Total
14524 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42325 | 1 Froxlor | 1 Froxlor | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name. | |||||
| CVE-2021-42313 | 1 Microsoft | 1 Defender For Iot | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| Microsoft Defender for IoT Remote Code Execution Vulnerability | |||||
| CVE-2021-42311 | 1 Microsoft | 1 Defender For Iot | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| Microsoft Defender for IoT Remote Code Execution Vulnerability | |||||
| CVE-2021-42235 | 1 Enhancesoft | 1 Osticket | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers to access the osTicket administration profile functionality. | |||||
| CVE-2021-42224 | 1 Phpgurukul | 1 Ifsc Code Finder | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php. | |||||
| CVE-2021-42185 | 1 Wdja | 1 Wdja | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| wdja v2.1 is affected by a SQL injection vulnerability in the foreground search function. | |||||
| CVE-2021-42169 | 1 Simple Payroll System With Dynamic Tax Bracket Project | 1 Simple Payroll System With Dynamic Tax Bracket | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parameter (username) from the login form is not protected correctly and there is no security and escaping from malicious payloads. | |||||
| CVE-2021-42131 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. | |||||
| CVE-2021-42077 | 1 Kaysongroup | 1 Php Event Calendar | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| PHP Event Calendar before 2021-09-03 allows SQL injection, as demonstrated by the /server/ajax/user_manager.php username parameter. This can be used to execute SQL statements directly on the database, allowing an adversary in some cases to completely compromise the database system. It can also be used to bypass the login form. | |||||
| CVE-2021-42064 | 1 Sap | 1 Commerce | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. The vulnerability is present if the parameterized "in" clause accepts more than 1000 values. | |||||
| CVE-2021-41971 | 1 Apache | 1 Superset | 2024-11-21 | 6.0 MEDIUM | 8.8 HIGH |
| Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL. | |||||
| CVE-2021-41965 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized EN_tyid, theID and EID fields used when an Edit action on an existing record is being performed. | |||||
| CVE-2021-41947 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode. | |||||
| CVE-2021-41942 | 1 Msvod | 1 Msvod Cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Magic CMS MSVOD v10 video system has a SQL injection vulnerability. Attackers can use vulnerabilities to obtain sensitive information in the database. | |||||
| CVE-2021-41932 | 1 Wolterskluwer | 1 Teammate\+ Audit | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A blind SQL injection vulnerability in search form in TeamMate+ Audit version 28.0.19.0 allows any authenticated user to create malicious SQL injections, which can result in complete database compromise, gaining information about other users, unauthorized access to audit data etc. | |||||
| CVE-2021-41931 | 1 Recruitment Management System Project | 1 Recruitment Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Company's Recruitment Management System in id=2 of the parameter from view_vacancy app on-page appears to be vulnerable to SQL injection. The payloads 19424269' or '1309'='1309 and 39476597' or '2917'='2923 were each submitted in the id parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way. | |||||
| CVE-2021-41928 | 1 Try My Recipe Project | 1 Try My Recipe | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection in Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) 1.0 by oretnom23, allows attackers to execute arbitrary code via the rid parameter to the view_recipe page. | |||||
| CVE-2021-41920 | 1 Webtareas Project | 1 Webtareas | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. This allows an attacker to access all the data in the database and obtain access to the webTareas application. | |||||
| CVE-2021-41845 | 1 Thycotic | 1 Secret Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007. The only affected versions are 10.9.000032 through 11.0.000006. | |||||
| CVE-2021-41843 | 1 Open-emr | 1 Openemr | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| An authenticated SQL injection issue in the calendar search function of OpenEMR 6.0.0 before patch 3 allows an attacker to read data from all tables of the database via the parameter provider_id, as demonstrated by the /interface/main/calendar/index.php?module=PostCalendar&func=search URI. | |||||