CWE:
 

Tytuł
Data
Autor
Med.
Simple Online Mens Salon Management System 1.0 SQL Injection
06.12.2021
nu11secur1ty
Med.
Online Pre-Owned / Used Car Showroom Management System 1.0 SQL Injection
04.12.2021
Mohamed Habib Smidi
Med.
CA Network Flow Analysis SQL Injection
02.12.2021
Ken Williams
Med.
Orangescrum 1.8.0 SQL Injection
29.11.2021
Hubert Wojciechowski
Med.
Simple Subscription Website 1.0 SQL Injection
29.11.2021
Daniel Haro
Med.
Gerdab.ir SQL Injection
27.11.2021
E1.Coders
Med.
PHP Event Calendar Lite Edition SQL Injection
25.11.2021
Erik Steltzner
Med.
Fuel CMS 1.4.13 SQL Injection
25.11.2021
Rahad Chowdhury
Med.
Aimeos Laravel Ecommerce Platform 2021.10 LTS SQL Injection
23.11.2021
Ilker Burak Adiyaman
Med.
Webrun 3.6.0.42 SQL Injection
23.11.2021
Vinicius Alves
Med.
Aimeos Laravel ecommerce platform 2021.10 LTS sort SQL injection
22.11.2021
Ilker Burak ADIYAMAN
Med.
PuneethReddyHC Online Shopping System Advanced 1.0 SQL Injection
22.11.2021
Jason Colyvas
Med.
Simplephpscripts Simple CMS 2.1 Multiple SQL Injection
19.11.2021
Vulnerability Lab
Med.
Online Reviewer System 2.4.0 SQL Injection
17.11.2021
nu11secur1ty
Med.
Mumara Classic 2.93 SQL Injection
14.11.2021
Shain Lakin
Med.
Mult-e-Cart Ultimate 2.4 id SQL Injection
10.11.2021
Vulnerability Lab
Med.
Kmaleon 1.1.0.205 SQL Injection
10.11.2021
Amel Bouziane-Leblond
Med.
Money Transfer Management System 1.0 SQL Injection
09.11.2021
Aryan Chehreghani
Med.
Froxlor 0.10.29.1 SQL Injection
09.11.2021
Martin Cernac
Med.
Opencart 3 Extension TMD Vendor System SQL Injection
05.11.2021
Muhammad Zaki Sulistya
Med.
PHP Melody 3.0 SQL Injection
30.10.2021
Vulnerability Lab
Med.
Build Smart ERP 21.0817 eidValue SQL Injection (Unauthenticated)
28.10.2021
Nehru Sethuraman
Med.
CKAN Datastore Search - SQL-I (Brasil POC)
28.10.2021
Gh05t666nero
Med.
SPA Cart CMS 2021 SQL Injection
27.10.2021
Vulnerability Laborato...
Med.
Simple Issue Tracker System 1.0 SQL Injection
13.10.2021
Bekir Bugra Turkoglu
Med.
IFSC Code Finder Project 1.0 SQL Injection
11.10.2021
Yash Mahajan
Med.
Loan Management System 1.0 SQL Injection
11.10.2021
Merve Oral
Med.
Odine Solutions GateKeeper 1.0 SQL Injection
06.10.2021
Emel Basayar
Med.
Young Entrepreneur E-Negosyo System 1.0 SQL Injection
05.10.2021
Jordan Glover
Med.
Vehicle Service Management System 1.0 SQL Injection
05.10.2021
Richard Jones
Med.
Local Offices Contact Directory Site SQL Injection
05.10.2021
nu11secur1ty
Med.
Blood Bank System 1.0 SQL Injection
03.10.2021
Nitin Sharma
Med.
Exam Form Submission System 1.0 SQL Injection
02.10.2021
Nitin Sharma
Med.
PASS-PHP 1.0 SQL Injection / Cross Site Scripting
28.09.2021
nu11secur1ty
Med.
Pharmacy Point Of Sale System 1.0 SQL Injection
24.09.2021
Janik Wehrli
Med.
Simple Attendance System 1.0 SQL Injection
17.09.2021
Abdullah Khawaja
Med.
Support Board 3.3.3 SQL Injection
15.09.2021
John Jefferson Li
Med.
AHSS-PHP 1.0 Cross Site Scripting / SQL Injection
15.09.2021
nu11secur1ty
Med.
OpenSIS Community 8.0 SQL Injection
11.09.2021
Eric Salario
Med.
Traffic Offense Management System 1.0 SQL Injection / Remote Code Execution
01.09.2021
Tagoletta
Med.
Simple Image Gallery System 1.0 id SQL Injection
29.08.2021
Azumah Foresight Xorla...
Med.
Crime Records Management System 1.0 SQL Injection
23.08.2021
Davide Taraschi
Med.
COMMAX Smart Home IoT Control System CDP-1020n SQL Injection
17.08.2021
LiquidWorm
Med.
4images 1.8 SQL Injection
13.08.2021
Andrey Stoykov
Med.
RATES SYSTEM 1.0 SQL Injection
12.08.2021
Halit Akaydin
Med.
Care2x Integrated Hospital Info System 2.7 SQL Injection
30.07.2021
securityforeveryone
Med.
TripSpark VEO Transportation SQL Injection
28.07.2021
Sedric Louissaint
Med.
Customer Relationship Management System (CRM) 1.0 Sql Injection Authentication Bypass
27.07.2021
Shafique_Wasta
Med.
Zabbix 5.x SQL Injection / Cross Site Scripting
26.07.2021
Taurus Omar
Med.
Schoolsindia SQL Injection
