Total
15151 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-22170 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2020-22169 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\appointment-history.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2020-22168 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2020-22166 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\forgot-password.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2020-22165 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2020-22164 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\check_availability.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2020-22122 | 1 Find A Place Ljcms Project | 1 Find A Place Ljcms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL injection vulnerability in /oa.php?c=Staff&a=read of Find a Place LJCMS v 1.3 allows attackers to access sensitive database information via a crafted POST request. | |||||
| CVE-2020-21809 | 1 Nukeviet | 1 Nukeviet | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the (1) listid parameter in detail.php and the (2) group_price or groupid parameters in search_result.php. | |||||
| CVE-2020-21808 | 1 Nukeviet | 1 Nukeviet | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in NukeViet CMS 4.0.10 - 4.3.07 via:the topicsid parameter in modules/news/admin/addtotopics.php. | |||||
| CVE-2020-21806 | 1 Ectouch | 1 Ectouch | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection Vulnerability in ECTouch v2 via the shop page in index.php.. | |||||
| CVE-2020-21726 | 1 Opensns | 1 Opensns | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the cid parameter. | |||||
| CVE-2020-21725 | 1 Opensns | 1 Opensns | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the pid parameter. | |||||
| CVE-2020-21667 | 1 Fastadmin-tp6 Project | 1 Fastadmin-tp6 | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the 'table' parameter passed is not filtered so a malicious parameter can be passed for SQL injection. | |||||
| CVE-2020-21665 | 1 Fastadmin | 1 Fastadmin | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| In fastadmin V1.0.0.20191212_beta, when a user with administrator rights has logged in, a malicious parameter can be passed for SQL injection in URL /admin/ajax/weigh. | |||||
| CVE-2020-21662 | 1 Yunyecms | 1 Yunyecms | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to run arbitrary SQL commands via XFF. | |||||
| CVE-2020-21394 | 1 Crmeb | 1 Crmeb | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL Injection vulnerability in Zhong Bang Technology Co., Ltd CRMEB mall system V2.60 and V3.1 via the tablename parameter in SystemDatabackup.php. | |||||
| CVE-2020-21378 | 1 Seacms | 1 Seacms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id parameter in an edit action to admin_members_group.php. | |||||
| CVE-2020-21377 | 1 Yunyecms | 1 Yunyecms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in yunyecms V2.0.1 via the selcart parameter. | |||||
| CVE-2020-21250 | 1 Cszcms | 1 Csz Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CSZ CMS v1.2.4 was discovered to contain an arbitrary file upload vulnerability in the component /core/MY_Security.php. | |||||
| CVE-2020-21180 | 1 Koa2-blog Project | 1 Koa2-blog | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signup page. | |||||