Total
15902 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26965 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database. | |||||
| CVE-2021-26935 | 1 Wowonder | 1 Wowonder | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In WoWonder < 3.1, remote attackers can gain access to the database by exploiting a requests.php?f=search-my-followers SQL Injection vulnerability via the event_id parameter. | |||||
| CVE-2021-26904 | 1 Isida | 1 Retriever | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| LMA ISIDA Retriever 5.2 allows SQL Injection. | |||||
| CVE-2021-26837 | 1 Fortra | 1 Delivernow | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18, allows attackers to execute arbitrary code, escalate privileges, and gain sensitive information. | |||||
| CVE-2021-26830 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module. | |||||
| CVE-2021-26822 | 1 Teachers Record Management System Project | 1 Teachers Record Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in 'searchteacher' POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthenticated attacker to leak sensitive information and perform code execution attacks. | |||||
| CVE-2021-26795 | 1 Talariax | 1 Sendquick Alert Plus Server Admin | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL Injection vulnerability in /appliance/shiftmgn.php in TalariaX sendQuick Alert Plus Server Admin 4.3 before 8HF11 allows attackers to obtain sensitive information via a Roster Time to Roster Management. | |||||
| CVE-2021-26765 | 1 Student Record System Project | 1 Student Record System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the sid parameter to edit-sub.php. | |||||
| CVE-2021-26764 | 1 Student Record System Project | 1 Student Record System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in PHPGurukul Student Record System v 4.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit-std.php. | |||||
| CVE-2021-26762 | 1 Student Record System Project | 1 Student Record System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php. | |||||
| CVE-2021-26754 | 1 Wpdatatables | 1 Wpdatatables | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=get_wdtable order[0][dir] SQL injection. | |||||
| CVE-2021-26751 | 1 Nedi | 1 Nedi | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access to the NeDi application. | |||||
| CVE-2021-26739 | 1 Doyocms Project | 1 Doyocms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in pay.php in millken doyocms 2.3, allows attackers to execute arbitrary code, via the attribute parameter. | |||||
| CVE-2021-26686 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database. | |||||
| CVE-2021-26685 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database. | |||||
| CVE-2021-26644 | 2 Mangboard, Microsoft | 2 Mangboard Wp, Windows | 2024-11-21 | N/A | 8.8 HIGH |
| SQL-Injection vulnerability caused by the lack of verification of input values for the table name of DB used by the Mangboard bulletin board. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running. | |||||
| CVE-2021-26636 | 2 Linux, Maxb | 2 Linux Kernel, Maxboard | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution, which could lead to information exposure and privilege escalation. | |||||
| CVE-2021-26633 | 2 Linux, Maxb | 2 Linux Kernel, Maxboard | 2024-11-21 | 7.5 HIGH | 7.5 HIGH |
| SQL injection and Local File Inclusion (LFI) vulnerabilities in MaxBoard can cause information leakage and privilege escalation. This vulnerabilities can be exploited by manipulating a variable with a desired value and inserting and arbitrary file. | |||||
| CVE-2021-26609 | 1 Mangboard | 1 Mang Board | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in Mangboard(WordPress plugin). A SQL-Injection vulnerability was found in order_type parameter. The order_type parameter makes a SQL query using unfiltered data. This vulnerability allows a remote attacker to steal user information. | |||||
| CVE-2021-26599 | 1 Impresscms | 1 Impresscms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection. | |||||