Total
17393 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0153 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 7.5 High |
| SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1. | ||||
| CVE-2021-4313 | 1 Nethserver-phonenehome Project | 1 Nethserver-phonenehome | 2024-11-21 | 5.5 Medium |
| A vulnerability was found in NethServer phonenehome. It has been rated as critical. This issue affects the function get_info/get_country_coor of the file server/index.php. The manipulation leads to sql injection. The identifier of the patch is 759c30b0ddd7d493836bbdf695cf71624b377391. It is recommended to apply a patch to fix this issue. The identifier VDB-218393 was assigned to this vulnerability. | ||||
| CVE-2021-4301 | 1 Phpwcms | 1 Phpwcms | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in slackero phpwcms up to 1.9.26 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument $phpwcms['db_prepend'] leads to sql injection. The attack may be launched remotely. Upgrading to version 1.9.27 is able to address this issue. The patch is identified as 77dafb6a8cc1015f0777daeb5792f43beef77a9d. It is recommended to upgrade the affected component. VDB-217418 is the identifier assigned to this vulnerability. | ||||
| CVE-2021-4208 | 1 Exportfeed | 1 Exportfeed | 2024-11-21 | 7.2 High |
| The ExportFeed WordPress plugin through 2.0.1.0 does not sanitise and escape the product_id POST parameter before using it in a SQL statement, leading to a SQL injection vulnerability exploitable by high privilege users | ||||
| CVE-2021-4088 | 1 Mcafee | 1 Data Loss Prevention | 2024-11-21 | 8.4 High |
| SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead to remote code execution on the ePO server with privilege escalation. | ||||
| CVE-2021-46459 | 1 Victor Cms Project | 1 Victor Cms | 2024-11-21 | 7.5 High |
| Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=add_user. These vulnerabilities can be exploited through a crafted POST request via the user_name, user_firstname,user_lastname, or user_email parameters. | ||||
| CVE-2021-46458 | 1 Victor Cms Project | 1 Victor Cms | 2024-11-21 | 7.5 High |
| Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=add_post. This vulnerability can be exploited through a crafted POST request via the post_title parameter. | ||||
| CVE-2021-46451 | 1 Online Project Time Management System Project | 1 Online Project Time Management System | 2024-11-21 | 9.8 Critical |
| An SQL Injection vulnerabilty exists in Sourcecodester Online Project Time Management System 1.0 via the pid parameter in the load_file function. | ||||
| CVE-2021-46448 | 1 Hhg-multistore | 1 Multistore | 2024-11-21 | 9.8 Critical |
| H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/customers.php?page=1&cID. | ||||
| CVE-2021-46446 | 1 Hhg-multistore | 1 Multistore | 2024-11-21 | 9.8 Critical |
| H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_access_group_edit&aagID. | ||||
| CVE-2021-46445 | 1 Hhg-multistore | 1 Multistore | 2024-11-21 | 9.8 Critical |
| H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/categories.php?box_group_id. | ||||
| CVE-2021-46444 | 1 Hhg-multistore | 1 Multistore | 2024-11-21 | 9.8 Critical |
| H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_group_edit&agID. | ||||
| CVE-2021-46436 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.2 High |
| An issue was discovered in ZZCMS 2021. There is a SQL injection vulnerability in ad_manage.php. | ||||
| CVE-2021-46427 | 1 Simple Chatbot Application Project | 1 Simple Chatbot Application | 2024-11-21 | 9.8 Critical |
| An SQL Injection vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 via the message parameter in Master.php. | ||||
| CVE-2021-46385 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 7.5 High |
| https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.FormDataAction#queryData. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database. | ||||
| CVE-2021-46383 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 7.5 High |
| https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.web.DictAction#list. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database. | ||||
| CVE-2021-46377 | 1 Cskaza | 1 Cszcms | 2024-11-21 | 9.8 Critical |
| There is a front-end sql injection vulnerability in cszcms 1.2.9 via cszcms/controllers/Member.php#viewUser | ||||
| CVE-2021-46309 | 1 Oretnom23 | 1 Employee And Visitor Gate Pass Logging System | 2024-11-21 | 9.8 Critical |
| An SQL Injection vulnerability exists in Sourcecodester Employee and Visitor Gate Pass Logging System 1.0 via the username parameter. | ||||
| CVE-2021-46308 | 1 Online Railway Reservation System Project | 1 Online Railway Reservation System | 2024-11-21 | 9.8 Critical |
| An SQL Injection vulnerability exists in Sourcecodester Online Railway Reservation Sysytem 1.0 via the sid parameter. | ||||
| CVE-2021-46307 | 1 Projectworlds | 1 Online Examination System | 2024-11-21 | 9.8 Critical |
| An SQL Injection vulnerability exists in Projectworlds Online Examination System 1.0 via the eid parameter in account.php. | ||||