Total
15996 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42667 | 1 Online Event Booking And Reservation System Project | 1 Online Event Booking And Reservation System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web server and in some cases he can use this vulnerability in order to get a remote code execution on the remote web server. | |||||
| CVE-2021-42666 | 1 Engineers Online Portal Project | 1 Engineers Online Portal | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to quiz_question.php, which could let a malicious user extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server. | |||||
| CVE-2021-42665 | 1 Engineers Online Portal Project | 1 Engineers Online Portal | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication. | |||||
| CVE-2021-42655 | 1 Sscms | 1 Siteserver Cms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability. | |||||
| CVE-2021-42633 | 1 Printerlogic | 1 Web Stack | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to SQL Injection, which may allow an attacker to access additional audit records. | |||||
| CVE-2021-42369 | 1 Zucchetti | 1 Imagicle Uc Suite | 2024-11-21 | 6.5 MEDIUM | 9.9 CRITICAL |
| Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI. | |||||
| CVE-2021-42334 | 1 Huaju | 1 Easytest Online Learning Test Platform | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Easytest contains SQL injection vulnerabilities. After obtaining a user’s privilege, remote attackers can inject SQL commands into the parameters of the elective course management page to obtain all database and administrator permissions. | |||||
| CVE-2021-42333 | 1 Huaju | 1 Easytest Online Learning Test Platform | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Easytest contains SQL injection vulnerabilities. After obtaining user’s privilege, remote attackers can inject SQL commands into the parameters of the learning history page to access all database and obtain administrator permissions. | |||||
| CVE-2021-42325 | 1 Froxlor | 1 Froxlor | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name. | |||||
| CVE-2021-42313 | 1 Microsoft | 1 Defender For Iot | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| Microsoft Defender for IoT Remote Code Execution Vulnerability | |||||
| CVE-2021-42311 | 1 Microsoft | 1 Defender For Iot | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| Microsoft Defender for IoT Remote Code Execution Vulnerability | |||||
| CVE-2021-42235 | 1 Enhancesoft | 1 Osticket | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers to access the osTicket administration profile functionality. | |||||
| CVE-2021-42224 | 1 Ifsc Code Finder Project | 1 Ifsc Code Finder | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php. | |||||
| CVE-2021-42185 | 1 Wdja | 1 Wdja | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| wdja v2.1 is affected by a SQL injection vulnerability in the foreground search function. | |||||
| CVE-2021-42169 | 1 Simple Payroll System With Dynamic Tax Bracket Project | 1 Simple Payroll System With Dynamic Tax Bracket | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parameter (username) from the login form is not protected correctly and there is no security and escaping from malicious payloads. | |||||
| CVE-2021-42131 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. | |||||
| CVE-2021-42077 | 1 Kaysongroup | 1 Php Event Calendar | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| PHP Event Calendar before 2021-09-03 allows SQL injection, as demonstrated by the /server/ajax/user_manager.php username parameter. This can be used to execute SQL statements directly on the database, allowing an adversary in some cases to completely compromise the database system. It can also be used to bypass the login form. | |||||
| CVE-2021-42064 | 1 Sap | 1 Commerce | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. The vulnerability is present if the parameterized "in" clause accepts more than 1000 values. | |||||
| CVE-2021-41971 | 1 Apache | 1 Superset | 2024-11-21 | 6.0 MEDIUM | 8.8 HIGH |
| Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL. | |||||
| CVE-2021-41965 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized EN_tyid, theID and EID fields used when an Edit action on an existing record is being performed. | |||||