Total
17375 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-6880 | 1 Zte | 2 Zxv10 W908, Zxv10 W908 Firmware | 2024-11-21 | 9.8 Critical |
| A ZXELINK wireless controller has a SQL injection vulnerability. A remote attacker does not need to log in. By sending malicious SQL statements, because the device does not properly filter parameters, successful use can obtain management rights. This affects: ZXV10 W908 all versions before MIPS_A_1022IPV6R3T6P7Y20. | ||||
| CVE-2020-6637 | 1 Os4ed | 1 Opensis | 2024-11-21 | 9.8 Critical |
| openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php. | ||||
| CVE-2020-6577 | 1 It-recht-kanzlei | 1 It-recht-kanzlei | 2024-11-21 | 9.8 Critical |
| The IT-Recht Kanzlei plugin in Zen Cart 1.5.6c (German edition) allows itrk-api.php rechtstext_language SQL Injection. | ||||
| CVE-2020-6253 | 1 Sap | 1 Adaptive Server Enterprise | 2024-11-21 | 7.2 High |
| Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute, leading to SQL Injection. | ||||
| CVE-2020-6249 | 1 Sap | 3 Master Data Governance \(s4core\), Master Data Governance \(s4fnd\), Master Data Governance \(sap Bs Fnd\) | 2024-11-21 | 8.8 High |
| The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection. | ||||
| CVE-2020-6241 | 1 Sap | 1 Adaptive Server Enterprise | 2024-11-21 | 8.8 High |
| SAP Adaptive Server Enterprise, version 16.0, allows an authenticated user to execute crafted database queries to elevate privileges of users in the system, leading to SQL Injection. | ||||
| CVE-2020-6145 | 1 Frappe | 1 Erpnext | 2024-11-21 | 8.8 High |
| An SQL injection vulnerability exists in the frappe.desk.reportview.get functionality of ERPNext 11.1.38. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6141 | 1 Os4ed | 1 Opensis | 2024-11-21 | 9.8 Critical |
| An exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6140 | 1 Os4ed | 1 Opensis | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6139 | 1 Os4ed | 1 Opensis | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The username_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6138 | 1 Os4ed | 1 Opensis | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The uname parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6137 | 1 Os4ed | 1 Opensis | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6136 | 1 Os4ed | 1 Opensis | 2024-11-21 | 8.8 High |
| An exploitable SQL injection vulnerability exists in the DownloadWindow.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6135 | 1 Os4ed | 1 Opensis | 2024-11-21 | 8.8 High |
| An exploitable SQL injection vulnerability exists in the Validator.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6134 | 1 Os4ed | 1 Opensis | 2024-11-21 | 8.8 High |
| SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page MassDropModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6133 | 1 Os4ed | 1 Opensis | 2024-11-21 | 8.8 High |
| SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page CourseMoreInfo.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6132 | 1 Os4ed | 1 Opensis | 2024-11-21 | 8.8 High |
| SQL injection vulnerability exists in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page ChooseCP.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6131 | 1 Os4ed | 1 Opensis | 2024-11-21 | 8.8 High |
| SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassScheduleSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. | ||||
| CVE-2020-6130 | 1 Os4ed | 1 Opensis | 2024-11-21 | 8.8 High |
| SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassDropSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. | ||||
| CVE-2020-6129 | 1 Os4ed | 1 Opensis | 2024-11-21 | 8.8 High |
| SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page CpSessionSet.php is vulnerable to SQL injection.An attacker can make an authenticated HTTP request to trigger these vulnerabilities. | ||||