Total
15249 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-46377 | 1 Cskaza | 1 Cszcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| There is a front-end sql injection vulnerability in cszcms 1.2.9 via cszcms/controllers/Member.php#viewUser | |||||
| CVE-2021-46309 | 1 Oretnom23 | 1 Employee And Visitor Gate Pass Logging System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Employee and Visitor Gate Pass Logging System 1.0 via the username parameter. | |||||
| CVE-2021-46308 | 1 Online Railway Reservation System Project | 1 Online Railway Reservation System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Online Railway Reservation Sysytem 1.0 via the sid parameter. | |||||
| CVE-2021-46307 | 1 Projectworlds | 1 Online Examination System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Projectworlds Online Examination System 1.0 via the eid parameter in account.php. | |||||
| CVE-2021-46204 | 1 Taogogo | 1 Taocms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php. | |||||
| CVE-2021-46201 | 1 Online Resort Management System Project | 1 Online Resort Management System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Online Resort Management System 1.0 via the id parameterv in /orms/ node. | |||||
| CVE-2021-46198 | 1 Courier Management System Project | 1 Courier Management System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourceodester Courier Management System 1.0 via the email parameter in /cms/ajax.php app. | |||||
| CVE-2021-46110 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Shopping Portal v3.1 was discovered to contain multiple time-based SQL injection vulnerabilities via the email and contactno parameters. | |||||
| CVE-2021-46089 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges. | |||||
| CVE-2021-46061 | 1 Computer And Mobile Repair Shop Management System Project | 1 Computer And Mobile Repair Shop Management System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Computer and Mobile Repair Shop Management system (RSMS) 1.0 via the code parameter in /rsms/ node app. | |||||
| CVE-2021-46024 | 1 Projectworlds | 1 Online-shopping-webvsite-in-php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL Injection vulnerability via the "id" parameter in cart_add.php, No login is required. | |||||
| CVE-2021-45821 | 1 Btiteam | 1 Xbtit | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid parameter in ajaxchat/getHistoryChatData.php file that is accessible by a registered user. As a result, a malicious user can extract sensitive data such as usernames and passwords and in some cases use this vulnerability in order to get a remote code execution on the remote web server. | |||||
| CVE-2021-45814 | 1 Nettemp | 1 Nnt | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel with an administrative account. | |||||
| CVE-2021-45811 | 1 Enhancesoft | 1 Osticket | 2024-11-21 | N/A | 6.5 MEDIUM |
| A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination. | |||||
| CVE-2021-45803 | 1 Iresturant Project | 1 Iresturant | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because this view parameter value is added to the SQL query without additional verification when viewing reservation. | |||||
| CVE-2021-45802 | 1 Iresturant Project | 1 Iresturant | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because the email and phone parameter values are added to the SQL query without any verification at the time of membership registration. | |||||
| CVE-2021-45794 | 1 Slims | 1 Senayan Library Management System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can be obtained. | |||||
| CVE-2021-45793 | 1 Slims | 1 Senayan Library Management System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained. | |||||
| CVE-2021-45791 | 1 Slims | 1 Senayan Library Management System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users. | |||||
| CVE-2021-45788 | 1 Metersphere | 1 Metersphere | 2024-11-21 | N/A | 8.8 HIGH |
| Time-based SQL Injection vulnerabilities were found in Metersphere v1.15.4 via the "orders" parameter. | |||||