26.07.2021
h4shur
Med.
WordPress LearnPress SQL Injection
21.07.2021
nhattruong
High
KevinLAB BEMS 1.0 Unauthenticated SQL Injection / Authentication Bypass
21.07.2021
LiquidWorm
Med.
PEEL Shopping 9.3.0 SQL Injection
19.07.2021
faisalfs10x
High
Church Management System 1.0 Shell Upload / SQL Injection
09.07.2021
Eleonora Guardini
Med.
Online Covid Vaccination Scheduler System 1.0 SQL Injection
07.07.2021
faisalfs10x
Med.
Online Voting System 1.0 SQL Injection
03.07.2021
deathflash1411
Med.
Garbage Collection Management System 1.0 SQL Injection
02.07.2021
ircashem
Med.
Doctors Patients Management System 1.0 SQL Injection
30.06.2021
Murat Demirci
Med.
phpAbook 0.9i SQL Injection
30.06.2021
Alejandro Perez
Med.
Personnel Record Management System 1.0 SQL Injection
29.06.2021
Richard Jones
Med.
WordPress Poll, Survey, Questionnaire And Voting System 1.5.2 SQL Injection
28.06.2021
Toby Jackson
Med.
Simple Client Management System 1.0 SQL Injection
25.06.2021
Baris Yildizoglu
Med.
Unified Office Total Connect Now 1.0 SQL Injection
22.06.2021
Ajaikumar Nadar
Med.
Small CRM 3.0 Authentication Bypass SQL Injection
22.06.2021
BHAVESH KAUL
Med.
Grocery Crud 1.6.4 SQL Injection
11.06.2021
TonyShavez
Med.
Zenario CMS 8.8.52729 SQL Injection
11.06.2021
Avinash R
Med.
Online Movie Ticket Booking - SQL injection
09.06.2021
Mostafa Farzaneh
Med.
Rocket.Chat 3.12.1 NoSQL Injection / Code Execution
08.06.2021
enox
High
Cacti 1.2.12 SQL Injection / Remote Command Execution
02.06.2021
h00die
Med.
WordPress WP Statistics 13.0.7 SQL Injection
25.05.2021
Mansoor R
Med.
EgavilanMedia PHPCRUD 1.0 SQL Injection
18.05.2021
Dimitrios Mitakos
Low
Bello WordPress Theme <= 1.5.9 - Unauthenticated Blind SQL Injection
17.05.2021
m0ze
Low
Goto WordPress Theme 2.0 - Unauthenticated Blind SQL Injection
17.05.2021
m0ze
High
Printable Staff ID Card Creator System 1.0 Shell Upload / SQL Injection
17.05.2021
bwnz
Med.
Hexagon G!nius Auskunftsportal SQL Injection
15.05.2021
Marcel Keiffenheim
Med.
Dental Clinic Appointment Reservation System 1.0 SQL Injection
13.05.2021
Mesut Cetin
Med.
ERPNext 12.18.0 / 13.0.0 SQL Injection
11.05.2021
Stefan Pietsch
Med.
Timeclock 1.04 Time and Boolean Based Blind SQL Injection # Date: May 3rd 2021
08.05.2021
Tyler Butler
Med.
Voting System 1.0 SQL Injection
07.05.2021
secure77
Low
b2evolution 7-2-2 SQL Injection
06.05.2021
nu11secur1ty
Med.
Gadget Works Online Ordering System 1.0 SQL Injection
04.05.2021
Richard Jones
Med.
Piwigo 11.3.0 SQL Injection
30.04.2021
nu11secur1ty
High
Cacti 1.2.12 filter SQL Injection / Remote Code Execution
29.04.2021
Leonardo Paiva
Med.
SEO Panel 4.8.0 order_col Blind SQL Injection
27.04.2021
nu11secur1ty
High
Cockpit CMS 0.11.1 NoSQL Injection / Remote Command Execution
21.04.2021
h00die
Med.
Digital Crime Report Management System 1.0 SQL Injection
15.04.2021
Galuh Muhammad Iman Ak...
Med.
CITSmart ITSM 9.1.2.27 SQL Injection
15.04.2021
skys
Med.
PrestaShop 1.7.6.7 SQL Injection
09.04.2021
Vanshal Gaur
Med.
Basic Shopping Cart 1.0 SQL Injection
05.04.2021
Viren Saroha
Med.
Simple Food Website 1.0 SQL Injection
05.04.2021
Richard Jones
Med.
Latrix 0.6.0 SQL Injection
03.04.2021
cptsticky
Med.
Project Expense Monitoring System 1.0 SQL Injection
29.03.2021
Richard Jones
Med.
Ovidentia 6 SQL Injection
26.03.2021
Felipe Prates Donato
Med.
WoWonder Social Network Platform 3.1 event_id SQL Injection
24.03.2021
securityforeveryone.co...
Med.
SEO Panel 4.8.0 SQL Injection
18.03.2021
Piyush Patil
High
Alphaware E-Commerce System 1.0 Shell Upload / SQL Injection
16.03.2021
Christian Vierschillin...
Med.
Monitoring Of Students Cyber Accounts System 1.0 SQL Injection
13.03.2021
Richard Jones
Med.
Monitoring System (Dashboard) 1.0 SQL Injection
13.03.2021
Richard Jones
Med.
QCubed 3.1.1 SQL Injection
13.03.2021
Wolfgang Hotwagner
Med.
Online Ordering System 1.0 Blind SQL Injection (Unauthenticated)
11.03.2021
Suraj Bhosale


