Total
15871 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5766 | 1 Srs Simple Hits Counter Project | 1 Srs Simple Hits Counter | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4 allows a remote, unauthenticated attacker to determine the value of database fields. | |||||
| CVE-2020-5726 | 1 Grandstream | 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords. | |||||
| CVE-2020-5725 | 1 Grandstream | 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the login action with a crafted username and, through the use of timing attacks, can discover user passwords. | |||||
| CVE-2020-5724 | 1 Grandstream | 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords. | |||||
| CVE-2020-5659 | 1 Riken | 1 Xoonips | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the XooNIps 3.49 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2020-5651 | 1 Tipsandtricks-hq | 1 Simple Download Monitor | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL. | |||||
| CVE-2020-5624 | 1 Riken | 1 Xoonips | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the XooNIps 3.48 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2020-5579 | 1 Strangerstudios | 1 Paid Memberships Pro | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in the Paid Memberships versions prior to 2.3.3 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2020-5515 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection. | |||||
| CVE-2020-5511 | 1 Small Crm Project | 1 Small Crm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when logging into the administrator login page. | |||||
| CVE-2020-5510 | 1 Hostel Management System Project | 1 Hostel Management System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file. | |||||
| CVE-2020-5428 | 1 Vmware | 1 Spring Cloud Task | 2024-11-21 | 6.5 MEDIUM | 6.0 MEDIUM |
| In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer. | |||||
| CVE-2020-5427 | 1 Vmware | 1 Spring Cloud Data Flow | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution. | |||||
| CVE-2020-5320 | 1 Dell | 2 Emc Openmanage Enterprise, Emc Openmanage Enterprise-modular | 2024-11-21 | 6.5 MEDIUM | 9.0 CRITICAL |
| Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain a SQL injection vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions. | |||||
| CVE-2020-5307 | 1 Phpgurukul Dairy Farm Shop Management System Project | 1 Phpgurukul Dairy Farm Shop Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php. | |||||
| CVE-2020-5292 | 1 Leantime | 1 Leantime | 2024-11-21 | 6.5 MEDIUM | 8.7 HIGH |
| Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiality, integrity, and availability of the site. Attackers can exfiltrate data like the users' and administrators' password hashes, modify data, or drop tables. The unescaped parameter is "searchUsers" when sending a POST request to "/tickets/showKanban" with a valid session. In the code, the parameter is named "users" in class.tickets.php. This issue is fixed in versions 2.0.15 and 2.1.0 beta 3. | |||||
| CVE-2020-5257 | 1 Thoughtbot | 1 Administrate | 2024-11-21 | 5.5 MEDIUM | 7.7 HIGH |
| In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the `direction` parameter and bypass ActiveRecord SQL protections. Whilst this does have a high-impact, to exploit this you need access to the Administrate dashboards, which we would expect to be behind authentication. This is patched in wersion 0.13.0. | |||||
| CVE-2020-5192 | 1 Phpgurukul | 1 Hospital Management System In Php | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages and parameters are not validating user input, and allow for the application's database and information to be fully compromised. | |||||
| CVE-2020-4990 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Security Guardium 11.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 192710. | |||||
| CVE-2020-4921 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Security Guardium 10.6 and 11.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 191398. | |||||