Total
14524 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41647 | 1 Online Food Ordering Web App Project | 1 Online Food Ordering Web App | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable "username" parameter in login.php and retrieve sensitive database information, as well as add an administrative user. | |||||
| CVE-2021-41609 | 1 Classapps | 1 Selectsurvey.net | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection in the ID parameter of the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve data from the application's backend database via boolean-based blind and UNION injection. | |||||
| CVE-2021-41511 | 1 Lodging Reservation Management System Project | 1 Lodging Reservation Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The username and password field of login in Lodging Reservation Management System V1 can give access to any user by using SQL injection to bypass authentication. | |||||
| CVE-2021-41492 | 1 Simple Cashiering System Project | 1 Simple Cashiering System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple Cashiering System (POS) 1.0 via the (1) Product Code in the pos page in cashiering. (2) id parameter in manage_products and the (3) t paramater in actions.php. | |||||
| CVE-2021-41487 | 1 Nokia | 1 Vitalsuite | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName'. | |||||
| CVE-2021-41472 | 1 Simple Membership System Using Php And Ajax Project | 1 Simple Membership System Using Php And Ajax | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Sourcecodester Simple Membership System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password parameters. | |||||
| CVE-2021-41471 | 1 South Gate Inn Online Reservation System Project | 1 South Gate Inn Online Reservation System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Sourcecodester South Gate Inn Online Reservation System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the email and Password parameters. | |||||
| CVE-2021-41460 | 1 Shopex | 1 Ecshop | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information. | |||||
| CVE-2021-41433 | 1 Resumes Management And Job Application Website Application Project | 1 Resumes Management And Job Application Website Application | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability exists in version 1.0 of the Resumes Management and Job Application Website application login form by EGavilan Media that allows authentication bypass through login.php. | |||||
| CVE-2021-41408 | 1 Voipmonitor | 1 Voipmonitor | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter. | |||||
| CVE-2021-41365 | 1 Microsoft | 1 Defender For Iot | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Defender for IoT Remote Code Execution Vulnerability | |||||
| CVE-2021-41288 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API. | |||||
| CVE-2021-41262 | 1 Galette | 1 Galette | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to SQL injection attacks by users with "member" privilege. Users are advised to upgrade to version 0.9.6 as soon as possible. There are no known workarounds. | |||||
| CVE-2021-41187 | 1 Dhis2 | 1 Dhis 2 | 2024-11-21 | 6.5 MEDIUM | 8.1 HIGH |
| DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability has been found in specific versions of DHIS2. This vulnerability affects the API endpoints for /api/trackedEntityInstances and api/events in DHIS2. The system is vulnerable to attack only from users that are logged in to DHIS2, and there is no known way of exploiting the vulnerability without first being logged in as a DHIS2 user. A successful exploit of this vulnerability could allow the malicious user to read, edit and delete data in the DHIS2 instance. There are no known exploits of the security vulnerabilities addressed by these patch releases. However, we strongly recommend that all DHIS2 implementations using versions 2.32, 2.33, 2.34, 2.35 and 2.36 install these patches as soon as possible. There is no straightforward known workaround for DHIS2 instances using the Tracker functionality other than upgrading the affected DHIS2 server to one of the patches in which this vulnerability has been fixed. For implementations which do NOT use Tracker functionality, it may be possible to block all network access to POST to the /api/trackedEntityInstance and /api/events endpoints as a temporary workaround while waiting to upgrade. | |||||
| CVE-2021-41155 | 1 Enalean | 1 Tuleap | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix: Tuleap Community Edition 11.17.99.146, Tuleap Enterprise Edition 11.17-5, Tuleap Enterprise Edition 11.16-7. | |||||
| CVE-2021-41154 | 1 Enalean | 1 Tuleap | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a "SVN core" repository could execute arbitrary SQL queries. The following versions contain the fix: Tuleap Community Edition 11.17.99.144, Tuleap Enterprise Edition 11.17-5, Tuleap Enterprise Edition 11.16-7. | |||||
| CVE-2021-41148 | 1 Enalean | 1 Tuleap | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with the ability to add one the CI widget to its personal dashboard could execute arbitrary SQL queries. Tuleap Community Edition 11.16.99.173, Tuleap Enterprise Edition 11.16-6, and Tuleap Enterprise Edition 11.15-8 contain a patch for this issue. | |||||
| CVE-2021-41147 | 1 Enalean | 1 Tuleap | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with admin rights in one agile dashboard service can execute arbitrary SQL queries. Tuleap Community Edition 11.16.99.173, Tuleap Enterprise Edition 11.16-6, and Tuleap Enterprise Edition 11.15-8 contain a patch for this issue. | |||||
| CVE-2021-41081 | 1 Zohocorp | 1 Manageengine Network Configuration Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a configuration search. | |||||
| CVE-2021-41080 | 1 Zohocorp | 1 Manageengine Network Configuration Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a hardware details search. | |||||