Filtered by CWE-89
Filtered by vendor Subscriptions
Total 15806 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-27644 1 Apache 1 Dolphinscheduler 2024-11-21 8.8 High
In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)
CVE-2021-27581 1 Kentico 1 Kentico Cms 2024-11-21 9.8 Critical
The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter.
CVE-2021-27545 1 Phpgurukul 1 Beauty Parlour Management System 2024-11-21 6.5 Medium
SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter.
CVE-2021-27320 1 Doctor Appointment System Project 1 Doctor Appointment System 2024-11-21 7.5 High
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter.
CVE-2021-27319 1 Doctor Appointment System Project 1 Doctor Appointment System 2024-11-21 7.5 High
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter.
CVE-2021-27316 1 Doctor Appointment System Project 1 Doctor Appointment System 2024-11-21 7.5 High
Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter.
CVE-2021-27315 1 Doctor Appointment System Project 1 Doctor Appointment System 2024-11-21 7.5 High
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment parameter.
CVE-2021-27314 1 Doctor Appointment System Project 1 Doctor Appointment System 2024-11-21 9.8 Critical
SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page.
CVE-2021-27234 1 Mutare 1 Voice 2024-11-21 9.8 Critical
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. The web application suffers from SQL injection on Adminlog.asp, Archivemsgs.asp, Deletelog.asp, Eventlog.asp, and Evmlog.asp.
CVE-2021-27130 1 Online Reviewer System Project 1 Online Reviewer System 2024-11-21 9.8 Critical
Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload.
CVE-2021-27124 1 Doctor Appointment System Project 1 Doctor Appointment System 2024-11-21 6.5 Medium
SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack.
CVE-2021-27021 1 Puppet 3 Puppet, Puppet Enterprise, Puppetdb 2024-11-21 8.8 High
A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.
CVE-2021-26966 1 Arubanetworks 1 Airwave 2024-11-21 6.5 Medium
A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database.
CVE-2021-26965 1 Arubanetworks 1 Airwave 2024-11-21 6.5 Medium
A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database.
CVE-2021-26935 1 Wowonder 1 Wowonder 2024-11-21 7.5 High
In WoWonder < 3.1, remote attackers can gain access to the database by exploiting a requests.php?f=search-my-followers SQL Injection vulnerability via the event_id parameter.
CVE-2021-26904 1 Isida 1 Retriever 2024-11-21 9.8 Critical
LMA ISIDA Retriever 5.2 allows SQL Injection.
CVE-2021-26837 1 Fortra 1 Delivernow 2024-11-21 9.8 Critical
SQL Injection vulnerability in SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18, allows attackers to execute arbitrary code, escalate privileges, and gain sensitive information.
CVE-2021-26830 1 Tribalsystems 1 Zenario 2024-11-21 9.1 Critical
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.
CVE-2021-26822 1 Phpgurukul 1 Teachers Record Management System 2024-11-21 9.8 Critical
Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in 'searchteacher' POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthenticated attacker to leak sensitive information and perform code execution attacks.
CVE-2021-26795 1 Talariax 1 Sendquick Alert Plus Server Admin 2024-11-21 8.8 High
A SQL Injection vulnerability in /appliance/shiftmgn.php in TalariaX sendQuick Alert Plus Server Admin 4.3 before 8HF11 allows attackers to obtain sensitive information via a Roster Time to Roster Management.