Total
17375 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-23040 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2024-11-21 | 8.8 High |
| On BIG-IP AFM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This issue is exposed only when BIG-IP AFM is provisioned. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2021-22859 | 1 Eic | 1 E-document System | 2024-11-21 | 9.8 Critical |
| The users’ data querying function of EIC e-document system does not filter the special characters which resulted in remote attackers can inject SQL syntax and execute arbitrary commands without privilege. | ||||
| CVE-2021-22856 | 1 Changjia Property Management System Project | 1 Changjia Property Management System | 2024-11-21 | 9.8 Critical |
| The CGE property management system contains SQL Injection vulnerabilities. Remote attackers can inject SQL commands into the parameters in Cookie and obtain data in the database without privilege. | ||||
| CVE-2021-22854 | 1 Hr Portal Project | 1 Hr Portal | 2024-11-21 | 7.5 High |
| The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege. | ||||
| CVE-2021-22852 | 1 Hgiga | 1 Oaklouds Openid | 2024-11-21 | 8.8 High |
| HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (online registration) to obtain database schema and data. | ||||
| CVE-2021-22851 | 1 Hgiga | 1 Oaklouds Openid | 2024-11-21 | 9.8 Critical |
| HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (document management page) to obtain database schema and data. | ||||
| CVE-2021-22848 | 1 Hgiga | 4 Msr45 Isherlock-antispam, Msr45 Isherlock-user, Ssr45 Isherlock-antispam and 1 more | 2024-11-21 | 7 High |
| HGiga MailSherlock contains a SQL Injection. Remote attackers can inject SQL syntax and execute SQL commands in a URL parameter of email pages without privilege. | ||||
| CVE-2021-22847 | 1 Hyweb | 1 Hycms-j1 | 2024-11-21 | 8.8 High |
| Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege. | ||||
| CVE-2021-22658 | 1 Advantech | 1 Iview | 2024-11-21 | 9.8 Critical |
| Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'. | ||||
| CVE-2021-22654 | 1 Advantech | 1 Iview | 2024-11-21 | 7.5 High |
| Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information. | ||||
| CVE-2021-21937 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 Medium |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | ||||
| CVE-2021-21936 | 1 Advantech | 1 R-seenet | 2024-11-21 | 8.8 High |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘health_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | ||||
| CVE-2021-21935 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 Medium |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter2’ parameter. This can be done as any authenticated user or through cross-site request forgery. | ||||
| CVE-2021-21934 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 Medium |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘imei_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | ||||
| CVE-2021-21933 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 Medium |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘esn_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | ||||
| CVE-2021-21932 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 Medium |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘name_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | ||||
| CVE-2021-21931 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 Medium |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at‘ stat_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | ||||
| CVE-2021-21930 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 Medium |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘sn_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | ||||
| CVE-2021-21929 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 Medium |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘prod_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | ||||
| CVE-2021-21928 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 Medium |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘mac_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | ||||