CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2021(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-27234 89 Sql 2021-02-16 2021-02-22
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. The web application suffers from SQL injection on Adminlog.asp, Archivemsgs.asp, Deletelog.asp, Eventlog.asp, and Evmlog.asp.
2 CVE-2021-27124 89 Sql 2021-02-18 2021-02-24
4.0
None Remote Low ??? Partial None None
SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack.
3 CVE-2021-27101 89 Sql 2021-02-16 2021-02-17
7.5
None Remote Low Not required Partial Partial Partial
Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later.
4 CVE-2021-26904 89 Sql 2021-02-26 2021-03-04
7.5
None Remote Low Not required Partial Partial Partial
LMA ISIDA Retriever 5.2 allows SQL Injection.
5 CVE-2021-26822 89 Exec Code Sql +Info 2021-02-15 2021-11-30
7.5
None Remote Low Not required Partial Partial Partial
Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in 'searchteacher' POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthenticated attacker to leak sensitive information and perform code execution attacks.
6 CVE-2021-26754 89 Sql 2021-02-08 2021-02-09
10.0
None Remote Low Not required Complete Complete Complete
wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=get_wdtable order[0][dir] SQL injection.
7 CVE-2021-26751 89 Sql 2021-02-12 2021-02-14
4.0
None Remote Low ??? Partial None None
NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access to the NeDi application.
8 CVE-2021-26686 89 Sql +Info 2021-02-23 2021-02-26
5.5
None Remote Low ??? Partial Partial None
A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database.
9 CVE-2021-26685 78 Sql +Info 2021-02-23 2021-02-27
5.5
None Remote Low ??? Partial Partial None
A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database.
10 CVE-2021-26201 89 Sql Bypass 2021-02-15 2021-02-22
7.5
None Remote Low Not required Partial Partial Partial
The Login Panel of CASAP Automated Enrollment System 1.0 is vulnerable to SQL injection authentication bypass. An attacker can obtain access to the admin panel by injecting a SQL query in the username field of the login page.
11 CVE-2021-26200 89 Sql Bypass 2021-02-15 2021-02-22
7.5
None Remote Low Not required Partial Partial Partial
The user area for Library System 1.0 is vulnerable to SQL injection where a user can bypass the authentication and login as the admin user.
12 CVE-2021-25779 89 Sql 2021-02-17 2021-02-23
7.5
None Remote Low Not required Partial Partial Partial
Baby Care System v1.0 is vulnerable to SQL injection via the 'id' parameter on the contentsectionpage.php page.
13 CVE-2021-22856 89 Sql 2021-02-17 2021-02-25
5.0
None Remote Low Not required Partial None None
The CGE property management system contains SQL Injection vulnerabilities. Remote attackers can inject SQL commands into the parameters in Cookie and obtain data in the database without privilege.
14 CVE-2021-22854 89 Sql 2021-02-17 2021-02-24
5.0
None Remote Low Not required Partial None None
The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege.
15 CVE-2021-22658 89 Sql 2021-02-11 2021-02-12
7.5
None Remote Low Not required Partial Partial Partial
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'.
16 CVE-2021-22654 89 Sql 2021-02-11 2021-02-12
5.0
None Remote Low Not required Partial None None
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information.
17 CVE-2021-21024 89 Sql 2021-02-11 2021-02-16
6.5
None Remote Low ??? Partial Partial Partial
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a blind SQL injection vulnerability in the Search module. Successful exploitation could lead to unauthorized access to restricted resources by an unauthenticated attacker. Access to the admin console is required for successful exploitation.
18 CVE-2021-20016 89 Sql 2021-02-04 2021-02-08
7.5
None Remote Low Not required Partial Partial Partial
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.
19 CVE-2021-3239 89 Exec Code Sql 2021-02-15 2021-11-02
7.5
None Remote Low Not required Partial Partial Partial
E-Learning System 1.0 suffers from an unauthenticated SQL injection vulnerability, which allows remote attackers to execute arbitrary code on the hosting web server and gain a reverse shell.
20 CVE-2020-36003 89 Sql 2021-02-17 2021-02-18
5.0
None Remote Low Not required Partial None None
The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases.
21 CVE-2020-36002 89 Sql +Info 2021-02-17 2021-04-01
5.0
None Remote Low Not required Partial None None
Seat-Reservation-System 1.0 has a SQL injection vulnerability in index.php in the id parameter where attackers can obtain sensitive database information.
22 CVE-2020-35765 89 Sql 2021-02-05 2021-02-17
6.5
None Remote Low ??? Partial Partial Partial
doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.
