Total
15488 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37478 | 1 Naviwebs | 1 Navigatecms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In NavigateCMS version 2.9.4 and below, function `block` is vulnerable to sql injection on parameter `block-order`, which results in arbitrary sql query execution in the backend database. | |||||
| CVE-2021-37477 | 1 Naviwebs | 1 Navigatecms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In NavigateCMS version 2.9.4 and below, function in `structure.php` is vulnerable to sql injection on parameter `children_order`, which results in arbitrary sql query execution in the backend database. | |||||
| CVE-2021-37476 | 1 Naviwebs | 1 Navigatecms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `id` through a post request, which results in arbitrary sql query execution in the backend database. | |||||
| CVE-2021-37475 | 1 Naviwebs | 1 Navigatecms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In NavigateCMS version 2.9.4 and below, function in `templates.php` is vulnerable to sql injection on parameter `template-properties-order`, which results in arbitrary sql query execution in the backend database. | |||||
| CVE-2021-37473 | 1 Naviwebs | 1 Navigatecms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `products-order` through a post request, which results in arbitrary sql query execution in the backend database. | |||||
| CVE-2021-37422 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases. | |||||
| CVE-2021-37413 | 1 Grandcom | 1 Dynweb | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the webpage, access the user database, modify web content and upload custom files. The backend login script does not verify and sanitize user-provided strings. | |||||
| CVE-2021-37371 | 1 Online Student Admission System Project | 1 Online Student Admission System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Student Admission System 1.0 is affected by an unauthenticated SQL injection bypass vulnerability in /admin/login.php. | |||||
| CVE-2021-37358 | 1 Seacms | 1 Seacms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in SEACMS v210530 (2021-05-30) allows remote attackers to execute arbitrary code via the component "admin_ajax.php?action=checkrepeat&v_name=". | |||||
| CVE-2021-37350 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation. | |||||
| CVE-2021-37291 | 1 Kevinlab | 1 4st L-bems | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php. | |||||
| CVE-2021-37197 | 1 Siemens | 1 Comos | 2024-11-21 | 6.0 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS is vulnerable to SQL injections. This could allow an attacker to execute arbitrary SQL statements. | |||||
| CVE-2021-36916 | 1 Wpwave | 1 Hide My Wp | 2024-11-21 | 7.5 HIGH | 8.6 HIGH |
| The SQL injection vulnerability in the Hide My WP WordPress plugin (versions <= 6.2.3) is possible because of how the IP address is retrieved and used inside a SQL query. The function "hmwp_get_user_ip" tries to retrieve the IP address from multiple headers, including IP address headers that the user can spoof, such as "X-Forwarded-For." As a result, the malicious payload supplied in one of these IP address headers will be directly inserted into the SQL query, making SQL injection possible. | |||||
| CVE-2021-36898 | 1 Expresstech | 1 Quiz And Survey Master | 2024-11-21 | N/A | 9.1 CRITICAL |
| Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress. | |||||
| CVE-2021-36880 | 1 Stylemixthemes | 1 Ulisting | 2024-11-21 | 7.5 HIGH | 8.6 HIGH |
| Unauthenticated SQL Injection (SQLi) vulnerability in WordPress uListing plugin (versions <= 2.0.3), vulnerable parameter: custom. | |||||
| CVE-2021-36807 | 1 Sophos | 1 Unified Threat Management Up2date | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8. | |||||
| CVE-2021-36789 | 1 Dated News Project | 1 Dated News | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows SQL Injection. | |||||
| CVE-2021-36748 | 1 Prestahome | 1 Blog | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL Injection issue in the list controller of the Prestahome Blog (aka ph_simpleblog) module before 1.7.8 for Prestashop allows a remote attacker to extract data from the database via the sb_category parameter. | |||||
| CVE-2021-36722 | 1 Emuse - Eservices \/ Envoice Project | 1 Emuse - Eservices \/ Envoice | 2024-11-21 | 10.0 HIGH | 7.1 HIGH |
| Emuse - eServices / eNvoice SQL injection can be used in various ways ranging from bypassing login authentication or dumping the whole database to full RCE on the affected endpoints. The SQLi caused by CWE-209: Generation of Error Message Containig Sensetive Information, showing parts of the aspx code and the webroot location , information an attacker can leverage to further compromise the host. | |||||
| CVE-2021-36625 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement. | |||||