CWE:
 

Tytuł
Data
Autor
Med.
Online-Exam-System 2015 SQL Injection
28.05.2020
Berk Dusunur
Med.
NOKIA VitalSuite SPM 2020 SQL Injection
28.05.2020
Berk Dusunur
Med.
OXID eShop 6.3.4 sorting SQL Injection
27.05.2020
VulnSpy
Med.
Wordpress Plugin Form Maker 5.4.1 s SQL Injection (Authenticated)
25.05.2020
SunCSR
Med.
Technologies 4You SQL Injection Authentication Bypass
22.05.2020
KingSkrupellos
Med.
Victor CMS 1.0 cat_id SQL Injection
22.05.2020
Kishan Lal Choudhary
Med.
DGinteractive Internet Automobile XSS SQL Injection
21.05.2020
KingSkrupellos
Med.
PHP-Fusion 9.03.50 SQL Injection
20.05.2020
SunCSR
Med.
Mikrotik Router Monitoring System 1.2.3 SQL Injection
19.05.2020
jul10l1r4
Med.
WordPress Ajax Load More 5.3.1 SQL Injection
19.05.2020
Nguyen Khang
Med.
Online Healthcare Management System 1.0 SQL Injection
19.05.2020
BKpatron
Med.
vBulletin 5.6.1 SQL Injection
17.05.2020
Photubias
Med.
YesWiki cercopitheque 2020.04.18.1 id SQL Injection
14.05.2020
coiffeur
Med.
Phase Botnet Blind SQL Injection
13.05.2020
Anonymous
Med.
Complaint Management System 1.0 SQL Injection
12.05.2020
BKpatron
Med.
LibreNMS 1.46 search SQL Injection
11.05.2020
Punt
Med.
WordPress ChopSlider 3 SQL Injection
11.05.2020
Callum Murphy
Med.
Victor CMS 1.0 SQL Injection
11.05.2020
BKpatron
Med.
Online AgroCulture Farm Management System 1.0 pid SQL Injection
09.05.2020
BKpatron
Med.
Car Park Management System 1.0 SQL Injection
08.05.2020
Tarun Sehgal
Med.
School File Management System 1.0 SQL Injection
08.05.2020
Tarun Sehgal
Med.
Transinfo Solutions SQL Injection
05.05.2020
h4shur
Med.
iJoomla AdAgency 6.0.9 SQL Injection
05.05.2020
Milad Karimi
Med.
addressbook 9.0.0.1 id SQL Injection
05.05.2020
d4sh&r000
Med.
Fishing Reservation System SQL Injection
05.05.2020
Benjamin Kunz Mejri
Med.
Propellogic SQL Injection
04.05.2020
h4shur
Med.
dreams SQL Injection
04.05.2020
h4shur
Med.
saudi softech SQL Injection
03.05.2020
h4shur
Med.
School ERP Pro 1.0 SQL Injection
01.05.2020
Besim Altinok
Med.
hits script 1.0 SQL Injection
30.04.2020
sajjadbnd
Med.
Project Open CMS 5.0.3 Cross Site Scripting / SQL Injection
28.04.2020
Benjamin Kunz Mejri
Med.
Nido Tecnologia Ra3n Progapanda XSS SQL Injection
26.04.2020
Cyberizm.Org
Med.
Complaint Management System 4.2 SQL Injection
26.04.2020
Besim Altinok
Med.
Car Dealer 5 SQL Injection
21.04.2020
KingSkrupellos
Med.
Centreon 19.10.5 SQL Injection
21.04.2020
Basim Alabdullah
Med.
PMB 5.6 SQL Injection
21.04.2020
41-trk
Med.
Web Designed by MaxPower SQL Injection
20.04.2020
AnonySec
Med.
Webdizajn Glirp.Sk System Glirp XSS SQL Injection
20.04.2020
KingSkrupellos
Med.
Realizzazione 2PWeb SQL Injection
20.04.2020
KingSkrupellos
Med.
MiastoBasketuBukova SQL Injection
20.04.2020
KingSkrupellos
Med.
Macs Framework 1.14f Cross Site Scripting / SQL Injection
16.04.2020
Benjamin Kunz Mejri
Med.
Projekt i Wykonanie Inforpol SQL Injection
15.04.2020
KingSkrupellos
Med.
BayShoreBroadCasting SQL Injection
15.04.2020
KingSkrupellos
Med.
Conception Realisation LTGraf SQL Injection
15.04.2020
KingSkrupellos
Med.
MOVEit Transfer 11.1.1 token Unauthenticated SQL Injection
15.04.2020
Aviv Beniash, Noam Mos...
Med.
Xeroneit Library Management System 3.0 SQL Injection
11.04.2020
Sohel Yousef
Med.
SitesPlus England SQL Injection
09.04.2020
KingSkrupellos
High
Grandstream UCM6200 Series CTI Interface user_password SQL Injection
08.04.2020
Jacob Baines
Med.
Grandstream UCM6200 Series CTI Interface SQL Injection
02.04.2020
Jacob Baines
Med.
Grandstream UCM6200 Series WebSocket 1.0.20.20 user_password SQL Injection
31.03.2020
Jacob Baines
Med.
RsgmLadokGitnialYossuDarso SQL Injection
30.03.2020
KingSkrupellos