23 CVE-2020-35700 89 Exec Code Sql 2021-02-08 2021-02-09
6.5
None Remote Low ??? Partial Partial Partial
A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-settings endpoint.
24 CVE-2020-29163 89 Sql 2021-02-03 2021-02-04
6.5
None Remote Low ??? Partial Partial Partial
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by SQL injection.
25 CVE-2020-29143 89 Exec Code Sql 2021-02-15 2021-02-22
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection vulnerability in interface/reports/non_reported.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter.
26 CVE-2020-29142 89 Exec Code Sql 2021-02-15 2021-02-18
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the schedule_facility parameter when restrict_user_facility=on is in global settings.
27 CVE-2020-29140 89 Exec Code Sql 2021-02-15 2021-02-22
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection vulnerability in interface/reports/immunization_report.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter.
28 CVE-2020-29139 89 Exec Code Sql 2021-02-15 2021-02-22
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection vulnerability in interface/main/finder/patient_select.php from library/patient.inc in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the searchFields parameter.
29 CVE-2020-27869 89 Sql 2021-02-12 2021-03-26
9.0
None Remote Low ??? Complete Complete Complete
This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2. Authentication is required to exploit this vulnerability. The specific flaw exists within the WriteToFile method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges and reset the password for the Admin user. Was ZDI-CAN-11804.
30 CVE-2020-26051 89 Sql 2021-02-08 2021-02-10
7.5
None Remote Low Not required Partial Partial Partial
College Management System Php 1.0 suffers from SQL injection vulnerabilities in the index.php page from POST parameters 'unametxt' and 'pwdtxt', which are not filtered before passing a SQL query.
31 CVE-2020-24841 89 Sql 2021-02-16 2021-02-19
7.5
None Remote Low Not required Partial Partial Partial
PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in /browse.jsp. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
32 CVE-2020-24617 89 Sql 2021-02-19 2021-02-25
6.0
None Remote Medium ??? Partial Partial Partial
Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns.js via /campaigns/clicked/ajax because variable column names are not properly escaped.
33 CVE-2020-22425 89 Exec Code Sql 2021-02-15 2021-02-22
6.5
None Remote Low ??? Partial Partial Partial
Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command execution.
34 CVE-2020-21180 89 Sql 2021-02-01 2021-02-02
7.5
None Remote Low Not required Partial Partial Partial
Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signup page.
35 CVE-2020-21179 89 Sql 2021-02-01 2021-02-02
7.5
None Remote Low Not required Partial Partial Partial
Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signin page.
36 CVE-2020-21176 89 Exec Code Sql 2021-02-01 2021-02-03
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter.
37 CVE-2020-20296 89 Exec Code Sql 2021-02-01 2021-02-02
7.5
None Remote Low Not required Partial Partial Partial
An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands.
38 CVE-2020-20295 89 Exec Code Sql 2021-02-01 2021-02-02
7.5
None Remote Low Not required Partial Partial Partial
An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands.
39 CVE-2020-20294 89 Exec Code Sql 2021-02-01 2021-02-02
7.5
None Remote Low Not required Partial Partial Partial
An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands.
40 CVE-2020-20289 89 Sql 2021-02-01 2021-02-03
7.5
None Remote Low Not required Partial Partial Partial
Sql injection vulnerability in the yccms 3.3 project. The no_top function's improper judgment of the request parameters, triggers a sql injection vulnerability.
41 CVE-2020-18717 89 Exec Code Sql 2021-02-05 2021-02-08
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzz_template.php.
42 CVE-2020-18716 89 +Priv Sql 2021-02-05 2021-02-05
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php.
43 CVE-2020-18714 89 +Priv Sql 2021-02-05 2021-02-05
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordModel.php's getdata function.
44 CVE-2020-18713 89 +Priv Sql 2021-02-05 2021-02-05
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php
45 CVE-2020-18215 89 Exec Code Sql 2021-02-09 2021-02-12
6.5
None Remote Low ??? Partial Partial Partial
Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.php via the (1) ad_id, (2) menu_id, and (3) cashout_id parameters, which could let a remote malicious user execute arbitrary code.
46 CVE-2020-16629 89 Sql 2021-02-08 2021-02-10
7.5
None Remote Low Not required Partial Partial Partial
PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target path.
47 CVE-2019-25019 89 Sql 2021-02-14 2021-06-04
7.5
None Remote Low Not required Partial Partial Partial
LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model.
Total number of vulnerabilities : 47   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.