Total
14524 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3854 | 1 Glox | 1 Useroam Hotspot | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Glox Technology Useroam Hotspot allows SQL Injection. This issue affects Useroam Hotspot: before 5.1.0.15. | |||||
| CVE-2021-3817 | 1 Wbce | 1 Wbce Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| wbce_cms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command | |||||
| CVE-2021-3604 | 1 Primion-digitek | 1 Secure 8 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database. | |||||
| CVE-2021-3286 | 1 Spotweb Project | 1 Spotweb | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545. | |||||
| CVE-2021-3278 | 1 Local Services Search Engine Management System Project | 1 Local Services Search Engine Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Local Service Search Engine Management System 1.0 has a vulnerability through authentication bypass using SQL injection . Using this vulnerability, an attacker can bypass the login page. | |||||
| CVE-2021-3264 | 1 Cxuu | 1 Cxuucms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php. | |||||
| CVE-2021-3262 | 1 Trispark | 2 Novusedu, Veo Transportation | 2024-11-21 | N/A | 9.8 CRITICAL |
| TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queries. | |||||
| CVE-2021-3242 | 1 Duxcms Project | 1 Duxcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| DuxCMS v3.1.3 was discovered to contain a SQL injection vulnerability via the component s/tools/SendTpl/index?keyword=. | |||||
| CVE-2021-3239 | 1 E-learning System Project | 1 E-learning System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| E-Learning System 1.0 suffers from an unauthenticated SQL injection vulnerability, which allows remote attackers to execute arbitrary code on the hosting web server and gain a reverse shell. | |||||
| CVE-2021-3118 | 1 Medicalexpo | 1 Ecs Imaging | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has multiple SQL Injection issues in the login form and the password-forgotten form (such as /req_password_user.php?email=). This allows an attacker to steal data in the database and obtain access to the application. (The database component runs as root.) NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2021-3110 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter. | |||||
| CVE-2021-3025 | 1 Invisioncommunity | 1 Ips Community Suite | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST API (the sortDir parameter in a sortBy=popular action to the GETindex() method in applications/downloads/api/files.php). | |||||
| CVE-2021-3021 | 1 Ispconfig | 1 Ispconfig | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ISPConfig before 3.2.2 allows SQL injection. | |||||
| CVE-2021-3018 | 1 Ipeak | 1 Ipeakcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ipeak Infosystems ibexwebCMS (aka IPeakCMS) 3.5 is vulnerable to an unauthenticated Boolean-based SQL injection via the id parameter on the /cms/print.php page. | |||||
| CVE-2021-39978 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Telephony application has a SQL Injection vulnerability.Successful exploitation of this vulnerability may cause privacy and security issues. | |||||
| CVE-2021-39379 | 1 Os4ed | 1 Opensis | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the ResetUserInfo.php password_stn_id parameter. | |||||
| CVE-2021-39378 | 1 Os4ed | 1 Opensis | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the NamesList.php str parameter. | |||||
| CVE-2021-39377 | 1 Os4ed | 1 Opensis | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the index.php username parameter. | |||||
| CVE-2021-39376 | 1 Philips | 1 Tasy Electronic Medical Record | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the CorCad_F2/executaConsultaEspecifico IE_CORPO_ASSIST or CD_USUARIO_CONVENIO parameter. | |||||
| CVE-2021-39375 | 1 Philips | 1 Tasy Electronic Medical Record | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter. | |||||