ReportizFlow
Filtered by vendor
Subscriptions
Total
17328 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25874 | 1 Youphptube | 1 Youphptube | 2024-11-21 | 7.5 High |
| AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases information such as application passwords hashes. | ||||
| CVE-2021-25784 | 1 Taogogo | 1 Taocms | 2024-11-21 | 7.2 High |
| Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article. | ||||
| CVE-2021-25783 | 1 Taogogo | 1 Taocms | 2024-11-21 | 7.2 High |
| Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search. | ||||
| CVE-2021-25779 | 1 Baby Care System Project | 1 Baby Care System | 2024-11-21 | 9.8 Critical |
| Baby Care System v1.0 is vulnerable to SQL injection via the 'id' parameter on the contentsectionpage.php page. | ||||
| CVE-2021-25482 | 1 Google | 1 Android | 2024-11-21 | 5.9 Medium |
| SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1 allow untrusted application to overwrite some CMFA framework information. | ||||
| CVE-2021-25427 | 1 Google | 1 Android | 2024-11-21 | 6.5 Medium |
| SQL injection vulnerability in Bluetooth prior to SMR July-2021 Release 1 allows unauthorized access to paired device information | ||||
| CVE-2021-25213 | 1 Travel Management System Project | 1 Travel Management System | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in SourceCodester Travel Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the catid parameter to subcat.php. | ||||
| CVE-2021-25212 | 1 Alumni Management System Project | 1 Alumni Management System | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in SourceCodester Alumni Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to manage_event.php. | ||||
| CVE-2021-25209 | 1 Theme Park Ticketing System Project | 1 Theme Park Ticketing System | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in SourceCodester Theme Park Ticketing System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to view_user.php . | ||||
| CVE-2021-25205 | 1 E-commerce Website Project | 1 E-commerce Website | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in SourceCodester E-Commerce Website V 1.0 allows remote attackers to execute arbitrary SQL statements, via the update parameter to empViewUpdate.php . | ||||
| CVE-2021-25202 | 1 Sales And Inventory System Project | 1 Sales And Inventory System | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in SourceCodester Sales and Inventory System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to \ahira\admin\inventory.php. | ||||
| CVE-2021-25201 | 1 Learning Management System Project | 1 Learning Management System | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in Learning Management System v 1.0 allows remote attackers to execute arbitrary SQL statements through the id parameter to obtain sensitive database information. | ||||
| CVE-2021-25153 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 8.1 High |
| A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability. | ||||
| CVE-2021-25114 | 1 Strangerstudios | 1 Paid Memberships Pro | 2024-11-21 | 9.8 Critical |
| The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape the discount_code in one of its REST route (available to unauthenticated users) before using it in a SQL statement, leading to a SQL injection | ||||
| CVE-2021-25109 | 1 Futuriowp | 1 Futurio Extra | 2024-11-21 | 2.7 Low |
| The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting (XSS) against logged in admins by making send open a malicious link. | ||||
| CVE-2021-25076 | 1 Wedevs | 1 Wp User Frontend | 2024-11-21 | 8.8 High |
| The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting | ||||
| CVE-2021-25070 | 1 Stopbadbots | 1 Block And Stop Bad Bots | 2024-11-21 | 9.8 Critical |
| The Block Bad Bots WordPress plugin before 6.88 does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issue | ||||
| CVE-2021-25068 | 1 Dpl | 1 Sync Woocommerce Product Feed To Google Shopping | 2024-11-21 | 7.2 High |
| The Sync WooCommerce Product feed to Google Shopping WordPress plugin through 1.2.4 uses the 'feed_id' POST parameter which is not properly sanitized for use in a SQL statement, leading to a SQL injection vulnerability in the admin dashboard | ||||
| CVE-2021-25064 | 1 Wow-company | 1 Wow Countdowns | 2024-11-21 | 7.2 High |
| The Wow Countdowns WordPress plugin through 3.1.2 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection. | ||||
| CVE-2021-25054 | 1 Wow-company | 1 Wpcalc | 2024-11-21 | 8.8 High |
| The WPcalc WordPress plugin through 2.1 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection vulnerability. | ||||