Total
14524 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-46444 | 1 Hhg-multistore | 1 Multistore | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_group_edit&agID. | |||||
| CVE-2021-46436 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.8 MEDIUM | 7.2 HIGH |
| An issue was discovered in ZZCMS 2021. There is a SQL injection vulnerability in ad_manage.php. | |||||
| CVE-2021-46427 | 1 Simple Chatbot Application Project | 1 Simple Chatbot Application | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 via the message parameter in Master.php. | |||||
| CVE-2021-46385 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.FormDataAction#queryData. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database. | |||||
| CVE-2021-46383 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.web.DictAction#list. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database. | |||||
| CVE-2021-46377 | 1 Cskaza | 1 Cszcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| There is a front-end sql injection vulnerability in cszcms 1.2.9 via cszcms/controllers/Member.php#viewUser | |||||
| CVE-2021-46309 | 1 Oretnom23 | 1 Employee And Visitor Gate Pass Logging System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Employee and Visitor Gate Pass Logging System 1.0 via the username parameter. | |||||
| CVE-2021-46308 | 1 Online Railway Reservation System Project | 1 Online Railway Reservation System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Online Railway Reservation Sysytem 1.0 via the sid parameter. | |||||
| CVE-2021-46307 | 1 Projectworlds | 1 Online Examination System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Projectworlds Online Examination System 1.0 via the eid parameter in account.php. | |||||
| CVE-2021-46204 | 1 Taogogo | 1 Taocms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php. | |||||
| CVE-2021-46201 | 1 Online Resort Management System Project | 1 Online Resort Management System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Online Resort Management System 1.0 via the id parameterv in /orms/ node. | |||||
| CVE-2021-46198 | 1 Courier Management System Project | 1 Courier Management System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourceodester Courier Management System 1.0 via the email parameter in /cms/ajax.php app. | |||||
| CVE-2021-46110 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Shopping Portal v3.1 was discovered to contain multiple time-based SQL injection vulnerabilities via the email and contactno parameters. | |||||
| CVE-2021-46089 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges. | |||||
| CVE-2021-46061 | 1 Computer And Mobile Repair Shop Management System Project | 1 Computer And Mobile Repair Shop Management System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Computer and Mobile Repair Shop Management system (RSMS) 1.0 via the code parameter in /rsms/ node app. | |||||
| CVE-2021-46024 | 1 Projectworlds | 1 Online-shopping-webvsite-in-php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL Injection vulnerability via the "id" parameter in cart_add.php, No login is required. | |||||
| CVE-2021-45821 | 1 Btiteam | 1 Xbtit | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid parameter in ajaxchat/getHistoryChatData.php file that is accessible by a registered user. As a result, a malicious user can extract sensitive data such as usernames and passwords and in some cases use this vulnerability in order to get a remote code execution on the remote web server. | |||||
| CVE-2021-45814 | 1 Nettemp | 1 Nnt | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel with an administrative account. | |||||
| CVE-2021-45811 | 1 Enhancesoft | 1 Osticket | 2024-11-21 | N/A | 6.5 MEDIUM |
| A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination. | |||||
| CVE-2021-45803 | 1 Iresturant Project | 1 Iresturant | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because this view parameter value is added to the SQL query without additional verification when viewing reservation. | |||||