Total
14524 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10512 | 1 Hgiga | 1 Oaklouds Ccm\@il | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| HGiga C&Cmail CCMAILQ before olln-calendar-6.0-100.i386.rpm and CCMAILN before olln-calendar-5.0-100.i386.rpm contains a SQL Injection vulnerability which allows attackers to injecting SQL commands in the URL parameter to execute unauthorized commands. | |||||
| CVE-2020-10505 | 1 The School Manage System Project | 1 The School Manage System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, an attacker can use a union based injection query string to get databases schema and username/password. | |||||
| CVE-2020-10381 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated SQL injection in DATA24, allowing attackers to discover database and table names. | |||||
| CVE-2020-10380 | 1 R-consortium | 1 Rmysql | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| RMySQL through 0.10.19 allows SQL Injection. | |||||
| CVE-2020-10365 | 1 Logicaldoc | 1 Logicaldoc | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database. This list could be filtered by modifying some of the parameters. Some of them are not properly sanitized which could allow an authenticated attacker to perform arbitrary queries to the database. | |||||
| CVE-2020-10243 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype. | |||||
| CVE-2020-10230 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) allows SQL Injection via the /cwp_{SESSION_HASH}/admin/loader_ajax.php term parameter. | |||||
| CVE-2020-10220 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter. | |||||
| CVE-2020-10218 | 1 Sapplica | 1 Sentrifugo | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function. | |||||
| CVE-2020-10190 | 1 Munkireport Project | 1 Munkireport | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in MunkiReport before 5.3.0. An authenticated user could achieve SQL Injection in app/models/tablequery.php by crafting a special payload on the /datatables/data endpoint. | |||||
| CVE-2020-10184 | 1 Yubico | 1 Yubikey One Time Password Validation Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service; the issue does NOT affect YubiCloud. | |||||
| CVE-2020-10106 | 1 Phpgurukul | 1 Daily Expense Tracker System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injection, as demonstrated by the email parameter in index.php or register.php. The SQL injection allows to dump the MySQL database and to bypass the login prompt. | |||||
| CVE-2020-0352 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-132074310 | |||||
| CVE-2020-0344 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140729887 | |||||
| CVE-2020-0060 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| In query of SmsProvider.java and MmsSmsProvider.java, there is a possible permission bypass due to SQL injection. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143229845 | |||||
| CVE-2019-9918 | 1 Harmistechnology | 1 Je Messenger | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database. | |||||
| CVE-2019-9885 | 1 Eclass | 1 Eclass Ip | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| eClass platform < ip.2.5.10.2.1 allows an attacker to execute SQL command via /admin/academic/studenview_left.php StudentID parameter. | |||||
| CVE-2019-9846 | 1 Rockoa | 1 Rockoa | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| RockOA 1.8.7 allows remote attackers to obtain sensitive information because the webmain/webmainAction.php publictreestore method constructs a SQL WHERE clause unsafely by using the pidfields and idfields parameters, aka background SQL injection. | |||||
| CVE-2019-9762 | 1 Phpshe | 1 Phpshe | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id. The vulnerability does not need any authentication. | |||||
| CVE-2019-9759 | 1 Tongda2000 | 1 Office Anywhere | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in TONGDA Office Anywhere 10.18.190121. There is a SQL Injection vulnerability via the general/approve_center/list/input_form/work_handle.php run_id parameter. | |||||