Total
15388 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-18081 | 1 Sem-cms | 1 Semcms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query. | |||||
| CVE-2020-18020 | 1 Phpshe | 1 Mall System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the "user_phone" parameter of a crafted HTTP request to the "admin.php" component. | |||||
| CVE-2020-18019 | 1 Xinfu | 1 Oa System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SQL Injection in Xinhu OA System v1.8.3 allows remote attackers to obtain sensitive information by injecting arbitrary commands into the "typeid" variable of the "createfolderAjax" function in the "mode_worcAction.php" component. | |||||
| CVE-2020-18013 | 1 Whatsns | 1 Whatsns | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injextion vulnerability exists in Whatsns 4.0 via the ip parameter in index.php?admin_banned/add.htm. | |||||
| CVE-2020-17506 | 1 Articatech | 1 Web Proxy | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php. | |||||
| CVE-2020-17373 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
| SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection. | |||||
| CVE-2020-16629 | 1 Phpok | 1 Phpok | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target path. | |||||
| CVE-2020-16277 | 1 Carson-saint | 1 Saint Security Suite | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An SQL injection vulnerability in the Analytics component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database. | |||||
| CVE-2020-16276 | 1 Carson-saint | 1 Saint Security Suite | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An SQL injection vulnerability in the Assets component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database. | |||||
| CVE-2020-16267 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the RCA module. | |||||
| CVE-2020-16104 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 6.5 MEDIUM | 8.2 HIGH |
| SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); 8.00 versions prior to 8.00.1228(MR6); version 7.90 and prior versions. | |||||
| CVE-2020-15947 | 1 Loway | 1 Queuemetrics | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability in the qm_adm/qm_export_stats_run.do endpoint of Loway QueueMetrics before 19.10.21 allows remote authenticated users to execute arbitrary SQL commands via the exportId parameter. | |||||
| CVE-2020-15927 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the SAP module. | |||||
| CVE-2020-15925 | 1 Loway | 1 Queuemetrics | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.10.21 allows remote authenticated attackers to execute arbitrary SQL commands via the TPF_XPAR1 parameter. | |||||
| CVE-2020-15924 | 1 Midasolutions | 1 Eframework | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is a SQL Injection in Mida eFramework through 2.9.0 that leads to Information Disclosure. No authentication is required. The injection point resides in one of the authentication parameters. | |||||
| CVE-2020-15887 | 1 Softwareupdate Project | 1 Softwareupdate | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability in softwareupdate_controller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter of the /module/softwareupdate/get_tab_data/ endpoint. | |||||
| CVE-2020-15886 | 1 Reportdata Project | 1 Reportdata | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability in reportdata_controller.php in the reportdata module before 3.5 for MunkiReport allows attackers to execute arbitrary SQL commands via the req parameter of the /module/reportdata/ip endpoint. | |||||
| CVE-2020-15884 | 1 Munkireport Project | 1 Munkireport | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability in TableQuery.php in MunkiReport before 5.6.3 allows attackers to execute arbitrary SQL commands via the order[0][dir] field on POST requests to /datatables/data. | |||||
| CVE-2020-15873 | 1 Librenms | 1 Librenms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php device_id POST parameter to ajax_form.php. | |||||
| CVE-2020-15849 | 1 Re-desk | 1 Re\ | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates() method. A malicious actor with access to an administrative account could abuse this vulnerability to recover sensitive data from the application's database, allowing for authorization bypass and taking over additional accounts by means of modifying password-reset tokens stored in the database. Remote command execution is also possible by leveraging this to abuse the Yii framework's bizRule functionality, allowing for arbitrary PHP code to be executed by the application. Remote command execution is also possible by using this together with a separate insecure file upload vulnerability (CVE-2020-15488). | |||||