Vulnerabilities (CVE)

Filtered by CWE-89
Total 15388 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-13587 1 Rukovoditel 1 Rukovoditel 2024-11-21 6.8 MEDIUM 8.8 HIGH
An exploitable SQL injection vulnerability exists in the "forms_fields_rules/rules" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.
CVE-2020-13568 2 Open-emr, Phpgacl Project 2 Openemr, Phpgacl 2024-11-21 6.5 MEDIUM 8.8 HIGH
SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin/edit_group.php, when the POST parameter action is “Submit”, the POST parameter parent_id leads to a SQL injection.
CVE-2020-13567 2 Open-emr, Phpgacl Project 2 Openemr, Phpgacl 2024-11-21 7.5 HIGH 9.8 CRITICAL
Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2020-13566 2 Open-emr, Phpgacl Project 2 Openemr, Phpgacl 2024-11-21 6.5 MEDIUM 8.8 HIGH
SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability In admin/edit_group.php, when the POST parameter action is “Delete”, the POST parameter delete_group leads to a SQL injection.
CVE-2020-13526 1 Processmaker 1 Processmaker 2024-11-21 6.5 MEDIUM 8.8 HIGH
SQL injection vulnerability exists in the handling of sort parameters in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. The reportTables_Ajax and clientSetupAjax pages are vulnerable to SQL injection in the sort parameter.An attacker can make an authenticated HTTP request to trigger these vulnerabilities.
CVE-2020-13525 1 Processmaker 1 Processmaker 2024-11-21 6.5 MEDIUM 8.8 HIGH
The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2020-13505 1 Aveva 1 Edna Enterprise Data Historian 2024-11-21 7.5 HIGH 9.8 CRITICAL
Parameter psClass in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability.
CVE-2020-13504 1 Aveva 1 Edna Enterprise Data Historian 2024-11-21 7.5 HIGH 9.8 CRITICAL
Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability.
CVE-2020-13501 1 Aveva 1 Edna Enterprise Data Historian 2024-11-21 7.5 HIGH 9.8 CRITICAL
An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter InstanceName in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks.
CVE-2020-13500 1 Aveva 1 Edna Enterprise Data Historian 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter ClassName in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks.
CVE-2020-13499 1 Aveva 1 Edna Enterprise Data Historian 2024-11-21 7.5 HIGH 9.8 CRITICAL
An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter InstancePath in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks.
CVE-2020-13433 1 Adminpanel Project 1 Adminpanel 2024-11-21 7.5 HIGH 9.8 CRITICAL
Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php hidden parameter.
CVE-2020-13381 1 Os4ed 1 Opensis 2024-11-21 7.5 HIGH 9.8 CRITICAL
openSIS through 7.4 allows SQL Injection.
CVE-2020-13380 1 Os4ed 1 Opensis 2024-11-21 7.5 HIGH 9.8 CRITICAL
openSIS before 7.4 allows SQL Injection.
CVE-2020-13127 1 Loway 1 Queuemetrics 2024-11-21 6.5 MEDIUM 8.8 HIGH
A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.04.1 allows remote authenticated attackers to execute arbitrary SQL commands via the TASKS_LIST__pt.querystring parameter.
CVE-2020-13118 1 Mikrotik-router-monitoring-system Project 1 Mikrotik-router-monitoring-system 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Mikrotik-Router-Monitoring-System through 2018-10-22. SQL Injection exists in check_community.php via the parameter community.
CVE-2020-12870 1 Rainbowfishsoftware 1 Pacsone Server 2024-11-21 7.5 HIGH 9.8 CRITICAL
RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username parameter in the signup page.
CVE-2020-12766 1 Solis 1 Gnuteca 2024-11-21 7.5 HIGH 9.8 CRITICAL
Gnuteca 3.8 allows action=main:search:simpleSearch SQL Injection via the exemplaryStatusId parameter.
CVE-2020-12720 1 Vbulletin 1 Vbulletin 2024-11-21 7.5 HIGH 9.8 CRITICAL
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.
CVE-2020-12606 1 Dbsoft 1 Sglac 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in DB Soft SGLAC before 20.05.001. The ProcedimientoGenerico method in the SVCManejador.svc webservice of the SGLAC web frontend allows an attacker to run arbitrary SQL commands on the SQL Server. Command execution can be easily achieved by using the xp_cmdshell stored procedure.