CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2021(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2010-1435 863 Sql Bypass 2021-06-21 2021-09-20
7.5
None Remote Low Not required Partial Partial Partial
Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the database through an already existing SQL injection vector. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable.
2 CVE-2013-4717 89 Exec Code Sql 2021-08-09 2021-08-17
6.5
None Remote Low ??? Partial Partial Partial
Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm.
3 CVE-2019-12348 89 Sql 2021-05-24 2021-05-27
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in zzcms 2019. SQL Injection exists in user/ztconfig.php via the daohang or img POST parameter.
4 CVE-2019-25019 89 Sql 2021-02-14 2021-06-04
7.5
None Remote Low Not required Partial Partial Partial
LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model.
5 CVE-2020-4902 89 Sql 2021-07-01 2021-07-07
6.5
None Remote Low ??? Partial Partial Partial
IBM Datacap Taskmaster Capture (IBM Datacap Navigator 9.1.7) is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 191045.
6 CVE-2020-4921 89 Sql 2021-01-20 2021-01-22
6.5
None Remote Low ??? Partial Partial Partial
IBM Security Guardium 10.6 and 11.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 191398.
7 CVE-2020-4990 89 Sql 2021-05-24 2021-05-25
6.5
None Remote Low ??? Partial Partial Partial
IBM Security Guardium 11.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 192710.
8 CVE-2020-5320 89 Exec Code Sql 2021-07-19 2021-07-29
6.5
None Remote Low ??? Partial Partial Partial
Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain a SQL injection vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions.
9 CVE-2020-5427 89 Sql 2021-01-27 2021-02-04
6.5
None Remote Low ??? Partial Partial Partial
In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.
10 CVE-2020-5428 89 Sql 2021-01-27 2021-02-03
6.5
None Remote Low ??? Partial Partial Partial
In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer.
11 CVE-2020-6577 89 Sql 2021-03-19 2021-03-25
7.5
None Remote Low Not required Partial Partial Partial
The IT-Recht Kanzlei plugin in Zen Cart 1.5.6c (German edition) allows itrk-api.php rechtstext_language SQL Injection.
12 CVE-2020-7819 89 Sql 2021-09-07 2021-09-10
5.0
None Remote Low Not required Partial None None
A SQL-Injection vulnerability in the nTracker USB Enterprise(secure USB management solution) allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information.
13 CVE-2020-10582 89 Sql 2021-03-25 2021-03-27
7.5
None Remote Low Not required Partial Partial Partial
A SQL injection on the /admin/display_errors.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to execute arbitrary SQL requests (including data reading and modification) on the database.
14 CVE-2020-13566 89 Sql 2021-04-13 2021-04-14
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability In admin/edit_group.php, when the POST parameter action is “Delete”, the POST parameter delete_group leads to a SQL injection.
15 CVE-2020-13568 89 Sql 2021-04-13 2021-04-14
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin/edit_group.php, when the POST parameter action is “Submit”, the POST parameter parent_id leads to a SQL injection.
16 CVE-2020-13587 89 Sql CSRF 2021-04-09 2021-04-13
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable SQL injection vulnerability exists in the "forms_fields_rules/rules" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.
17 CVE-2020-13588 89 Sql CSRF 2021-08-17 2021-08-25
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The heading_field_id parameter in ‘‘entities/fields’ page is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.
18 CVE-2020-13589 89 Sql CSRF 2021-08-17 2021-08-25
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The entities_id parameter in the 'entities/fields page (mulitple_edit or copy_selected or export function) is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.
19 CVE-2020-13591 89 Sql CSRF 2021-04-09 2021-04-13
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable SQL injection vulnerability exists in the "access_rules/rules_form" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.
20 CVE-2020-13592 89 Sql CSRF 2021-04-09 2021-04-13
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable SQL injection vulnerability exists in "global_lists/choices" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.
21 CVE-2020-13873 89 Exec Code Sql Bypass 2021-05-12 2021-05-20
10.0
None Remote Low Not required Complete Complete Complete
A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers (pre-authentication) to bypass the admin page via a leaked password-reset token of the admin. (As an admin, an attacker can upload a PHP shell and execute remote code on the operating system.)
22 CVE-2020-15153 89 Sql 2021-04-30 2021-04-30
0.0
None ??? ??? ??? ??? ??? ???
Ampache before version 4.2.2 allows unauthenticated users to perform SQL injection. Refer to the referenced GitHub Security Advisory for details and a workaround. This is fixed in version 4.2.2 and the development branch.
23 CVE-2020-15180 20 Exec Code Sql 2021-05-27 2021-06-10
6.8
None Remote Medium Not required Partial Partial Partial
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.
24 CVE-2020-16629 89 Sql 2021-02-08 2021-02-10
7.5
None Remote Low Not required Partial Partial Partial
PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target path.
