Total
15867 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26805 | 1 Sapplica | 1 Sentrifugo | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| In Sentrifugo 3.2, admin can edit employee's informations via this endpoint --> /sentrifugo/index.php/empadditionaldetails/edit/userid/2. In this POST request, "employeeNumId" parameter is affected by SQLi vulnerability. Attacker can inject SQL commands into query, read data from database or write data into the database. | |||||
| CVE-2020-26773 | 1 Restaurant Reservation System Project | 1 Restaurant Reservation System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Restaurant Reservation System 1.0 suffers from an authenticated SQL injection vulnerability, which allows a remote, authenticated attacker to execute arbitrary SQL commands via the date parameter in includes/reservation.inc.php. | |||||
| CVE-2020-26712 | 1 Vanderbilt | 1 Redcap | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. The application uses the addition of a string of information from the submitted user that is not validated well in the database query, resulting in an SQL injection vulnerability where an attacker can exploit and compromise all databases. | |||||
| CVE-2020-26677 | 1 Vfairs | 1 Vfairs | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Any user logged in to a vFairs 3.3 virtual conference or event can perform SQL injection with a malicious query to the API. | |||||
| CVE-2020-26668 | 1 Bigtreecms | 1 Bigtree Cms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability was discovered in /core/feeds/custom.php in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to inject a malicious SQL query to the applications via the 'Create New Feed' function. | |||||
| CVE-2020-26525 | 1 Damstratechnology | 1 Smart Asset | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Damstra Smart Asset 2020.7 has SQL injection via the API/api/Asset originator parameter. This allows forcing the database and server to initiate remote connections to third party DNS servers. | |||||
| CVE-2020-26518 | 1 Artica | 1 Pandora Fms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter. | |||||
| CVE-2020-26248 | 1 Prestashop | 1 Productcomments | 2024-11-21 | 6.4 MEDIUM | 6.8 MEDIUM |
| In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module. | |||||
| CVE-2020-26075 | 1 Cisco | 1 Iot Field Network Director | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. The vulnerability is due to insufficient input validation of REST API requests that are made to an affected device. An attacker could exploit this vulnerability by crafting malicious API requests to the affected device. A successful exploit could allow the attacker to gain access to the back-end database of the affected device. | |||||
| CVE-2020-26051 | 1 College Management System Project | 1 College Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| College Management System Php 1.0 suffers from SQL injection vulnerabilities in the index.php page from POST parameters 'unametxt' and 'pwdtxt', which are not filtered before passing a SQL query. | |||||
| CVE-2020-26045 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. | |||||
| CVE-2020-26042 | 1 Hoosk | 1 Hoosk | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php | |||||
| CVE-2020-25990 | 1 Websitebaker | 1 Websitebaker | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. | |||||
| CVE-2020-25905 | 1 Mobile Shop System Project | 1 Mobile Shop System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop System in PHP MySQL 1.0 via the email parameter in (1) login.php or (2) LoginAsAdmin.php. | |||||
| CVE-2020-25889 | 1 Online Bus Booking System Project | 1 Online Bus Booking System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Bus Booking System Project Using PHP/MySQL version 1.0 has SQL injection via the login page. By placing SQL injection payload on the login page attackers can bypass the authentication and can gain the admin privilege. | |||||
| CVE-2020-25839 | 1 Microfocus | 1 Identity Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. This vulnerability is fixed in NetIQ IdM 4.8 SP2 HF1. | |||||
| CVE-2020-25762 | 1 Seat Reservation System Project | 1 Seat Reservation System | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract sensitive information etc. | |||||
| CVE-2020-25760 | 1 Projectworlds | 1 Visitor Management System In Php | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database. | |||||
| CVE-2020-25751 | 1 Corephp | 1 Pago Commerce | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via the administrator/index.php?option=com_pago&view=comments filter_published parameter. | |||||
| CVE-2020-25727 | 1 Flexsolution | 1 Reset Password | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS-SQL Injection, which allows a malicious user to inject a query within the email input field. | |||||