ReportizFlow
Filtered by vendor
Subscriptions
Total
16484 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-35847 | 1 Agentejo | 1 Cockpit | 2024-11-21 | 9.8 Critical |
| Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function. | ||||
| CVE-2020-35846 | 1 Agentejo | 1 Cockpit | 2024-11-21 | 9.8 Critical |
| Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function. | ||||
| CVE-2020-35765 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 8.8 High |
| doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do. | ||||
| CVE-2020-35743 | 1 Hgiga | 4 Msr45 Isherlock-antispam, Msr45 Isherlock-user, Ssr45 Isherlock-antispam and 1 more | 2024-11-21 | 7 High |
| HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages. | ||||
| CVE-2020-35742 | 1 Hgiga | 4 Msr45 Isherlock-antispam, Msr45 Isherlock-user, Ssr45 Isherlock-antispam and 1 more | 2024-11-21 | 7 High |
| HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter. | ||||
| CVE-2020-35708 | 1 Phplist | 1 Phplist | 2024-11-21 | 7.2 High |
| phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page. | ||||
| CVE-2020-35701 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2024-11-21 | 8.8 High |
| An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution. | ||||
| CVE-2020-35700 | 1 Librenms | 1 Librenms | 2024-11-21 | 8.8 High |
| A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-settings endpoint. | ||||
| CVE-2020-35674 | 1 Bigprof | 1 Online Invoicing System | 2024-11-21 | 9.8 Critical |
| BigProf Online Invoicing System before 2.9 suffers from an unauthenticated SQL Injection found in /membership_passwordReset.php (the endpoint that is responsible for issuing self-service password resets). An unauthenticated attacker is able to send a request containing a crafted payload that can result in sensitive information being extracted from the database, eventually leading into an application takeover. This vulnerability was introduced as a result of the developer trying to roll their own sanitization implementation in order to allow the application to be used in legacy environments. | ||||
| CVE-2020-35666 | 1 Steedos | 1 Steedos | 2024-11-21 | 8.8 High |
| Steedos Platform through 1.21.24 allows NoSQL injection because the /api/collection/findone implementation in server/packages/steedos_base.js mishandles req.body validation, as demonstrated by MongoDB operator attacks such as an X-User-Id[$ne]=1 value. | ||||
| CVE-2020-35613 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Joomla! 3.0.0 through 3.9.22. Improper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list. | ||||
| CVE-2020-35597 | 1 Victor Cms Project | 1 Victor Cms | 2024-11-21 | 8.8 High |
| Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_update_categories.php. | ||||
| CVE-2020-35545 | 1 Spotweb Project | 1 Spotweb | 2024-11-21 | 9.8 Critical |
| Time-based SQL injection exists in Spotweb 1.4.9 via the query string. | ||||
| CVE-2020-35441 | 1 Fangfa | 1 Fdcms | 2024-11-21 | 9.8 Critical |
| FDCMS (aka Fangfa Content Management System) 4.0 contains a front-end SQL injection via Admin/Lib/Action/FloginAction.class.php. | ||||
| CVE-2020-35430 | 1 Inxedu | 1 Inxedu | 2024-11-21 | 9.8 Critical |
| SQL Injection in com/inxedu/OS/edu/controller/letter/AdminMsgSystemController in Inxedu v2.0.6 via the ids parameter to admin/letter/delsystem. | ||||
| CVE-2020-35427 | 1 Phpgurukul | 1 Employee Record Management System | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication. | ||||
| CVE-2020-35382 | 1 Classroombookings | 1 Classroombookings | 2024-11-21 | 7.2 High |
| SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user. | ||||
| CVE-2020-35378 | 1 Online Bus Ticket Reservation Project | 1 Online Bus Ticket Reservation | 2024-11-21 | 9.8 Critical |
| SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute arbitrary SQL commands and bypass authentication via the username and password fields. | ||||
| CVE-2020-35337 | 1 Thinksaas | 1 Thinksaas | 2024-11-21 | 9.8 Critical |
| ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands. | ||||
| CVE-2020-35329 | 1 Courier Management System Project | 1 Courier Management System | 2024-11-21 | 6.5 Medium |
| Courier Management System 1.0 1.0 is affected by SQL Injection via 'MULTIPART street '. | ||||