Total
15238 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43735 | 1 Cmswing | 1 Cmswing | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule. | |||||
| CVE-2021-43701 | 1 Cszcms | 1 Csz Cms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the fieldS[] and orderby parameters. | |||||
| CVE-2021-43700 | 1 Apimanager Project | 1 Apimanager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ApiManager 1.1. there is sql injection vulnerability that can use in /index.php?act=api&tag=8. | |||||
| CVE-2021-43679 | 1 Shopex | 1 Ecshop | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api.php. | |||||
| CVE-2021-43650 | 1 Softwell | 1 Webrun | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| WebRun 3.6.0.42 is vulnerable to SQL Injection via the P_0 parameter used to set the username during the login process. | |||||
| CVE-2021-43631 | 1 Projectworlds | 1 Hospital Management System In Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the appointment_no parameter in payment.php. | |||||
| CVE-2021-43630 | 1 Projectworlds | 1 Hospital Management System In Php | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in add_patient.php. As a result, an authenticated malicious user can compromise the databases system and in some cases leverage this vulnerability to get remote code execution on the remote web server. | |||||
| CVE-2021-43629 | 1 Projectworlds | 1 Hospital Management System In Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in admin_home.php. | |||||
| CVE-2021-43628 | 1 Projectworlds | 1 Hospital Management System In Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the email parameter in hms-staff.php. | |||||
| CVE-2021-43609 | 1 Spiceworks | 1 Help Desk Server | 2024-11-21 | N/A | 9.9 CRITICAL |
| An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A Blind Boolean SQL injection vulnerability within the order_by_for_ticket function in app/models/reporting/database_query.rb allows an authenticated attacker to execute arbitrary SQL commands via the sort parameter. This can be leveraged to leak local files from the host system, leading to remote code execution (RCE) through deserialization of malicious data. | |||||
| CVE-2021-43608 | 1 Doctrine-project | 1 Database Abstraction Layer | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of offset and length inputs to the generation of a LIMIT clause was not probably cast to an integer, allowing SQL injection to take place if application developers passed unescaped user input to the DBAL QueryBuilder or any other API that ultimately uses the AbstractPlatform::modifyLimitQuery API. | |||||
| CVE-2021-43510 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the username field in login.php. | |||||
| CVE-2021-43509 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the id parameter in view-service.php. | |||||
| CVE-2021-43506 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the password parameter in Login.php. | |||||
| CVE-2021-43484 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request. | |||||
| CVE-2021-43481 | 1 Webtareas Project | 1 Webtareas | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php. | |||||
| CVE-2021-43451 | 1 Phpgurukul | 1 Employee Record Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php. | |||||
| CVE-2021-43420 | 1 Online Payment Hub Project | 1 Online Payment Hub | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Login.php in Sourcecodester Online Payment Hub v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2021-43408 | 1 Duplicate Post Project | 1 Duplicate Post | 2024-11-21 | 9.0 HIGH | 6.5 MEDIUM |
| The "Duplicate Post" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In many cases it also possible to exploit features of SQL server to execute system commands and/or access the local file system. This particular vulnerability can be exploited by any authenticated user who has been granted access to use the Duplicate Post plugin. By default, this is limited to Administrators, however the plugin presents the option to permit access to the Editor, Author, Contributor and Subscriber roles. | |||||
| CVE-2021-43362 | 1 Meddata | 1 Hbys | 2024-11-21 | 7.5 HIGH | 9.9 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData HBYS allows SQL Injection.This issue affects HBYS: from unspecified before 1.1. | |||||