugo | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| In Sentrifugo 3.2, admin can edit employee's informations via this endpoint --> /sentrifugo/index.php/empadditionaldetails/edit/userid/2. In this POST request, "employeeNumId" parameter is affected by SQLi vulnerability. Attacker can inject SQL commands into query, read data from database or write data into the database. | |||||
| CVE-2020-26773 | 1 Restaurant Reservation System Project | 1 Restaurant Reservation System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Restaurant Reservation System 1.0 suffers from an authenticated SQL injection vulnerability, which allows a remote, authenticated attacker to execute arbitrary SQL commands via the date parameter in includes/reservation.inc.php. | |||||
| CVE-2020-26712 | 1 Vanderbilt | 1 Redcap | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. The application uses the addition of a string of information from the submitted user that is not validated well in the database query, resulting in an SQL injection vulnerability where an attacker can exploit and compromise all databases. | |||||
| CVE-2020-26677 | 1 Vfairs | 1 Vfairs | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Any user logged in to a vFairs 3.3 virtual conference or event can perform SQL injection with a malicious query to the API. | |||||
| CVE-2020-26668 | 1 Bigtreecms | 1 Bigtree Cms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability was discovered in /core/feeds/custom.php in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to inject a malicious SQL query to the applications via the 'Create New Feed' function. | |||||
| CVE-2020-26627 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | N/A | 4.9 MEDIUM |
| A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark' parameter under the 'Contact Us Queries -> Unread Query' tab. | |||||
| CVE-2020-26624 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | N/A | 3.8 LOW |
| A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal. | |||||
| CVE-2020-26623 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | N/A | 3.8 LOW |
| SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal. | |||||
| CVE-2020-26546 | 1 Evolutionscript | 1 Helpdeskz | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in HelpDeskZ 1.0.2. The feature to auto-login a user, via the RememberMe functionality, is prone to SQL injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||