Total
14745 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24769 | 1 Nexusphp | 1 Nexusphp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter. | |||||
| CVE-2020-24673 | 1 Abb | 2 Symphony \+ Historian, Symphony \+ Operations | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. This can lead to a loss of confidentiality and data integrity or even affect the product behavior and its availability. | |||||
| CVE-2020-24671 | 1 Tracefinanacial | 1 Crestbridge | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL injection vulnerability, which was fixed in 6.3.0.03. | |||||
| CVE-2020-24667 | 1 Tracefinanacial | 1 Crestbridge | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL injection vulnerability, which was fixed in 6.3.0.03. | |||||
| CVE-2020-24623 | 1 Hpe | 1 Universal Api Framework | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework. The vulnerability could be remotely exploited to allow SQL injection in HPE Universal API Framework for VMware Esxi v2.5.2 and HPE Universal API Framework for Microsoft Hyper-V (VHD). | |||||
| CVE-2020-24617 | 1 Mailtrain | 1 Mailtrain | 2024-11-21 | 6.0 MEDIUM | 8.8 HIGH |
| Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns.js via /campaigns/clicked/ajax because variable column names are not properly escaped. | |||||
| CVE-2020-24593 | 1 Mitel | 1 Micloud Management Portal | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote attacker to conduct a SQL Injection attack and access user credentials due to improper input validation. | |||||
| CVE-2020-24569 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in attackers to discover arbitrary information. | |||||
| CVE-2020-24568 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the lancompenent component, allowing logged-in attackers to discover arbitrary information. | |||||
| CVE-2020-24400 | 1 Magento | 1 Magento | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| Magento versions 2.4.0 and 2.3.5 (and earlier) are affected by an SQL Injection vulnerability that could lead to sensitive information disclosure. This vulnerability could be exploited by an authenticated user with permissions to the product listing page to read data from the database. | |||||
| CVE-2020-24315 | 1 Wordpress Poll Project | 1 Wordpress Poll | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who craft specific SQL statements to dump the entire targets database. | |||||
| CVE-2020-24208 | 1 Online Shopping Alphaware Project | 1 Online Shopping Alphaware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in SourceCodester Online Shopping Alphaware 1.0 allows remote unauthenticated attackers to bypass the authentication process via email and password parameters. | |||||
| CVE-2020-24197 | 1 Stock Management System Project | 1 Stock Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote attacker to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2020-24193 | 1 Daily Tracker System Project | 1 Daily Tracker System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in login in Sourcecodetester Daily Tracker System 1.0 allows unauthenticated user to execute authentication bypass with SQL injection via the email parameter. | |||||
| CVE-2020-24000 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php. | |||||
| CVE-2020-23980 | 1 Designmasterevents | 1 Conference Management | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| DesignMasterEvents Conference management 1.0.0 allows SQL Injection via the username field on the administrator login page. | |||||
| CVE-2020-23979 | 1 13enforme | 1 13enforme Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| 13enforme CMS 1.0 has SQL Injection via the 'content.php' id parameter. | |||||
| CVE-2020-23978 | 1 Soluzioneglobale | 1 Ecommerce Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection can occur in Soluzione Globale Ecommerce CMS v1 via the parameter " offerta.php" | |||||
| CVE-2020-23976 | 1 Webexcels | 1 Ecommerce Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Injection via the 'content.php' id parameter. | |||||
| CVE-2020-23973 | 1 Kandnconcepts Club Cms Project | 1 Kandnconcepts Club Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the 'team.php,player.php,club.php' id parameter. | |||||