ReportizFlow
Filtered by vendor
Subscriptions
Total
16423 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40309 | 1 Os4ed | 1 Opensis | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability exists in the Take Attendance functionality of OS4Ed's OpenSIS 8.0. allows an attacker to inject their own SQL query. The cp_id_miss_attn parameter from TakeAttendance.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request as a user with access to "Take Attendance" functionality to trigger this vulnerability. | ||||
| CVE-2021-40282 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 8.8 High |
| An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php. when registering ordinary users. | ||||
| CVE-2021-40281 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 8.8 High |
| An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary users. | ||||
| CVE-2021-40280 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.2 High |
| An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/dl_sendmail.php. | ||||
| CVE-2021-40279 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.2 High |
| An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/bad.php. | ||||
| CVE-2021-40247 | 1 Oretnom23 | 1 Budget And Expense Tracker System | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field. | ||||
| CVE-2021-40129 | 1 Cisco | 1 Common Services Platform Collector | 2024-11-21 | 4.9 Medium |
| A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration dashboard. This vulnerability is due to insufficient input validation of uploaded files. An attacker could exploit this vulnerability by uploading a file containing a SQL query to the configuration dashboard. A successful exploit could allow the attacker to read restricted information from the CSPC SQL database. | ||||
| CVE-2021-3958 | 1 Ipack | 1 Scada Automation | 2024-11-21 | 9.8 Critical |
| Improper Handling of Parameters vulnerability in Ipack Automation Systems Ipack SCADA Software allows : Blind SQL Injection.This issue affects Ipack SCADA Software: from unspecified before 1.1.0. | ||||
| CVE-2021-3935 | 4 Debian, Fedoraproject, Pgbouncer and 1 more | 4 Debian Linux, Fedora, Pgbouncer and 1 more | 2024-11-21 | 8.1 High |
| When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1. | ||||
| CVE-2021-3860 | 1 Jfrog | 1 Artifactory | 2024-11-21 | 8.8 High |
| JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query. | ||||
| CVE-2021-3817 | 1 Wbce | 1 Wbce Cms | 2024-11-21 | 9.8 Critical |
| wbce_cms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command | ||||
| CVE-2021-3604 | 1 Primion-digitek | 1 Secure 8 | 2024-11-21 | 9.8 Critical |
| Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database. | ||||
| CVE-2021-3286 | 1 Spotweb Project | 1 Spotweb | 2024-11-21 | 9.8 Critical |
| SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545. | ||||
| CVE-2021-3278 | 1 Local Services Search Engine Management System Project | 1 Local Services Search Engine Management System | 2024-11-21 | 9.8 Critical |
| Local Service Search Engine Management System 1.0 has a vulnerability through authentication bypass using SQL injection . Using this vulnerability, an attacker can bypass the login page. | ||||
| CVE-2021-3264 | 1 Cxuu | 1 Cxuucms | 2024-11-21 | 7.2 High |
| SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php. | ||||
| CVE-2021-3262 | 1 Trispark | 2 Novusedu, Veo Transportation | 2024-11-21 | 9.8 Critical |
| TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queries. | ||||
| CVE-2021-3242 | 1 Duxcms Project | 1 Duxcms | 2024-11-21 | 9.8 Critical |
| DuxCMS v3.1.3 was discovered to contain a SQL injection vulnerability via the component s/tools/SendTpl/index?keyword=. | ||||
| CVE-2021-3239 | 1 E-learning System Project | 1 E-learning System | 2024-11-21 | 9.8 Critical |
| E-Learning System 1.0 suffers from an unauthenticated SQL injection vulnerability, which allows remote attackers to execute arbitrary code on the hosting web server and gain a reverse shell. | ||||
| CVE-2021-3118 | 1 Medicalexpo | 1 Ecs Imaging | 2024-11-21 | 9.8 Critical |
| EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has multiple SQL Injection issues in the login form and the password-forgotten form (such as /req_password_user.php?email=). This allows an attacker to steal data in the database and obtain access to the application. (The database component runs as root.) NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2021-3110 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 9.8 Critical |
| The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter. | ||||