ReportizFlow
Filtered by vendor
Subscriptions
Total
17315 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-43806 | 1 Enalean | 1 Tuleap | 2024-11-21 | 8.8 High |
| Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly user settings when constructing the SQL query to browse and search commits in the CVS repositories. A authenticated malicious user with read access to a CVS repository could execute arbitrary SQL queries. Tuleap instances without an active CVS repositories are not impacted. The following versions contain the fix: Tuleap Community Edition 13.2.99.155, Tuleap Enterprise Edition 13.1-7, and Tuleap Enterprise Edition 13.2-6. | ||||
| CVE-2021-43789 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 7.5 High |
| PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop prior to 1.7.8.2 are vulnerable to blind SQL injection using search filters with `orderBy` and `sortOrder` parameters. The problem is fixed in version 1.7.8.2. | ||||
| CVE-2021-43766 | 1 Odyssey Project | 1 Odyssey | 2024-11-21 | 8.1 High |
| Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. This is similar to CVE-2021-23214 for PostgreSQL. | ||||
| CVE-2021-43735 | 1 Cmswing | 1 Cmswing | 2024-11-21 | 9.8 Critical |
| CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule. | ||||
| CVE-2021-43701 | 1 Cszcms | 1 Csz Cms | 2024-11-21 | 6.5 Medium |
| CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the fieldS[] and orderby parameters. | ||||
| CVE-2021-43700 | 1 Apimanager Project | 1 Apimanager | 2024-11-21 | 9.8 Critical |
| An issue was discovered in ApiManager 1.1. there is sql injection vulnerability that can use in /index.php?act=api&tag=8. | ||||
| CVE-2021-43679 | 1 Shopex | 1 Ecshop | 2024-11-21 | 9.8 Critical |
| ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api.php. | ||||
| CVE-2021-43650 | 1 Softwell | 1 Webrun | 2024-11-21 | 9.8 Critical |
| WebRun 3.6.0.42 is vulnerable to SQL Injection via the P_0 parameter used to set the username during the login process. | ||||
| CVE-2021-43631 | 1 Projectworlds | 1 Hospital Management System In Php | 2024-11-21 | 9.8 Critical |
| Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the appointment_no parameter in payment.php. | ||||
| CVE-2021-43630 | 1 Projectworlds | 1 Hospital Management System In Php | 2024-11-21 | 8.8 High |
| Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in add_patient.php. As a result, an authenticated malicious user can compromise the databases system and in some cases leverage this vulnerability to get remote code execution on the remote web server. | ||||
| CVE-2021-43629 | 1 Projectworlds | 1 Hospital Management System In Php | 2024-11-21 | 9.8 Critical |
| Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in admin_home.php. | ||||
| CVE-2021-43628 | 1 Projectworlds | 1 Hospital Management System In Php | 2024-11-21 | 9.8 Critical |
| Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the email parameter in hms-staff.php. | ||||
| CVE-2021-43609 | 1 Spiceworks | 1 Help Desk Server | 2024-11-21 | 9.9 Critical |
| An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A Blind Boolean SQL injection vulnerability within the order_by_for_ticket function in app/models/reporting/database_query.rb allows an authenticated attacker to execute arbitrary SQL commands via the sort parameter. This can be leveraged to leak local files from the host system, leading to remote code execution (RCE) through deserialization of malicious data. | ||||
| CVE-2021-43608 | 1 Doctrine-project | 1 Database Abstraction Layer | 2024-11-21 | 9.8 Critical |
| Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of offset and length inputs to the generation of a LIMIT clause was not probably cast to an integer, allowing SQL injection to take place if application developers passed unescaped user input to the DBAL QueryBuilder or any other API that ultimately uses the AbstractPlatform::modifyLimitQuery API. | ||||
| CVE-2021-43510 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the username field in login.php. | ||||
| CVE-2021-43509 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the id parameter in view-service.php. | ||||
| CVE-2021-43506 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2024-11-21 | 9.8 Critical |
| An SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the password parameter in Login.php. | ||||
| CVE-2021-43484 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2024-11-21 | 9.8 Critical |
| A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request. | ||||
| CVE-2021-43481 | 1 Webtareas Project | 1 Webtareas | 2024-11-21 | 9.8 Critical |
| An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php. | ||||
| CVE-2021-43451 | 1 Phpgurukul | 1 Employee Record Management System | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php. | ||||