Med.
CaesarCannerCityWebSubway GoWeb Taiwan SQL Injection
30.03.2020
KingSkrupellos
Med.
DesignMasterEvents CMS 1.0 SQL Injection / Cross Site Scripting
30.03.2020
thelastvvv
Med.
Webexcels Ecommerce CMS 2.x SQL Injection / Cross Site Scripting
29.03.2020
thelastvvv
Med.
WordPress Randy Peterman Murph StatTraq 1.1 SQL Injection
29.03.2020
KingSkrupellos
Med.
Brand Group International Oy Finland SQL Injection
29.03.2020
KingSkrupellos
Med.
Taylor Morrison Evergreen-LM Vertilinc Neighborhood SQL Injection
29.03.2020
KingSkrupellos
Med.
CMS dagenDin Norway XSS SQL Injection
27.03.2020
KingSkrupellos
Med.
Soluzione Globale Ecommerce CMS 1 SQL Injection
27.03.2020
thelastvvv
Med.
SharePoint Workflows XOML Injection
25.03.2020
thelastvvv
Med.
SialWeb CMS eCommerce 1.0 / 1.1 Cross Site Scripting / SQL Injection
25.03.2020
thelastvvv
Med.
Strassen24 Panomizer XSS SQL Injection
24.03.2020
KingSkrupellos
Med.
Joomla! com_hdwplayer 4.2 search.php SQL Injection
24.03.2020
qw3rTyTy
Med.
Association des Propriétaires des Stations de la Plagne France XSS SQL Injection
22.03.2020
KingSkrupellos
Med.
Websco-Innovations SQL Injection
19.03.2020
KingSkrupellos
Med.
UADMIN Botnet SQL Injection
18.03.2020
n4pst3r
Med.
MiladWorkShop VIP System 1.0 SQL Injection
16.03.2020
ayadi
Med.
ГБОУ ПОО ztte sql injection
14.03.2020
Milad Karimi
Med.
CentOS WebPanel 7 SQL Injection
14.03.2020
Berke Yilmaz
Med.
60CycleCMS news.php SQL Injection
09.03.2020
Unkn0wn
Med.
Sentrifugo HRMS 3.2 SQL Injection
09.03.2020
minhnb
Med.
GUnet OpenEclass 1.7.3 SQL Injection
04.03.2020
emaragkos
Med.
eLection 2.0 id SQL Injection
27.02.2020
J3rryBl4nks
Med.
eLection 2.0 SQL Injection
24.02.2020
J3rryBl4nks
Med.
ATutor 2.2.4 SQL Injection
24.02.2020
Andrey Stoykov
Med.
SOPlanning 1.45 users SQL Injection
17.02.2020
J3rryBl4nks, Homebrewe...
Med.
phpMyChat Plus 1.98 SQL Injection
15.02.2020
J3rryBl4nks
Med.
PackWeb Formap E-learning 1.0 SQL Injection
11.02.2020
Amel Bouziane-Leblond
Med.
QuickDate 1.3.2 SQL Injection
11.02.2020
Ihsan Sencan
Med.
TicketAgenten Germany XSS SQL Injection
31.01.2020
KingSkrupellos
Med.
Daiwa-Cormoran Sportartikel-Vertrieb GmbH XSS SQL Injection
31.01.2020
KingSkrupellos
Med.
DTMobilien GmBH Credit Agency XSS SQL Injection
31.01.2020
KingSkrupellos
Med.
BimBamBanana Gadgets Online Shopping XSS SQL Injection
31.01.2020
KingSkrupellos
Med.
Ozeki Messaging Software Products Hungary XSS SQL Injection
31.01.2020
KingSkrupellos
Med.
Antikvariat-Susice XSS SQL Injection
31.01.2020
KingSkrupellos
Med.
Rukovoditel Project Management CRM 2.5.2 filters SQL Injection
30.01.2020
Fatih Çelik
Med.
Octeth Oempro 4.8 SQL Injection
30.01.2020
Bruno de Barros Bulle
Med.
Webtareas 2.0 SQL Injection
25.01.2020
Greg Priest
Med.
JamJam Informationssysteme Böblingen Voegele-Reisen XSS SQL Injection
24.01.2020
KingSkrupellos
Med.
Stempel-Bestellen OnlineShop Deutschland SQL Injection
23.01.2020
KingSkrupellos
Med.
Kuenstlernachlaesse-Mannheim XSS SQL Injection
23.01.2020
KingSkrupellos
Med.
Shopsystem WebanOS SQL Injection
23.01.2020
KingSkrupellos
Med.
NitroPowered WebGallery SQL Injection
23.01.2020
KingSkrupellos
Med.
Guangzhou China Enonomic Bidding Co Ltd XSS SQL Injection
23.01.2020
KingSkrupellos
Med.
Spvgg Oedheim SportVerein SQL Injection
23.01.2020
KingSkrupellos
Med.
ECTouch ECShop v2.7.3 SQL Injection
22.01.2020
KingSkrupellos
Med.
WordPress WP Fanzone 3.1 SQL Injection
22.01.2020
KingSkrupellos
Med.
Balikesir Üniversitesi SQL İnjection
22.01.2020
Furkan Özer
Med.
Hong Kong Government Public Libraries SQL Injection
21.01.2020
KingSkrupellos
Med.
EuroTur Travel Agency Argentina XSS SQL Injection
21.01.2020
KingSkrupellos


