Total
15371 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9398 | 1 Ispconfig | 1 Ispconfig | 2024-11-21 | 9.3 HIGH | 9.8 CRITICAL |
| ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_allowed=sites option is manually enabled, allows SQL Injection. | |||||
| CVE-2020-9340 | 1 Fauzantrif Election Project | 1 Fauzantrif Election | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandidat.php id parameter. | |||||
| CVE-2020-9318 | 1 Red-gate | 1 Sql Monitor | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Red Gate SQL Monitor 9.0.13 through 9.2.14 allows an administrative user to perform a SQL injection attack by configuring the SNMP alert settings in the UI. This is fixed in 9.2.15. | |||||
| CVE-2020-9269 | 1 Soplanning | 1 Soplanning | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by export_ical.php. | |||||
| CVE-2020-9268 | 1 Soplanning | 1 Soplanning | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&by= substring. | |||||
| CVE-2020-9265 | 1 Ciprianmp | 1 Phpmychat-plus | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against the deluser.php Delete User functionality, as demonstrated by pmc_username. | |||||
| CVE-2020-9006 | 1 Sygnoos | 1 Popup Builder | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection (in the sgImportPopups function in sg_popup_ajax.php) via PHP Deserialization on attacker-controlled data with the attachmentUrl POST variable. This allows creation of an arbitrary WordPress Administrator account, leading to possible Remote Code Execution because Administrators can run PHP code on Wordpress instances. (This issue has been fixed in the 3.x branch of popup-builder.) | |||||
| CVE-2020-8967 | 1 Gesio | 1 Erp | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| There is an improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability in php files of GESIO ERP. GESIO ERP all versions prior to 11.2 allows malicious users to retrieve all database information. | |||||
| CVE-2020-8841 | 1 Testlink | 1 Testlink | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in TestLink 1.9.19. The relation_type parameter of the lib/requirements/reqSearch.php endpoint is vulnerable to authenticated SQL Injection. | |||||
| CVE-2020-8804 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module. | |||||
| CVE-2020-8802 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation. | |||||
| CVE-2020-8786 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 4 of 4). | |||||
| CVE-2020-8785 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 3 of 4). | |||||
| CVE-2020-8784 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 2 of 4). | |||||
| CVE-2020-8783 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of 4). | |||||
| CVE-2020-8656 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php. | |||||
| CVE-2020-8645 | 1 Simplejobscript | 1 Simplejobscript | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Simplejobscript.com SJS through 1.66. There is an unauthenticated SQL injection via the job applications search function. The vulnerable parameter is job_id. The function is getJobApplicationsByJobId(). The file is _lib/class.JobApplication.php. | |||||
| CVE-2020-8638 | 1 Testlink | 1 Testlink | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter. | |||||
| CVE-2020-8637 | 1 Testlink | 1 Testlink | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the node_id parameter. | |||||
| CVE-2020-8611 | 2 Progess, Progress | 2 Moveit Transfer, Moveit Transfer | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database via the REST API. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or destroy database elements. | |||||