Total
15431 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35441 | 1 Fangfa | 1 Fdcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| FDCMS (aka Fangfa Content Management System) 4.0 contains a front-end SQL injection via Admin/Lib/Action/FloginAction.class.php. | |||||
| CVE-2020-35430 | 1 Inxedu | 1 Inxedu | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in com/inxedu/OS/edu/controller/letter/AdminMsgSystemController in Inxedu v2.0.6 via the ids parameter to admin/letter/delsystem. | |||||
| CVE-2020-35427 | 1 Phpgurukul | 1 Employee Record Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication. | |||||
| CVE-2020-35382 | 1 Classroombookings | 1 Classroombookings | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user. | |||||
| CVE-2020-35378 | 1 Online Bus Ticket Reservation Project | 1 Online Bus Ticket Reservation | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute arbitrary SQL commands and bypass authentication via the username and password fields. | |||||
| CVE-2020-35337 | 1 Thinksaas | 1 Thinksaas | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands. | |||||
| CVE-2020-35329 | 1 Courier Management System Project | 1 Courier Management System | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Courier Management System 1.0 1.0 is affected by SQL Injection via 'MULTIPART street '. | |||||
| CVE-2020-35327 | 1 Courier Management System Project | 1 Courier Management System | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| SQL injection vulnerability was discovered in Courier Management System 1.0, which can be exploited via the ref_no (POST) parameter to admin_class.php | |||||
| CVE-2020-35276 | 1 Egavilanmedia | 1 Ecm Address Book | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. An attacker can bypass the Admin Login panel through SQLi and get Admin access and add or remove any user. | |||||
| CVE-2020-35270 | 1 Student Result Management System Project | 1 Student Result Management System | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Student Result Management System In PHP With Source Code is affected by SQL injection. An attacker can able to access of Admin Panel and manage every account of Result. | |||||
| CVE-2020-35263 | 1 Egavilanmedia | 1 User Registration And Login System With Admin Panel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| EgavilanMedia User Registration & Login System 1.0 is affected by SQL injection to the admin panel, which may allow arbitrary code execution. | |||||
| CVE-2020-35245 | 1 Flamingo Project | 1 Flamingo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addUser. | |||||
| CVE-2020-35244 | 1 Flamingo Project | 1 Flamingo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addGroup. | |||||
| CVE-2020-35243 | 1 Flamingo Project | 1 Flamingo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserInfoInDb. | |||||
| CVE-2020-35242 | 1 Flamingo Project | 1 Flamingo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserTeamInfoInDbAndMemory. | |||||
| CVE-2020-35151 | 1 Phpgurukul | 1 Online Marriage Registration System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection. | |||||
| CVE-2020-35122 | 1 Keysight | 1 Keysight Database Connector | 2024-11-21 | 4.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could bypass the access controls for using a saved database connection profile to submit arbitrary SQL against a saved database connection. | |||||
| CVE-2020-35012 | 1 Pixelite | 1 Events Manager | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to an SQL Injection | |||||
| CVE-2020-29493 | 1 Dell | 2 Emc Avamar Server, Emc Integrated Data Protection Appliance | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2020-29474 | 1 Egavilanmedia | 1 Egm Address Book | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| EGavilan Media EGM Address Book 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution. | |||||