Total
15388 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27950 | 1 Sitasoftware | 1 Azurcms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through 1.2.3.12 allows an authenticated attacker to execute arbitrary SQL commands via the id parameter to mesdocs.ajax.php in azurWebEngine/eShop. By default, the query is executed as DBA. | |||||
| CVE-2021-27948 | 1 Mybb | 1 Mybb | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (issue 3 of 3). | |||||
| CVE-2021-27947 | 1 Mybb | 1 Mybb | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. (issue 2 of 3). | |||||
| CVE-2021-27946 | 1 Mybb | 1 Mybb | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. (issue 1 of 3). | |||||
| CVE-2021-27890 | 1 Mybb | 1 Mybb | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files. | |||||
| CVE-2021-27828 | 1 In4velocity | 1 In4suite Erp | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| SQL injection in In4Suite ERP 3.2.74.1370 allows attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries. | |||||
| CVE-2021-27672 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component. | |||||
| CVE-2021-27644 | 1 Apache | 1 Dolphinscheduler | 2024-11-21 | 6.0 MEDIUM | 8.8 HIGH |
| In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password) | |||||
| CVE-2021-27581 | 1 Kentico | 1 Kentico Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter. | |||||
| CVE-2021-27545 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter. | |||||
| CVE-2021-27472 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements. | |||||
| CVE-2021-27468 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements. | |||||
| CVE-2021-27464 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements. | |||||
| CVE-2021-27320 | 1 Doctor Appointment System Project | 1 Doctor Appointment System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter. | |||||
| CVE-2021-27319 | 1 Doctor Appointment System Project | 1 Doctor Appointment System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter. | |||||
| CVE-2021-27316 | 1 Doctor Appointment System Project | 1 Doctor Appointment System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter. | |||||
| CVE-2021-27315 | 1 Doctor Appointment System Project | 1 Doctor Appointment System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment parameter. | |||||
| CVE-2021-27314 | 1 Doctor Appointment System Project | 1 Doctor Appointment System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page. | |||||
| CVE-2021-27234 | 1 Mutare | 1 Voice | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. The web application suffers from SQL injection on Adminlog.asp, Archivemsgs.asp, Deletelog.asp, Eventlog.asp, and Evmlog.asp. | |||||
| CVE-2021-27130 | 1 Online Reviewer System Project | 1 Online Reviewer System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload. | |||||