Total
14737 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11537 | 1 Onlyoffice | 1 Document Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Websocket API. | |||||
| CVE-2020-11530 | 1 Idangero | 1 Chop Slider | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user. | |||||
| CVE-2020-11437 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database. | |||||
| CVE-2020-11032 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 6.5 MEDIUM | 7.6 HIGH |
| In GLPI before version 9.4.6, there is a SQL injection vulnerability for all helpdesk instances. Exploiting this vulnerability requires a technician account. This is fixed in version 9.4.6. | |||||
| CVE-2020-11010 | 1 Tortoise Orm Project | 1 Tortoise Orm | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL are only affected when filtering with contains, starts_with, or ends_with filters (and their case-insensitive counterparts). | |||||
| CVE-2020-11004 | 1 Admidio | 1 Admidio | 2024-11-21 | 5.0 MEDIUM | 7.7 HIGH |
| SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging in, can send a GET request with arbitrary SQL queries appended to the cookie parameter and execute SQL queries. The vulnerability impacts the confidentiality of the system. This has been patched in version 3.3.13. | |||||
| CVE-2020-10983 | 1 Gambio | 1 Gambio Gx | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Gambio GX before 4.0.1.0 allows SQL Injection in admin/mobile.php. | |||||
| CVE-2020-10982 | 1 Gambio | 1 Gambio Gx | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Gambio GX before 4.0.1.0 allows SQL Injection in admin/gv_mail.php. | |||||
| CVE-2020-10817 | 1 Custom Searchable Data Entry System Project | 1 Custom Searchable Data Entry System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued. | |||||
| CVE-2020-10804 | 4 Fedoraproject, Opensuse, Phpmyadmin and 1 more | 6 Fedora, Backports Sle, Leap and 3 more | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges). | |||||
| CVE-2020-10803 | 5 Debian, Fedoraproject, Opensuse and 2 more | 7 Debian Linux, Fedora, Backports Sle and 4 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack. | |||||
| CVE-2020-10802 | 5 Debian, Fedoraproject, Opensuse and 2 more | 7 Debian Linux, Fedora, Backports Sle and 4 more | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table. | |||||
| CVE-2020-10623 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Multiple vulnerabilities could allow an attacker with low privileges to perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. | |||||
| CVE-2020-10617 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. | |||||
| CVE-2020-10582 | 1 Invigo | 1 Automatic Device Management | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection on the /admin/display_errors.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to execute arbitrary SQL requests (including data reading and modification) on the database. | |||||
| CVE-2020-10563 | 1 Devome | 1 Grr | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in DEVOME GRR before 3.4.1c. frmcontactlist.php mishandles a SQL query. | |||||
| CVE-2020-10549 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | |||||
| CVE-2020-10548 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | |||||
| CVE-2020-10547 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | |||||
| CVE-2020-10546 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | |||||