Total
16884 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26200 | 1 Library System Project | 1 Library System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The user area for Library System 1.0 is vulnerable to SQL injection where a user can bypass the authentication and login as the admin user. | |||||
| CVE-2021-26114 | 1 Fortinet | 1 Fortiwan | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiWAN before 4.5.9 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | |||||
| CVE-2021-25899 | 1 Void | 1 Aurall Rec Monitor | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind time-based SQL Injection. The vulnerable parameter is param1. | |||||
| CVE-2021-25874 | 1 Youphptube | 1 Youphptube | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases information such as application passwords hashes. | |||||
| CVE-2021-25784 | 1 Taogogo | 1 Taocms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article. | |||||
| CVE-2021-25783 | 1 Taogogo | 1 Taocms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search. | |||||
| CVE-2021-25779 | 1 Baby Care System Project | 1 Baby Care System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Baby Care System v1.0 is vulnerable to SQL injection via the 'id' parameter on the contentsectionpage.php page. | |||||
| CVE-2021-25482 | 1 Google | 1 Android | 2024-11-21 | 3.6 LOW | 5.9 MEDIUM |
| SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1 allow untrusted application to overwrite some CMFA framework information. | |||||
| CVE-2021-25427 | 1 Google | 1 Android | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| SQL injection vulnerability in Bluetooth prior to SMR July-2021 Release 1 allows unauthorized access to paired device information | |||||
| CVE-2021-25213 | 1 Travel Management System Project | 1 Travel Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in SourceCodester Travel Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the catid parameter to subcat.php. | |||||
| CVE-2021-25212 | 1 Alumni Management System Project | 1 Alumni Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in SourceCodester Alumni Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to manage_event.php. | |||||
| CVE-2021-25209 | 1 Theme Park Ticketing System Project | 1 Theme Park Ticketing System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in SourceCodester Theme Park Ticketing System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to view_user.php . | |||||
| CVE-2021-25205 | 1 E-commerce Website Project | 1 E-commerce Website | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in SourceCodester E-Commerce Website V 1.0 allows remote attackers to execute arbitrary SQL statements, via the update parameter to empViewUpdate.php . | |||||
| CVE-2021-25202 | 1 Sales And Inventory System Project | 1 Sales And Inventory System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in SourceCodester Sales and Inventory System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to \ahira\admin\inventory.php. | |||||
| CVE-2021-25201 | 1 Learning Management System Project | 1 Learning Management System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SQL injection vulnerability in Learning Management System v 1.0 allows remote attackers to execute arbitrary SQL statements through the id parameter to obtain sensitive database information. | |||||
| CVE-2021-25153 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability. | |||||
| CVE-2021-25114 | 1 Strangerstudios | 1 Paid Memberships Pro | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape the discount_code in one of its REST route (available to unauthenticated users) before using it in a SQL statement, leading to a SQL injection | |||||
| CVE-2021-25109 | 1 Futuriowp | 1 Futurio Extra | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting (XSS) against logged in admins by making send open a malicious link. | |||||
| CVE-2021-25076 | 1 Wedevs | 1 Wp User Frontend | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting | |||||
| CVE-2021-25070 | 1 Stopbadbots | 1 Block And Stop Bad Bots | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Block Bad Bots WordPress plugin before 6.88 does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issue | |||||