Total
15227 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40313 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Piwigo v11.5 was discovered to contain a SQL injection vulnerability via the parameter pwg_token in /admin/batch_manager_global.php. | |||||
| CVE-2021-40309 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability exists in the Take Attendance functionality of OS4Ed's OpenSIS 8.0. allows an attacker to inject their own SQL query. The cp_id_miss_attn parameter from TakeAttendance.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request as a user with access to "Take Attendance" functionality to trigger this vulnerability. | |||||
| CVE-2021-40282 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php. when registering ordinary users. | |||||
| CVE-2021-40281 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary users. | |||||
| CVE-2021-40280 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/dl_sendmail.php. | |||||
| CVE-2021-40279 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/bad.php. | |||||
| CVE-2021-40247 | 1 Oretnom23 | 1 Budget And Expense Tracker System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field. | |||||
| CVE-2021-40129 | 1 Cisco | 1 Common Services Platform Collector | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration dashboard. This vulnerability is due to insufficient input validation of uploaded files. An attacker could exploit this vulnerability by uploading a file containing a SQL query to the configuration dashboard. A successful exploit could allow the attacker to read restricted information from the CSPC SQL database. | |||||
| CVE-2021-3958 | 1 Ipack | 1 Scada Automation | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Improper Handling of Parameters vulnerability in Ipack Automation Systems Ipack SCADA Software allows : Blind SQL Injection.This issue affects Ipack SCADA Software: from unspecified before 1.1.0. | |||||
| CVE-2021-3860 | 1 Jfrog | 1 Artifactory | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query. | |||||
| CVE-2021-3854 | 1 Glox | 1 Useroam Hotspot | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Glox Technology Useroam Hotspot allows SQL Injection. This issue affects Useroam Hotspot: before 5.1.0.15. | |||||
| CVE-2021-3817 | 1 Wbce | 1 Wbce Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| wbce_cms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command | |||||
| CVE-2021-3604 | 1 Primion-digitek | 1 Secure 8 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database. | |||||
| CVE-2021-3286 | 1 Spotweb Project | 1 Spotweb | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545. | |||||
| CVE-2021-3278 | 1 Local Services Search Engine Management System Project | 1 Local Services Search Engine Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Local Service Search Engine Management System 1.0 has a vulnerability through authentication bypass using SQL injection . Using this vulnerability, an attacker can bypass the login page. | |||||
| CVE-2021-3264 | 1 Cxuu | 1 Cxuucms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php. | |||||
| CVE-2021-3262 | 1 Trispark | 2 Novusedu, Veo Transportation | 2024-11-21 | N/A | 9.8 CRITICAL |
| TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queries. | |||||
| CVE-2021-3242 | 1 Duxcms Project | 1 Duxcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| DuxCMS v3.1.3 was discovered to contain a SQL injection vulnerability via the component s/tools/SendTpl/index?keyword=. | |||||
| CVE-2021-3239 | 1 E-learning System Project | 1 E-learning System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| E-Learning System 1.0 suffers from an unauthenticated SQL injection vulnerability, which allows remote attackers to execute arbitrary code on the hosting web server and gain a reverse shell. | |||||
| CVE-2021-3118 | 1 Medicalexpo | 1 Ecs Imaging | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has multiple SQL Injection issues in the login form and the password-forgotten form (such as /req_password_user.php?email=). This allows an attacker to steal data in the database and obtain access to the application. (The database component runs as root.) NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||