ReportizFlow
Filtered by vendor
Subscriptions
Total
16485 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-18106 | 1 Wms Project | 1 Wms | 2024-11-21 | 9.8 Critical |
| The GET parameter "id" in WMS v1.0 is passed without filtering, which allows attackers to perform SQL injection. | ||||
| CVE-2020-18081 | 1 Sem-cms | 1 Semcms | 2024-11-21 | 7.5 High |
| The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query. | ||||
| CVE-2020-18020 | 1 Phpshe | 1 Mall System | 2024-11-21 | 9.8 Critical |
| SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the "user_phone" parameter of a crafted HTTP request to the "admin.php" component. | ||||
| CVE-2020-18019 | 1 Xinfu | 1 Oa System | 2024-11-21 | 7.5 High |
| SQL Injection in Xinhu OA System v1.8.3 allows remote attackers to obtain sensitive information by injecting arbitrary commands into the "typeid" variable of the "createfolderAjax" function in the "mode_worcAction.php" component. | ||||
| CVE-2020-18013 | 1 Whatsns | 1 Whatsns | 2024-11-21 | 9.8 Critical |
| SQL Injextion vulnerability exists in Whatsns 4.0 via the ip parameter in index.php?admin_banned/add.htm. | ||||
| CVE-2020-17506 | 1 Articatech | 1 Web Proxy | 2024-11-21 | 9.8 Critical |
| Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php. | ||||
| CVE-2020-17373 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 5.3 Medium |
| SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection. | ||||
| CVE-2020-16629 | 1 Phpok | 1 Phpok | 2024-11-21 | 9.8 Critical |
| PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target path. | ||||
| CVE-2020-16277 | 1 Carson-saint | 1 Saint Security Suite | 2024-11-21 | 8.8 High |
| An SQL injection vulnerability in the Analytics component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database. | ||||
| CVE-2020-16276 | 1 Carson-saint | 1 Saint Security Suite | 2024-11-21 | 8.8 High |
| An SQL injection vulnerability in the Assets component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database. | ||||
| CVE-2020-16267 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 8.8 High |
| Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the RCA module. | ||||
| CVE-2020-16104 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 8.2 High |
| SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); 8.00 versions prior to 8.00.1228(MR6); version 7.90 and prior versions. | ||||
| CVE-2020-15947 | 1 Loway | 1 Queuemetrics | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability in the qm_adm/qm_export_stats_run.do endpoint of Loway QueueMetrics before 19.10.21 allows remote authenticated users to execute arbitrary SQL commands via the exportId parameter. | ||||
| CVE-2020-15927 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 8.8 High |
| Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the SAP module. | ||||
| CVE-2020-15925 | 1 Loway | 1 Queuemetrics | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.10.21 allows remote authenticated attackers to execute arbitrary SQL commands via the TPF_XPAR1 parameter. | ||||
| CVE-2020-15924 | 1 Midasolutions | 1 Eframework | 2024-11-21 | 7.5 High |
| There is a SQL Injection in Mida eFramework through 2.9.0 that leads to Information Disclosure. No authentication is required. The injection point resides in one of the authentication parameters. | ||||
| CVE-2020-15887 | 1 Softwareupdate Project | 1 Softwareupdate | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability in softwareupdate_controller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter of the /module/softwareupdate/get_tab_data/ endpoint. | ||||
| CVE-2020-15886 | 1 Reportdata Project | 1 Reportdata | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability in reportdata_controller.php in the reportdata module before 3.5 for MunkiReport allows attackers to execute arbitrary SQL commands via the req parameter of the /module/reportdata/ip endpoint. | ||||
| CVE-2020-15884 | 1 Munkireport Project | 1 Munkireport | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability in TableQuery.php in MunkiReport before 5.6.3 allows attackers to execute arbitrary SQL commands via the order[0][dir] field on POST requests to /datatables/data. | ||||
| CVE-2020-15873 | 1 Librenms | 1 Librenms | 2024-11-21 | 6.5 Medium |
| In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php device_id POST parameter to ajax_form.php. | ||||