Total
16020 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-21013 | 1 Emlog | 1 Emlog | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| emlog v6.0.0 contains a SQL injection via /admin/comment.php. | |||||
| CVE-2020-21012 | 1 Hotel And Lodge Booking Management System Project | 1 Hotel And Lodge Booking Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details. | |||||
| CVE-2020-20981 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information. | |||||
| CVE-2020-20975 | 1 Gxlcms | 1 Gxlcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter. | |||||
| CVE-2020-20800 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the install/index.php?action=adminsetup&cndata=yes&endata=yes&showdata=yes URI. | |||||
| CVE-2020-20797 | 1 Flamecms Project | 1 Flamecms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| FlameCMS 3.3.5 contains a time-based blind SQL injection vulnerability in /account/register.php. | |||||
| CVE-2020-20796 | 1 Flamecms Project | 1 Flamecms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| FlameCMS 3.3.5 contains a SQL injection vulnerability in /master/article.php via the "Id" parameter. | |||||
| CVE-2020-20692 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php. | |||||
| CVE-2020-20675 | 1 Nuishop | 1 Nuishop | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Nuishop v2.3 contains a SQL injection vulnerability in /goods/getGoodsListByConditions/. | |||||
| CVE-2020-20625 | 1 Slicedinvoices | 1 Sliced Invoices | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Sliced Invoices plugin for WordPress 3.8.2 and earlier allows unauthenticated information disclosure and authenticated SQL injection via core/class-sliced.php. | |||||
| CVE-2020-20585 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A blind SQL injection in /admin/?n=logs&c=index&a=dode of Metinfo 7.0 beta allows attackers to access sensitive database information. | |||||
| CVE-2020-20583 | 1 8cms | 1 Ljcms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL injection vulnerability in /question.php of LJCMS Version v4.3.R60321 allows attackers to obtain sensitive database information. | |||||
| CVE-2020-20474 | 1 White Shark Systems Project | 1 White Shark Systems | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the default_task_edituser.php files failing to filter the csa_to_user parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2020-20473 | 1 White Shark Systems Project | 1 White Shark Systems | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the control_task.php, control_project.php, default_user.php files failing to filter the sort parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2020-20469 | 1 White Shark Systems Project | 1 White Shark Systems | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the log_edit.php files failing to filter the csa_to_user parameter, remote attackers can exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2020-20392 | 1 Txjia | 1 Imcat | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters in coms/add_coms.php. | |||||
| CVE-2020-20340 | 1 S-cms | 1 S-cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL injection vulnerability in the 4.edu.php\conn\function.php component of S-CMS v1.0 allows attackers to access sensitive database information. | |||||
| CVE-2020-20300 | 1 Weiphp | 1 Weiphp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the wp_where function in WeiPHP 5.0. | |||||
| CVE-2020-20296 | 1 Cmswing | 1 Cmswing | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands. | |||||
| CVE-2020-20295 | 1 Cmswing | 1 Cmswing | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands. | |||||