ReportizFlow
Filtered by vendor
Subscriptions
Total
16485 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-10983 | 1 Gambio | 1 Gambio Gx | 2024-11-21 | 4.9 Medium |
| Gambio GX before 4.0.1.0 allows SQL Injection in admin/mobile.php. | ||||
| CVE-2020-10982 | 1 Gambio | 1 Gambio Gx | 2024-11-21 | 4.9 Medium |
| Gambio GX before 4.0.1.0 allows SQL Injection in admin/gv_mail.php. | ||||
| CVE-2020-10817 | 1 Custom Searchable Data Entry System Project | 1 Custom Searchable Data Entry System | 2024-11-21 | 8.8 High |
| The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued. | ||||
| CVE-2020-10804 | 4 Fedoraproject, Opensuse, Phpmyadmin and 1 more | 6 Fedora, Backports Sle, Leap and 3 more | 2024-11-21 | 8.0 High |
| In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges). | ||||
| CVE-2020-10803 | 5 Debian, Fedoraproject, Opensuse and 2 more | 7 Debian Linux, Fedora, Backports Sle and 4 more | 2024-11-21 | 5.4 Medium |
| In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack. | ||||
| CVE-2020-10802 | 5 Debian, Fedoraproject, Opensuse and 2 more | 7 Debian Linux, Fedora, Backports Sle and 4 more | 2024-11-21 | 8.0 High |
| In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table. | ||||
| CVE-2020-10623 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 6.5 Medium |
| Multiple vulnerabilities could allow an attacker with low privileges to perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. | ||||
| CVE-2020-10617 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 7.5 High |
| There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. | ||||
| CVE-2020-10582 | 1 Invigo | 1 Automatic Device Management | 2024-11-21 | 9.8 Critical |
| A SQL injection on the /admin/display_errors.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to execute arbitrary SQL requests (including data reading and modification) on the database. | ||||
| CVE-2020-10563 | 1 Devome | 1 Grr | 2024-11-21 | 9.8 Critical |
| An issue was discovered in DEVOME GRR before 3.4.1c. frmcontactlist.php mishandles a SQL query. | ||||
| CVE-2020-10549 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 9.8 Critical |
| rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | ||||
| CVE-2020-10548 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 9.8 Critical |
| rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | ||||
| CVE-2020-10547 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 9.8 Critical |
| rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | ||||
| CVE-2020-10546 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 9.8 Critical |
| rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | ||||
| CVE-2020-10512 | 1 Hgiga | 1 Oaklouds Ccm\@il | 2024-11-21 | 8.8 High |
| HGiga C&Cmail CCMAILQ before olln-calendar-6.0-100.i386.rpm and CCMAILN before olln-calendar-5.0-100.i386.rpm contains a SQL Injection vulnerability which allows attackers to injecting SQL commands in the URL parameter to execute unauthorized commands. | ||||
| CVE-2020-10505 | 1 The School Manage System Project | 1 The School Manage System | 2024-11-21 | 9.8 Critical |
| The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, an attacker can use a union based injection query string to get databases schema and username/password. | ||||
| CVE-2020-10381 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-11-21 | 5.3 Medium |
| An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated SQL injection in DATA24, allowing attackers to discover database and table names. | ||||
| CVE-2020-10380 | 1 R-consortium | 1 Rmysql | 2024-11-21 | 9.8 Critical |
| RMySQL through 0.10.19 allows SQL Injection. | ||||
| CVE-2020-10365 | 1 Logicaldoc | 1 Logicaldoc | 2024-11-21 | 6.5 Medium |
| LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database. This list could be filtered by modifying some of the parameters. Some of them are not properly sanitized which could allow an authenticated attacker to perform arbitrary queries to the database. | ||||
| CVE-2020-10243 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype. | ||||