Total
15167 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36538 | 1 Etan | 1 Etan Cms | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Eatan CMS. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The attack can be launched remotely. | |||||
| CVE-2020-36537 | 1 Everywhere | 1 Everywhere Cms | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Everywhere CMS. It has been classified as critical. Affected is an unknown function. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. | |||||
| CVE-2020-36536 | 1 Brandbugle | 1 Brandbugle | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Brandbugle. It has been rated as critical. Affected by this issue is some unknown functionality of the file /main.php. The manipulation leads to sql injection. The attack may be launched remotely. | |||||
| CVE-2020-36535 | 1 Minmax | 1 Minmax | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in MINMAX. This affects an unknown part of the file /newsDia.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. | |||||
| CVE-2020-36530 | 1 Ibm | 1 Sevone Network Performance Management | 2024-11-21 | 6.0 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in SevOne Network Management System up to 5.7.2.22. This vulnerability affects the Alert Summary. The manipulation leads to sql injection. The attack can be initiated remotely. | |||||
| CVE-2020-36195 | 1 Qnap | 3 Media Streaming Add-on, Multimedia Console, Qts | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and later We have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively: QTS 4.3.3.1624 Build 20210416 or later QTS 4.3.6.1620 Build 20210322 or later | |||||
| CVE-2020-36136 | 1 Cskaza | 1 Cszcms | 2024-11-21 | N/A | 7.5 HIGH |
| SQL Injection vulnerability in cskaza cszcms version 1.2.9, allows attackers to gain sensitive information via pm_sendmail parameter in csz_model.php. | |||||
| CVE-2020-36112 | 1 Cse Bookstore Project | 1 Cse Bookstore | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application is running. | |||||
| CVE-2020-36034 | 1 School Faculty Scheduling System Project | 1 School Faculty Scheduling System | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in oretnom23 School Faculty Scheduling System version 1.0, allows remote attacker to execute arbitrary code, escalate privilieges, and gain sensitive information via crafted payload to id parameter in manage_user.php. | |||||
| CVE-2020-36033 | 1 Water Billing System Project | 1 Water Billing System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the id parameter to edituser.php. | |||||
| CVE-2020-36004 | 1 Appcms | 1 Appcms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| AppCMS 2.0.101 in /admin/download_frame.php has a SQL injection vulnerability which allows attackers to obtain sensitive database information. | |||||
| CVE-2020-36003 | 1 Online Book Store Project | 1 Online Book Store | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases. | |||||
| CVE-2020-36002 | 1 Seat-reservation-system Project | 1 Seat-reservation-system | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Seat-Reservation-System 1.0 has a SQL injection vulnerability in index.php in the id parameter where attackers can obtain sensitive database information. | |||||
| CVE-2020-35848 | 1 Agentejo | 1 Cockpit | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function. | |||||
| CVE-2020-35847 | 1 Agentejo | 1 Cockpit | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function. | |||||
| CVE-2020-35846 | 1 Agentejo | 1 Cockpit | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function. | |||||
| CVE-2020-35765 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do. | |||||
| CVE-2020-35743 | 1 Hgiga | 4 Msr45 Isherlock-antispam, Msr45 Isherlock-user, Ssr45 Isherlock-antispam and 1 more | 2024-11-21 | 6.5 MEDIUM | 7.0 HIGH |
| HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages. | |||||
| CVE-2020-35742 | 1 Hgiga | 4 Msr45 Isherlock-antispam, Msr45 Isherlock-user, Ssr45 Isherlock-antispam and 1 more | 2024-11-21 | 6.5 MEDIUM | 7.0 HIGH |
| HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter. | |||||
| CVE-2020-35708 | 1 Phplist | 1 Phplist | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page. | |||||