Total
15431 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36112 | 1 Cse Bookstore Project | 1 Cse Bookstore | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application is running. | |||||
| CVE-2020-36034 | 1 School Faculty Scheduling System Project | 1 School Faculty Scheduling System | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in oretnom23 School Faculty Scheduling System version 1.0, allows remote attacker to execute arbitrary code, escalate privilieges, and gain sensitive information via crafted payload to id parameter in manage_user.php. | |||||
| CVE-2020-36033 | 1 Water Billing System Project | 1 Water Billing System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the id parameter to edituser.php. | |||||
| CVE-2020-36004 | 1 Appcms | 1 Appcms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| AppCMS 2.0.101 in /admin/download_frame.php has a SQL injection vulnerability which allows attackers to obtain sensitive database information. | |||||
| CVE-2020-36003 | 1 Online Book Store Project | 1 Online Book Store | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases. | |||||
| CVE-2020-36002 | 1 Seat-reservation-system Project | 1 Seat-reservation-system | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Seat-Reservation-System 1.0 has a SQL injection vulnerability in index.php in the id parameter where attackers can obtain sensitive database information. | |||||
| CVE-2020-35848 | 1 Agentejo | 1 Cockpit | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function. | |||||
| CVE-2020-35847 | 1 Agentejo | 1 Cockpit | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function. | |||||
| CVE-2020-35846 | 1 Agentejo | 1 Cockpit | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function. | |||||
| CVE-2020-35765 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do. | |||||
| CVE-2020-35743 | 1 Hgiga | 4 Msr45 Isherlock-antispam, Msr45 Isherlock-user, Ssr45 Isherlock-antispam and 1 more | 2024-11-21 | 6.5 MEDIUM | 7.0 HIGH |
| HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages. | |||||
| CVE-2020-35742 | 1 Hgiga | 4 Msr45 Isherlock-antispam, Msr45 Isherlock-user, Ssr45 Isherlock-antispam and 1 more | 2024-11-21 | 6.5 MEDIUM | 7.0 HIGH |
| HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter. | |||||
| CVE-2020-35708 | 1 Phplist | 1 Phplist | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page. | |||||
| CVE-2020-35701 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution. | |||||
| CVE-2020-35700 | 1 Librenms | 1 Librenms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-settings endpoint. | |||||
| CVE-2020-35674 | 1 Bigprof | 1 Online Invoicing System | 2024-11-21 | N/A | 9.8 CRITICAL |
| BigProf Online Invoicing System before 2.9 suffers from an unauthenticated SQL Injection found in /membership_passwordReset.php (the endpoint that is responsible for issuing self-service password resets). An unauthenticated attacker is able to send a request containing a crafted payload that can result in sensitive information being extracted from the database, eventually leading into an application takeover. This vulnerability was introduced as a result of the developer trying to roll their own sanitization implementation in order to allow the application to be used in legacy environments. | |||||
| CVE-2020-35666 | 1 Steedos | 1 Steedos | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Steedos Platform through 1.21.24 allows NoSQL injection because the /api/collection/findone implementation in server/packages/steedos_base.js mishandles req.body validation, as demonstrated by MongoDB operator attacks such as an X-User-Id[$ne]=1 value. | |||||
| CVE-2020-35613 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Joomla! 3.0.0 through 3.9.22. Improper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list. | |||||
| CVE-2020-35597 | 1 Victor Cms Project | 1 Victor Cms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_update_categories.php. | |||||
| CVE-2020-35545 | 1 Spotweb Project | 1 Spotweb | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Time-based SQL injection exists in Spotweb 1.4.9 via the query string. | |||||