Total
15217 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28142 | 1 Citsmart | 1 Citsmart | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete." | |||||
| CVE-2021-28053 | 1 Centreon | 1 Centreon | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A SQL injection vulnerability in "Configuration > Users > Contacts / Users" allows remote authenticated users to execute arbitrary SQL commands via the Additional Information parameters. | |||||
| CVE-2021-28022 | 1 Servicetonic | 1 Servicetonic | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Blind SQL injection in the login form in ServiceTonic Helpdesk software < 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries. | |||||
| CVE-2021-27999 | 1 Local Services Search Engine Management System Project | 1 Local Services Search Engine Management System | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| A SQL injection vulnerability was discovered in the editid parameter in Local Services Search Engine Management System Project 1.0. This vulnerability gives admin users the ability to dump all data from the database. | |||||
| CVE-2021-27973 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages. | |||||
| CVE-2021-27950 | 1 Sitasoftware | 1 Azurcms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through 1.2.3.12 allows an authenticated attacker to execute arbitrary SQL commands via the id parameter to mesdocs.ajax.php in azurWebEngine/eShop. By default, the query is executed as DBA. | |||||
| CVE-2021-27948 | 1 Mybb | 1 Mybb | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (issue 3 of 3). | |||||
| CVE-2021-27947 | 1 Mybb | 1 Mybb | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. (issue 2 of 3). | |||||
| CVE-2021-27946 | 1 Mybb | 1 Mybb | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. (issue 1 of 3). | |||||
| CVE-2021-27890 | 1 Mybb | 1 Mybb | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files. | |||||
| CVE-2021-27828 | 1 In4velocity | 1 In4suite Erp | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| SQL injection in In4Suite ERP 3.2.74.1370 allows attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries. | |||||
| CVE-2021-27672 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component. | |||||
| CVE-2021-27644 | 1 Apache | 1 Dolphinscheduler | 2024-11-21 | 6.0 MEDIUM | 8.8 HIGH |
| In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password) | |||||
| CVE-2021-27581 | 1 Kentico | 1 Kentico Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter. | |||||
| CVE-2021-27545 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter. | |||||
| CVE-2021-27472 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements. | |||||
| CVE-2021-27468 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements. | |||||
| CVE-2021-27464 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements. | |||||
| CVE-2021-27320 | 1 Doctor Appointment System Project | 1 Doctor Appointment System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter. | |||||
| CVE-2021-27319 | 1 Doctor Appointment System Project | 1 Doctor Appointment System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter. | |||||