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2021-12-06
Medium
CVE-2021-43035

Vendor: Kaseya
Software: Unitrends backup
 

 
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Two unauthenticated SQL injection vulnerabilities were discovered, allowing arbitrary SQL queries to be injected and executed under the postgres superuser account. Remote code execution was possible, leading to full access to the postgres user account.

 
Waiting for details
CVE-2021-24943

Updating...
 

 
The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the event_id in the rtec_send_unregister_link AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL injection.

 
Waiting for details
CVE-2021-24931

Updating...
 

 
The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an SQL injection.

 
Waiting for details
CVE-2021-24866

Updating...
 

 
The WP Data Access WordPress plugin before 5.0.0 does not properly sanitise and escape the backup_date parameter before using it a SQL statement, leading to a SQL injection issue and could allow arbitrary table deletion

 
2021-12-03
Medium
CVE-2021-44349

Vendor: Yejiao
Software: Tuzicms
 

 
SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameter in App\Manage\Controller\DownloadController.class.php.

 
Medium
CVE-2021-44348

Vendor: Yejiao
Software: Tuzicms
 

 
SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameer in App\Manage\Controller\AdvertController.class.php.

 
Medium
CVE-2021-44347

Vendor: Yejiao
Software: Tuzicms
 

 
SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Controller\GuestbookController.class.php.

 
Medium
CVE-2021-35414

Vendor: Chamilo
Software: Chamilo lms
 

 
Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php.

 
2021-12-02
Medium
CVE-2021-43679

Vendor: Shopex
Software: Ecshop
 

 
ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api.php.

 
Low
CVE-2021-44050

Updating...
 

 
CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated user to access sensitive data.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top