25 CVE-2020-18013 89 Sql 2021-07-30 2021-08-03
7.5
None Remote Low Not required Partial Partial Partial
SQL Injextion vulnerability exists in Whatsns 4.0 via the ip parameter in index.php?admin_banned/add.htm.
26 CVE-2020-18019 Sql +Info 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
SQL Injection in Xinhu OA System v1.8.3 allows remote attackers to obtain sensitive information by injecting arbitrary commands into the "typeid" variable of the "createfolderAjax" function in the "mode_worcAction.php" component.
27 CVE-2020-18020 Exec Code Sql 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the "user_phone" parameter of a crafted HTTP request to the "admin.php" component.
28 CVE-2020-18081 89 Sql 2021-12-17 2021-12-22
5.0
None Remote Low Not required Partial None None
The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query.
29 CVE-2020-18106 89 Sql 2021-08-27 2021-09-01
7.5
None Remote Low Not required Partial Partial Partial
The GET parameter "id" in WMS v1.0 is passed without filtering, which allows attackers to perform SQL injection.
30 CVE-2020-18116 89 Sql 2021-08-27 2021-09-01
6.5
None Remote Low ??? Partial Partial Partial
A lack of filtering for searched keywords in the search bar of YouDianCMS 8.0 allows attackers to perform SQL injection.
31 CVE-2020-18144 89 Sql 2021-07-14 2021-07-22
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection Vulnerability in ECTouch v2 via the integral_min parameter in index.php.
32 CVE-2020-18155 89 Sql 2021-07-14 2021-07-29
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page if a website uses a PDO connection.
33 CVE-2020-18164 89 Sql 2021-08-17 2021-08-25
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill parameter.
34 CVE-2020-18175 89 Sql 2021-07-30 2021-08-03
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd action in basic.php.
35 CVE-2020-18215 89 Exec Code Sql 2021-02-09 2021-02-12
6.5
None Remote Low ??? Partial Partial Partial
Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.php via the (1) ad_id, (2) menu_id, and (3) cashout_id parameters, which could let a remote malicious user execute arbitrary code.
36 CVE-2020-18262 89 Sql 2021-11-03 2021-11-05
7.5
None Remote Low Not required Partial Partial Partial
ED01-CMS v1.0 was discovered to contain a SQL injection in the component cposts.php via the cid parameter.
37 CVE-2020-18263 89 Sql 2021-11-03 2021-11-05
5.0
None Remote Low Not required Partial None None
PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability in the component search.php via the search parameter. This vulnerability allows attackers to access sensitive database information.
38 CVE-2020-18476 89 Sql 2021-08-26 2021-08-27
6.5
None Remote Low ??? Partial Partial Partial
SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic information field found in the avatar usd_image field.
39 CVE-2020-18477 89 Sql 2021-08-26 2021-08-27
6.5
None Remote Low ??? Partial Partial Partial
SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enquiry field found in the Message con_content field.
40 CVE-2020-18544 89 Exec Code Sql 2021-07-12 2021-07-14
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary code via the "username" parameter in the component "chkuser.php".
41 CVE-2020-18662 89 Sql 2021-06-24 2021-06-28
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection vulnerability in gnuboard5 <=v5.3.2.8 via the table_prefix parameter in install_db.php.
42 CVE-2020-18667 89 Sql 2021-06-24 2021-09-13
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection vulnerability in WebPort <=1.19.1 via the new connection, parameter name in type-conn.
43 CVE-2020-18713 89 +Priv Sql 2021-02-05 2021-02-05
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php
44 CVE-2020-18714 89 +Priv Sql 2021-02-05 2021-02-05
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordModel.php's getdata function.
45 CVE-2020-18716 89 +Priv Sql 2021-02-05 2021-02-05
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php.
46 CVE-2020-18717 89 Exec Code Sql 2021-02-05 2021-02-08
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzz_template.php.
47 CVE-2020-18746 89 Exec Code Sql 2021-08-18 2021-08-24
6.5
None Remote Low ??? Partial Partial Partial
SQL Injection in AiteCMS v1.0 allows remote attackers to execute arbitrary code via the component "aitecms/login/diy_list.php".
48 CVE-2020-18877 89 Sql +Info 2021-08-20 2021-08-23
5.0
None Remote Low Not required Partial None None
SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'.
49 CVE-2020-18913 89 Sql 2021-08-24 2021-09-01
5.0
None Remote Low Not required Partial None None
EARCLINK ESPCMS-P8 was discovered to contain a SQL injection vulnerability in the espcms_web/Search.php component via the attr_array parameter. This vulnerability allows attackers to access sensitive database information.
50 CVE-2020-19705 89 Sql 2021-08-26 2021-09-01
7.5
None Remote Low Not required Partial Partial Partial
thinkphp-zcms as of 20190715 allows SQL injection via index.php?m=home&c=message&a=add.
Total number of vulnerabilities : 627   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.