Total
15229 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41471 | 1 South Gate Inn Online Reservation System Project | 1 South Gate Inn Online Reservation System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Sourcecodester South Gate Inn Online Reservation System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the email and Password parameters. | |||||
| CVE-2021-41460 | 1 Shopex | 1 Ecshop | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information. | |||||
| CVE-2021-41408 | 1 Voipmonitor | 1 Voipmonitor | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter. | |||||
| CVE-2021-41365 | 1 Microsoft | 1 Defender For Iot | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Defender for IoT Remote Code Execution Vulnerability | |||||
| CVE-2021-41288 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API. | |||||
| CVE-2021-41262 | 1 Galette | 1 Galette | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to SQL injection attacks by users with "member" privilege. Users are advised to upgrade to version 0.9.6 as soon as possible. There are no known workarounds. | |||||
| CVE-2021-41187 | 1 Dhis2 | 1 Dhis 2 | 2024-11-21 | 6.5 MEDIUM | 8.1 HIGH |
| DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability has been found in specific versions of DHIS2. This vulnerability affects the API endpoints for /api/trackedEntityInstances and api/events in DHIS2. The system is vulnerable to attack only from users that are logged in to DHIS2, and there is no known way of exploiting the vulnerability without first being logged in as a DHIS2 user. A successful exploit of this vulnerability could allow the malicious user to read, edit and delete data in the DHIS2 instance. There are no known exploits of the security vulnerabilities addressed by these patch releases. However, we strongly recommend that all DHIS2 implementations using versions 2.32, 2.33, 2.34, 2.35 and 2.36 install these patches as soon as possible. There is no straightforward known workaround for DHIS2 instances using the Tracker functionality other than upgrading the affected DHIS2 server to one of the patches in which this vulnerability has been fixed. For implementations which do NOT use Tracker functionality, it may be possible to block all network access to POST to the /api/trackedEntityInstance and /api/events endpoints as a temporary workaround while waiting to upgrade. | |||||
| CVE-2021-41155 | 1 Enalean | 1 Tuleap | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix: Tuleap Community Edition 11.17.99.146, Tuleap Enterprise Edition 11.17-5, Tuleap Enterprise Edition 11.16-7. | |||||
| CVE-2021-41154 | 1 Enalean | 1 Tuleap | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a "SVN core" repository could execute arbitrary SQL queries. The following versions contain the fix: Tuleap Community Edition 11.17.99.144, Tuleap Enterprise Edition 11.17-5, Tuleap Enterprise Edition 11.16-7. | |||||
| CVE-2021-41148 | 1 Enalean | 1 Tuleap | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with the ability to add one the CI widget to its personal dashboard could execute arbitrary SQL queries. Tuleap Community Edition 11.16.99.173, Tuleap Enterprise Edition 11.16-6, and Tuleap Enterprise Edition 11.15-8 contain a patch for this issue. | |||||
| CVE-2021-41147 | 1 Enalean | 1 Tuleap | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with admin rights in one agile dashboard service can execute arbitrary SQL queries. Tuleap Community Edition 11.16.99.173, Tuleap Enterprise Edition 11.16-6, and Tuleap Enterprise Edition 11.15-8 contain a patch for this issue. | |||||
| CVE-2021-41081 | 1 Zohocorp | 1 Manageengine Network Configuration Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a configuration search. | |||||
| CVE-2021-41080 | 1 Zohocorp | 1 Manageengine Network Configuration Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a hardware details search. | |||||
| CVE-2021-41075 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API. | |||||
| CVE-2021-41063 | 1 Xylem | 1 Aanderaa Geoview | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability was discovered in Aanderaa GeoView Webservice prior to version 2.1.3 that could allow an unauthenticated attackers to execute arbitrary commands. | |||||
| CVE-2021-40993 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-40992 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-40961 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '. | |||||
| CVE-2021-40956 | 1 Laiketui | 1 Laiketui | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| LaiKetui v3.5.0 has SQL injection in the background through the menu management function, and sensitive data can be obtained. | |||||
| CVE-2021-40955 | 1 Laiketui | 1 Laiketui | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection exists in LaiKetui v3.5.0 the background administrator list. | |||||