Total
15871 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6130 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassDropSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. | |||||
| CVE-2020-6129 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page CpSessionSet.php is vulnerable to SQL injection.An attacker can make an authenticated HTTP request to trigger these vulnerabilities. | |||||
| CVE-2020-6128 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. The meet_date parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6127 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The id parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6126 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The course_period_id parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. | |||||
| CVE-2020-6125 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exists in the GetSchool.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6124 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. The email parameter in the page EmailCheckOthers.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6123 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. The email parameter in the page EmailCheck.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6122 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The mn parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6121 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The ln parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6120 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The fn parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6119 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The byear parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6118 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bmonth parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6117 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bday parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6114 | 1 Icehrm | 1 Icehrm | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6010 | 1 Thimpress | 1 Learnpress | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection | |||||
| CVE-2020-6009 | 1 Learndash | 1 Learndash | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL Injection. | |||||
| CVE-2020-5920 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In versions 15.0.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a vulnerability in the BIG-IP AFM Configuration utility may allow any authenticated BIG-IP user to perform a read-only blind SQL injection attack. | |||||
| CVE-2020-5841 | 1 Opservices | 1 Opmon | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in OpServices OpMon 9.3.1-1. Using password change parameters, an attacker could perform SQL injection without authentication. | |||||
| CVE-2020-5768 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote, authenticated attacker to determine the value of database fields. | |||||