ReportizFlow
Filtered by vendor
Subscriptions
Total
18334 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-37478 | 1 Naviwebs | 1 Navigatecms | 2024-11-21 | 9.8 Critical |
| In NavigateCMS version 2.9.4 and below, function `block` is vulnerable to sql injection on parameter `block-order`, which results in arbitrary sql query execution in the backend database. | ||||
| CVE-2021-37477 | 1 Naviwebs | 1 Navigatecms | 2024-11-21 | 9.8 Critical |
| In NavigateCMS version 2.9.4 and below, function in `structure.php` is vulnerable to sql injection on parameter `children_order`, which results in arbitrary sql query execution in the backend database. | ||||
| CVE-2021-37476 | 1 Naviwebs | 1 Navigatecms | 2024-11-21 | 9.8 Critical |
| In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `id` through a post request, which results in arbitrary sql query execution in the backend database. | ||||
| CVE-2021-37475 | 1 Naviwebs | 1 Navigatecms | 2024-11-21 | 9.8 Critical |
| In NavigateCMS version 2.9.4 and below, function in `templates.php` is vulnerable to sql injection on parameter `template-properties-order`, which results in arbitrary sql query execution in the backend database. | ||||
| CVE-2021-37473 | 1 Naviwebs | 1 Navigatecms | 2024-11-21 | 9.8 Critical |
| In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `products-order` through a post request, which results in arbitrary sql query execution in the backend database. | ||||
| CVE-2021-37422 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases. | ||||
| CVE-2021-37413 | 1 Grandcom | 1 Dynweb | 2024-11-21 | 9.8 Critical |
| GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the webpage, access the user database, modify web content and upload custom files. The backend login script does not verify and sanitize user-provided strings. | ||||
| CVE-2021-37371 | 1 Online Student Admission System Project | 1 Online Student Admission System | 2024-11-21 | 9.8 Critical |
| Online Student Admission System 1.0 is affected by an unauthenticated SQL injection bypass vulnerability in /admin/login.php. | ||||
| CVE-2021-37358 | 1 Seacms | 1 Seacms | 2024-11-21 | 9.8 Critical |
| SQL Injection in SEACMS v210530 (2021-05-30) allows remote attackers to execute arbitrary code via the component "admin_ajax.php?action=checkrepeat&v_name=". | ||||
| CVE-2021-37350 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 9.8 Critical |
| Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation. | ||||
| CVE-2021-37291 | 1 Kevinlab | 1 4st L-bems | 2024-11-21 | 9.8 Critical |
| An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php. | ||||
| CVE-2021-37197 | 1 Siemens | 1 Comos | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS is vulnerable to SQL injections. This could allow an attacker to execute arbitrary SQL statements. | ||||
| CVE-2021-36807 | 1 Sophos | 1 Unified Threat Management Up2date | 2024-11-21 | 8.8 High |
| An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8. | ||||
| CVE-2021-36789 | 1 Dated News Project | 1 Dated News | 2024-11-21 | 9.8 Critical |
| The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows SQL Injection. | ||||
| CVE-2021-36748 | 1 Prestahome | 1 Blog | 2024-11-21 | 7.5 High |
| A SQL Injection issue in the list controller of the Prestahome Blog (aka ph_simpleblog) module before 1.7.8 for Prestashop allows a remote attacker to extract data from the database via the sb_category parameter. | ||||
| CVE-2021-36722 | 1 Emuse - Eservices \/ Envoice Project | 1 Emuse - Eservices \/ Envoice | 2024-11-21 | 7.1 High |
| Emuse - eServices / eNvoice SQL injection can be used in various ways ranging from bypassing login authentication or dumping the whole database to full RCE on the affected endpoints. The SQLi caused by CWE-209: Generation of Error Message Containig Sensetive Information, showing parts of the aspx code and the webroot location , information an attacker can leverage to further compromise the host. | ||||
| CVE-2021-36625 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 8.8 High |
| An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement. | ||||
| CVE-2021-36624 | 1 Phone Shop Sales Management System Project | 1 Phone Shop Sales Management System | 2024-11-21 | 9.8 Critical |
| Sourcecodester Phone Shop Sales Managements System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. | ||||
| CVE-2021-36621 | 1 Online Covid Vaccination Scheduler System Project | 1 Online Covid Vaccination Scheduler System | 2024-11-21 | 8.1 High |
| Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection. The username parameter is vulnerable to time-based SQL injection. Upon successful dumping the admin password hash, an attacker can decrypt and obtain the plain-text password. Hence, the attacker could authenticate as Administrator. | ||||
| CVE-2021-36455 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | 8.8 High |
| SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php. | ||||