Total
15998 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44350 | 1 Thinkphp | 1 Thinkphp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in ThinkPHP5 5.0.x <=5.1.22 via the parseOrder function in Builder.php. | |||||
| CVE-2021-44349 | 1 Yejiao | 1 Tuzicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameter in App\Manage\Controller\DownloadController.class.php. | |||||
| CVE-2021-44348 | 1 Yejiao | 1 Tuzicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameer in App\Manage\Controller\AdvertController.class.php. | |||||
| CVE-2021-44347 | 1 Yejiao | 1 Tuzicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Controller\GuestbookController.class.php. | |||||
| CVE-2021-44345 | 1 Wvti | 1 One Card Integrated Management System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Beijing Wisdom Vision Technology Industry Co., Ltd One Card Integrated Management System 3.0 is vulnerable to SQL Injection. | |||||
| CVE-2021-44302 | 1 Baicloud-cms Project | 1 Baicloud-cms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| BaiCloud-cms v2.5.7 was discovered to contain multiple SQL injection vulnerabilities via the tongji and baidu_map parameters in /user/ztconfig.php. | |||||
| CVE-2021-44280 | 1 Attendance Management System Project | 1 Attendance Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| attendance management system 1.0 is affected by a SQL injection vulnerability in admin/incFunctions.php through the makeSafe function. | |||||
| CVE-2021-44249 | 1 Online Motorcycle \(bike\) Rental System Project | 1 Online Motorcycle \(bike\) Rental System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Time-Based SQL Injection attack within the login portal. This can lead attackers to remotely dump MySQL database credentials. | |||||
| CVE-2021-44245 | 1 Covid 19 Testing Management System Project | 1 Covid 19 Testing Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Courcecodester COVID 19 Testing Management System (CTMS) 1.0 via the (1) username and (2) contactno parameters. | |||||
| CVE-2021-44244 | 1 Sourcecodester Logistic Hub Parcel\'s Management System Project | 1 Sourcecodester Logistic Hub Parcel\'s Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Parcel's Management System 1.0 via the username parameter in login.php. | |||||
| CVE-2021-44161 | 1 Changingtec | 1 Motp | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| Changing MOTP (Mobile One Time Password) system’s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication. | |||||
| CVE-2021-44135 | 1 Pagekit | 1 Pagekit | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing. | |||||
| CVE-2021-44098 | 1 Egavilanmedia | 1 Expense Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| EGavilan Media Expense-Management-System 1.0 is vulnerable to SQL Injection via /expense_action.php. This allows a remote attacker to compromise Application SQL database. | |||||
| CVE-2021-44097 | 1 Contact-form-with-messages-entry-management Project | 1 Contact-form-with-messages-entry-management | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| EGavilan Media Contact-Form-With-Messages-Entry-Management 1.0 is vulnerable to SQL Injection via Addmessage.php. This allows a remote attacker to compromise Application SQL database. | |||||
| CVE-2021-44096 | 1 Egavilanmedia | 1 User Registration And Login System With Admin Panel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 is vulnerable to SQL Injection via profile_action - update_user. This allows a remote attacker to compromise Application SQL database. | |||||
| CVE-2021-44095 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in ProjectWorlds Hospital Management System in php 1.0 on login page that allows a remote attacker to compromise Application SQL database. | |||||
| CVE-2021-44090 | 1 Sourcecodester Online Reviewer System Project | 1 Sourcecodester Online Reviewer System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Online Reviewer System 1.0 via the password parameter. | |||||
| CVE-2021-44088 | 1 Attendance And Payroll System Project | 1 Attendance And Payroll System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows a remote attacker to bypass authentication via unsanitized login parameters. | |||||
| CVE-2021-44050 | 2 Broadcom, Microsoft | 4 Ca Network Flow Analysis, Windows Server 2012, Windows Server 2016 and 1 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated user to access sensitive data. | |||||
| CVE-2021-43971 | 1 Sysaid | 1 Sysaid | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to execute arbitrary SQL commands via the filterText parameter. | |||||