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2020-05-24
Medium
CVE-2020-13433

Vendor: Adminpanel project
Software: Adminpanel
 

 
Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php hidden parameter.

 
2020-05-22
Medium
CVE-2020-3184

Vendor: Cisco
Software: Prime collab...
 

 
A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates user input for specific SQL queries. An attacker could exploit this vulnerability by authenticating to the application with valid administrative credentials and sending malicious requests to an affected system. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, or delete information from the database that they are not authorized to delete.

 
2020-05-20
Medium
CVE-2020-12034

Vendor: Rockwellautomation
Software: Eds subsystem
 

 
Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior, RSNetWorx software: Version 28.00.00 and prior, Studio 5000 Logix Designer software: Version 32 and prior) is vulnerable.The EDS subsystem does not provide adequate input sanitation, which may allow an attacker to craft specialized EDS files to inject SQL queries and manipulate the database storing the EDS files. This can lead to denial-of-service conditions.

 
Medium
CVE-2020-5579

Vendor: Paidmembershipspro
Software: Paid members...
 

 
SQL injection vulnerability in the Paid Memberships versions prior to 2.3.3 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.

 
2020-05-17
Low
CVE-2020-4345

Vendor: IBM
Software: I
 

 
IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a specific set of circumstances may allow a local user to obtain sensitive information that they should not have access to. IBM X-Force ID: 178318.

 
2020-05-16
Medium
CVE-2020-13118

Vendor: Mikrotik-router-monitoring-system project
Software: Mikrotik-rou...
 

 
An issue was discovered in Mikrotik-Router-Monitoring-System through 2018-10-22. SQL Injection exists in check_community.php via the parameter community.

 
2020-05-12
Medium
CVE-2020-6241

Vendor: SAP
Software: Adaptive ser...
 

 
SAP Adaptive Server Enterprise, version 16.0, allows an authenticated user to execute crafted database queries to elevate privileges of users in the system, leading to SQL Injection.

 
Medium
CVE-2020-6249

Vendor: SAP
Software: Master data ...
 

 
The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection.

 
Medium
CVE-2020-6253

Vendor: SAP
Software: Adaptive ser...
 

 
Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute, leading to SQL Injection.

 
2020-05-09
Medium
CVE-2020-12766

Vendor: Solis
Software: Gnuteca
 

 
Gnuteca 3.8 allows action=main:search:simpleSearch SQL Injection via the exemplaryStatusId parameter.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top