Total
15170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9265 | 1 Ciprianmp | 1 Phpmychat-plus | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against the deluser.php Delete User functionality, as demonstrated by pmc_username. | |||||
| CVE-2020-9006 | 1 Sygnoos | 1 Popup Builder | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection (in the sgImportPopups function in sg_popup_ajax.php) via PHP Deserialization on attacker-controlled data with the attachmentUrl POST variable. This allows creation of an arbitrary WordPress Administrator account, leading to possible Remote Code Execution because Administrators can run PHP code on Wordpress instances. (This issue has been fixed in the 3.x branch of popup-builder.) | |||||
| CVE-2020-8967 | 1 Gesio | 1 Erp | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| There is an improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability in php files of GESIO ERP. GESIO ERP all versions prior to 11.2 allows malicious users to retrieve all database information. | |||||
| CVE-2020-8841 | 1 Testlink | 1 Testlink | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in TestLink 1.9.19. The relation_type parameter of the lib/requirements/reqSearch.php endpoint is vulnerable to authenticated SQL Injection. | |||||
| CVE-2020-8804 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module. | |||||
| CVE-2020-8802 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation. | |||||
| CVE-2020-8786 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 4 of 4). | |||||
| CVE-2020-8785 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 3 of 4). | |||||
| CVE-2020-8784 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 2 of 4). | |||||
| CVE-2020-8783 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of 4). | |||||
| CVE-2020-8656 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php. | |||||
| CVE-2020-8645 | 1 Simplejobscript | 1 Simplejobscript | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Simplejobscript.com SJS through 1.66. There is an unauthenticated SQL injection via the job applications search function. The vulnerable parameter is job_id. The function is getJobApplicationsByJobId(). The file is _lib/class.JobApplication.php. | |||||
| CVE-2020-8638 | 1 Testlink | 1 Testlink | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter. | |||||
| CVE-2020-8637 | 1 Testlink | 1 Testlink | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the node_id parameter. | |||||
| CVE-2020-8611 | 2 Progess, Progress | 2 Moveit Transfer, Moveit Transfer | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database via the REST API. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or destroy database elements. | |||||
| CVE-2020-8596 | 1 Xnau | 1 Participants Database | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for WordPress has a time-based SQL injection vulnerability via the ascdesc, list_filter_count, or sortBy parameters. It is possible to exfiltrate data and potentially execute code (if certain conditions are met). | |||||
| CVE-2020-8592 | 1 Eginnovations | 1 Eg Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg.LoginHelperServlet (aka the Forgot Password feature). | |||||
| CVE-2020-8521 | 1 Phpzag | 1 Phpzag | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection with start and length parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql | |||||
| CVE-2020-8520 | 1 Phpzag | 1 Phpzag | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection in order and column parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql | |||||
| CVE-2020-8519 | 1 Phpzag | 1 Phpzag | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection with the search parameter in Records.php for phpzag live add edit delete data tables records with ajax php mysql | |||||