Total
15388 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14207 | 1 Divebook Project | 1 Divebook | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The DiveBook plugin 1.1.4 for WordPress was prone to a SQL injection within divelog.php, allowing unauthenticated users to retrieve data from the database via the divelog.php filter_diver parameter. | |||||
| CVE-2020-14159 | 1 Connectwise | 1 Automate Api | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| By using an Automate API in ConnectWise Automate before 2020.5.178, a remote authenticated user could execute commands and/or modifications within an individual Automate instance by triggering an SQL injection vulnerability in /LabTech/agent.aspx. This affects versions before 2019.12.337, 2020 before 2020.1.53, 2020.2 before 2020.2.85, 2020.3 before 2020.3.114, 2020.4 before 2020.4.143, and 2020.5 before 2020.5.178. | |||||
| CVE-2020-14092 | 1 Ithemes | 1 Paypal Pro | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for WordPress allows SQL Injection. | |||||
| CVE-2020-14069 | 1 Mk-auth | 1 Mk-auth | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| An issue was discovered in MK-AUTH 19.01. There are SQL injection issues in mkt/ PHP scripts, as demonstrated by arp.php, dhcp.php, hotspot.php, ip.php, pgaviso.php, pgcorte.php, pppoe.php, queues.php, and wifi.php. | |||||
| CVE-2020-14068 | 1 Mk-auth | 1 Mk-auth | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in MK-AUTH 19.01. The web login functionality allows an attacker to bypass authentication and gain client privileges via SQL injection in central/executar_login.php. | |||||
| CVE-2020-14054 | 1 Sokkia | 2 Gnr5 Vanguard, Gnr5 Vanguard Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SOKKIA GNR5 Vanguard WEB version 1.2 (build: 91f2b2c3a04d203d79862f87e2440cb7cefc3cd3) and hardware version 212 allows remote attackers to bypass admin authentication via a SQL injection attack that uses the User Name or Password field on the login page. | |||||
| CVE-2020-13996 | 1 J2store | 1 J2store | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The J2Store plugin before 3.3.13 for Joomla! allows a SQL injection attack by a trusted store manager. | |||||
| CVE-2020-13993 | 1 Mods-for-hesk | 1 Mods For Hesk | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A blind time-based SQL injection issue allows remote unauthenticated attackers to retrieve information from the database via a ticket. | |||||
| CVE-2020-13968 | 1 Crk | 1 Business Platform | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CRK Business Platform <= 2019.1 allows can inject SQL statements against the DB on any path using the 'strSessao' parameter. | |||||
| CVE-2020-13926 | 1 Apache | 1 Kylin | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system configurations, while the configuration can be overwritten by certain rest api, which makes SQL injection attack is possible. Users of all previous versions after 2.0 should upgrade to 3.1.0. | |||||
| CVE-2020-13921 | 1 Apache | 1 Skywalking | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| **Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases. | |||||
| CVE-2020-13877 | 1 Resourcexpress | 1 Meeting Monitor | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection issues in various ASPX pages of ResourceXpress Meeting Monitor 4.9 could lead to remote code execution and information disclosure. | |||||
| CVE-2020-13873 | 1 Codologic | 1 Codoforum | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers (pre-authentication) to bypass the admin page via a leaked password-reset token of the admin. (As an admin, an attacker can upload a PHP shell and execute remote code on the operating system.) | |||||
| CVE-2020-13769 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request. | |||||
| CVE-2020-13640 | 1 Gvectors | 1 Wpdiscuz | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments request. (No 7.x versions are affected.) | |||||
| CVE-2020-13592 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exists in "global_lists/choices" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. | |||||
| CVE-2020-13591 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exists in the "access_rules/rules_form" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. | |||||
| CVE-2020-13590 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Multiple exploitable SQL injection vulnerabilities exist in the 'entities/fields' page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities, this can be done either with administrator credentials or through cross-site request forgery. | |||||
| CVE-2020-13589 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The entities_id parameter in the 'entities/fields page (mulitple_edit or copy_selected or export function) is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. | |||||
| CVE-2020-13588 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The heading_field_id parameter in ‘‘entities/fields’ page is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. | |||||