Total
14524 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41765 | 1 Montala | 1 Resourcespace | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of ResourceSpace 9.5 and 9.6 < rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of the ResourceSpace database, including user session cookies. An attacker who gets an admin user session cookie can use the session cookie to execute arbitrary code on the server. | |||||
| CVE-2021-41756 | 1 Dynamicvision | 1 Dynamicmarkt | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| dynamicMarkt <= 3.10 is affected by SQL injection in the kat parameter of index.php. | |||||
| CVE-2021-41755 | 1 Dynamicvision | 1 Dynamicmarkt | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| dynamicMarkt <= 3.10 is affected by SQL injection in the kat1 parameter of index.php. | |||||
| CVE-2021-41754 | 1 Dynamicvision | 1 Dynamicmarkt | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| dynamicMarkt <= 3.10 is affected by SQL injection in the parent parameter of index.php. | |||||
| CVE-2021-41746 | 1 Yonyou | 1 Turbocrm | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SQL Injection vulnerability exists in all versions of Yonyou TurboCRM.via the orgcode parameter in changepswd.php. Attackers can use the vulnerabilities to obtain sensitive database information. | |||||
| CVE-2021-41695 | 1 Globaldatingsoftware | 1 Premiumdatingscript | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Premiumdatingscript 4.2.7.7 via the ip parameter in connect.php. . | |||||
| CVE-2021-41679 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/grades/InputFinalGrades.php, period parameter. | |||||
| CVE-2021-41678 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/users/Staff.php, staff{TITLE] parameter. | |||||
| CVE-2021-41677 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/functions/GetStuListFnc.php &Grade= parameter. | |||||
| CVE-2021-41676 | 1 Pharmacy Point Of Sale System Project | 1 Pharmacy Point Of Sale System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point of Sale System 1.0 in the login function in actions.php. | |||||
| CVE-2021-41674 | 1 E-negosyo System Project | 1 E-negosyo System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester E-Negosyo System 1.0 via the user_email parameter in /admin/login.php. | |||||
| CVE-2021-41672 | 1 Peel | 1 Peel Shopping | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection in utilisateurs.php. A user that belongs to the administrator group can inject a malicious SQL query in order to affect the execution logic of the application and retrive information from the database. | |||||
| CVE-2021-41662 | 1 South Gate Inn Online Reservation System Project | 1 South Gate Inn Online Reservation System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The South Gate Inn Online Reservation System v1.0 contains an SQL injection vulnerability that can be chained with a malicious PHP file upload, which is caused by improper file handling in the editImg function. This vulnerability leads to remote code execution. | |||||
| CVE-2021-41661 | 1 Church Management System Project | 1 Church Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory. This can lead to RCE on the web server by uploading a PHP webshell. | |||||
| CVE-2021-41660 | 1 Patient Appointment Scheduler System Project | 1 Patient Appointment Scheduler System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Sourcecodester Patient Appointment Scheduler System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password fields to login.php. | |||||
| CVE-2021-41659 | 1 Banking System Project | 1 Banking System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Sourcecodester Banking System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username or password field. | |||||
| CVE-2021-41654 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php | |||||
| CVE-2021-41651 | 1 Hotel Management System Project | 1 Hotel Management System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. A malicious attacker can retrieve sensitive database information and interact with the database using the vulnerable cid parameter in process_update_profile.php. | |||||
| CVE-2021-41649 | 1 Online-shopping-system-advanced Project | 1 Online-shopping-system-advanced | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user input. | |||||
| CVE-2021-41648 | 1 Online-shopping-system-advanced Project | 1 Online-shopping-system-advanced | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /action.php prId parameter. Using a post request does not sanitize the user input. | |||||