Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search All
  • Category (CWE): CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
There are 6,315 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2021-26686

A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database.

Published: February 23, 2021; 1:15:13 PM -0500
V3.1: 6.5 MEDIUM
V2.0: 5.5 MEDIUM
CVE-2020-24617

Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns.js via /campaigns/clicked/ajax because variable column names are not properly escaped.

Published: February 19, 2021; 6:15:12 PM -0500
V3.1: 8.8 HIGH
V2.0: 6.0 MEDIUM
CVE-2021-27124

SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack.

Published: February 17, 2021; 11:15:11 PM -0500
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2021-25779

Baby Care System v1.0 is vulnerable to SQL injection via the 'id' parameter on the contentsectionpage.php page.

Published: February 17, 2021; 10:15:13 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-36003

The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases.

Published: February 17, 2021; 10:15:13 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-36002

Seat-Reservation-System 1.0 has a SQL injection vulnerability in index.php in the id and file parameters where attackers can obtain sensitive database information.

Published: February 17, 2021; 10:15:12 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-22854

The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege.

Published: February 17, 2021; 9:15:19 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-22856

The CGE property management system contains SQL Injection vulnerabilities. Remote attackers can inject SQL commands into the parameters in Cookie and obtain data in the database without privilege.

Published: February 17, 2021; 6:15:15 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-27101

Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later.

Published: February 16, 2021; 4:15:13 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-24841

PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in /browse.jsp. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Published: February 16, 2021; 8:15:12 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-27234

An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. The web application suffers from SQL injection on Adminlog.asp, Archivemsgs.asp, Deletelog.asp, Eventlog.asp, and Evmlog.asp.

Published: February 15, 2021; 11:15:12 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-3239

E-Learning System 1.0 suffers from an unauthenticated SQL injection vulnerability, which allows remote attackers to execute arbitrary code on the hosting web server and gain a reverse shell.

Published: February 15, 2021; 4:15:13 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-26822

Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in 'searchteacher' POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthenticated attacker to leak sensitive information and perform code execution attacks.

Published: February 15, 2021; 4:15:13 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-26201

The Login Panel of CASAP Automated Enrollment System 1.0 is vulnerable to SQL injection authentication bypass. An attacker can obtain access to the admin panel by injecting a SQL query in the username field of the login page.

Published: February 15, 2021; 4:15:13 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-26200

The user area for Library System 1.0 is vulnerable to SQL injection where a user can bypass the authentication and login as the admin user.

Published: February 15, 2021; 4:15:13 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-29143

A SQL injection vulnerability in interface/reports/non_reported.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter.

Published: February 15, 2021; 4:15:13 PM -0500
V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2020-29140

A SQL injection vulnerability in interface/reports/immunization_report.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter.

Published: February 15, 2021; 4:15:13 PM -0500
V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2020-29139

A SQL injection vulnerability in interface/main/finder/patient_select.php from library/patient.inc in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the searchFields parameter.

Published: February 15, 2021; 4:15:12 PM -0500
V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2020-29142

A SQL injection vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the schedule_facility parameter when restrict_user_facility=on is in global settings.

Published: February 15, 2021; 3:15:12 PM -0500
V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2020-22425

Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command execution.

Published: February 15, 2021; 1:15:13 PM -0500
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM