Total
15860 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-23945 | 1 Victor Cms Project | 1 Victor Cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL injection vulnerability exists in Victor CMS V1.0 in the cat_id parameter of the category.php file. This parameter can be used by sqlmap to obtain data information in the database. | |||||
| CVE-2020-23833 | 1 Projectworlds | 1 House Rental | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Projectworlds House Rental v1.0 suffers from an unauthenticated SQL Injection vulnerability, allowing remote attackers to execute arbitrary code on the hosting webserver via a malicious index.php POST request. | |||||
| CVE-2020-23763 | 1 Online Book Store Project | 1 Online Book Store | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication. | |||||
| CVE-2020-23711 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php. | |||||
| CVE-2020-23685 | 1 Vtimecn | 1 188jianzhan | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in 188Jianzhan v2.1.0, allows attackers to execute arbitrary code and gain escalated privileges, via the username parameter to login.php. | |||||
| CVE-2020-23630 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A blind SQL injection vulnerability exists in zzcms ver201910 based on time (cookie injection). | |||||
| CVE-2020-23282 | 1 Mv | 1 Mconnect | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SQL injection in Logon Page in MV's mConnect application, v02.001.00, allows an attacker to use a non existing user with a generic password to connect to the application and get access to unauthorized information. | |||||
| CVE-2020-23262 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ming-soft MCMS v5.0, where a malicious user can exploit SQL injection without logging in through /mcms/view.do. | |||||
| CVE-2020-23150 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allows attackers to access sensitive database information via a crafted GET request to install/lib/ajaxHandlers/ajaxDbInstall.php. | |||||
| CVE-2020-23149 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a SQL injection and access sensitive database information. | |||||
| CVE-2020-23045 | 1 Macs Cms Project | 1 Macs Cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a SQL injection vulnerability via the 'roleId' parameter of the `editRole` and `deletUser` modules. | |||||
| CVE-2020-22807 | 1 Vtiger | 1 Vtiger Crm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature. | |||||
| CVE-2020-22781 | 1 Etherpad | 1 Etherpad | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Etherpad < 1.8.3, a specially crafted URI would raise an unhandled exception in the cache mechanism and cause a denial of service (crash the instance). | |||||
| CVE-2020-22425 | 1 Centreon | 1 Centreon | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command execution. | |||||
| CVE-2020-22226 | 1 Phpjabbers | 1 Fundraising Script | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionSetAmount function. | |||||
| CVE-2020-22225 | 1 Phpjabbers | 1 Fundraising Script | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoadForm function. | |||||
| CVE-2020-22223 | 1 Phpjabbers | 1 Fundraising Script | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoad function. | |||||
| CVE-2020-22212 | 1 74cms | 1 74cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in 74cms 3.2.0 via the id parameter to wap/wap-company-show.php. | |||||
| CVE-2020-22211 | 1 74cms | 1 74cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajax_street.php. | |||||
| CVE-2020-22210 | 1 74cms | 1 74cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in 74cms 3.2.0 via the x parameter to ajax_officebuilding.php. | |||||