CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2021(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-33470 89 Sql 2021-05-26 2021-06-09
7.5
None Remote Low Not required Partial Partial Partial
COVID19 Testing Management System 1.0 is vulnerable to SQL Injection via the admin panel.
2 CVE-2021-32615 89 Sql 2021-05-13 2021-05-21
7.5
None Remote Low Not required Partial Partial Partial
Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Injection.
3 CVE-2021-32104 89 Sql 2021-05-07 2021-05-11
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection vulnerability exists (with user privileges) in interface/forms/eye_mag/save.php in OpenEMR 5.0.2.1.
4 CVE-2021-32102 89 Sql 2021-05-07 2021-05-11
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection vulnerability exists (with user privileges) in library/custom_template/ajax_code.php in OpenEMR 5.0.2.1.
5 CVE-2021-32099 89 Sql Bypass 2021-05-07 2021-05-11
7.5
None Remote Low Not required Partial Partial Partial
A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass.
6 CVE-2021-32051 89 Sql 2021-05-14 2021-05-21
5.0
None Remote Low Not required Partial None None
Hexagon G!nius Auskunftsportal before 5.0.0.0 allows SQL injection via the GiPWorkflow/Service/DownloadPublicFile id parameter.
7 CVE-2021-31827 89 Sql 2021-05-18 2021-05-25
6.5
None Remote Low ??? Partial Partial Partial
In Progress MOVEit Transfer before 2021.0 (13.0), a SQL injection vulnerability has been found in the MOVEit Transfer web app that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or destroy database elements. This is in MOVEit.DMZ.WebApp in SILHuman.vb.
8 CVE-2021-31316 89 Sql 2021-05-18 2021-05-24
10.0
None Remote Low Not required Complete Complete Complete
The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the 'idsession' HTTP POST parameter.
9 CVE-2021-30081 89 Sql 2021-05-24 2021-05-27
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in emlog 6.0.0stable. There is a SQL Injection vulnerability that can execute any SQL statement and query server sensitive data via admin/navbar.php?action=add_page.
10 CVE-2021-29053 89 Exec Code Sql 2021-05-17 2021-05-24
6.5
None Remote Low ??? Partial Partial Partial
Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1 allow remote authenticated users to execute arbitrary SQL commands via the classPKField parameter to (1) CommerceChannelRelFinder.countByC_C, or (2) CommerceChannelRelFinder.findByC_C.
11 CVE-2021-24314 89 Sql 2021-05-17 2021-05-24
7.5
None Remote Low Not required Partial Partial Partial
The Goto WordPress theme before 2.1 did not sanitise, validate of escape the keywords GET parameter from its listing page before using it in a SQL statement, leading to an Unauthenticated SQL injection issue
12 CVE-2021-24295 89 Sql 2021-05-17 2021-05-24
5.0
None Remote Low Not required Partial None None
It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The update_log function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected via the User-Agent Header by manipulating the cookies set by the Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.153.4, sending an initial request to obtain a ct_sfw_pass_key cookie and then manually setting a separate ct_sfw_passed cookie and disallowing it from being reset.
13 CVE-2021-24285 89 Sql 2021-05-14 2021-05-21
7.5
None Remote Low Not required Partial Partial Partial
The request_list_request AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the order_id POST parameter before using it in a SQL statement, leading to a SQL Injection issue.
14 CVE-2021-22911 20 Sql 2021-05-27 2021-07-30
7.5
None Remote Low Not required Partial Partial Partial
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.
15 CVE-2021-20720 89 Exec Code Sql +Info 2021-05-20 2021-05-25
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the KonaWiki2 versions prior to 2.2.4 allows remote attackers to execute arbitrary SQL commands and to obtain/alter the information stored in the database via unspecified vectors.
16 CVE-2021-1365 89 Sql 2021-05-06 2021-05-14
5.5
None Remote Low ??? Partial Partial None
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted parameters. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database.
17 CVE-2021-1363 89 Sql 2021-05-06 2021-05-14
5.5
None Remote Low ??? Partial Partial None
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted parameters. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database.
18 CVE-2020-27246 89 Sql 2021-05-11 2021-05-13
6.5
None Remote Low ??? Partial Partial Partial
An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoComment parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
19 CVE-2020-27245 89 Sql 2021-05-11 2021-05-13
6.5
None Remote Low ??? Partial Partial Partial
An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoBuyer parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
20 CVE-2020-27244 89 Sql 2021-05-11 2021-05-13
6.5
None Remote Low ??? Partial Partial Partial
An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoCode parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
21 CVE-2020-27243 89 Sql 2021-05-11 2021-05-13
6.5
None Remote Low ??? Partial Partial Partial
An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoService parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
22 CVE-2020-27242 89 Sql 2021-05-11 2021-05-13
6.5
None Remote Low ??? Partial Partial Partial
An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoLocation parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
23 CVE-2020-27232 89 Sql 2021-05-10 2021-05-14
6.5
None Remote Low ??? Partial Partial Partial
An exploitable SQL injection vulnerability exists in ‘manageServiceStocks.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
24 CVE-2020-27231 89 Sql 2021-05-10 2021-05-13
6.5
None Remote Low ??? Partial Partial Partial
A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findDistrict parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
25 CVE-2020-27230 89 Sql 2021-05-10 2021-05-13
6.5
None Remote Low ??? Partial Partial Partial
A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findSector parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.
26 CVE-2020-27229 89 Sql 2021-05-10 2021-05-13
6.5
None Remote Low ??? Partial Partial Partial
A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findPersonID parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
27 CVE-2020-27226 89 Sql 2021-05-10 2021-05-13
6.5
None Remote Low ??? Partial Partial Partial
An exploitable SQL injection vulnerability exists in ‘quickFile.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
28 CVE-2020-26677 89 Sql 2021-05-26 2021-06-01
6.5
None Remote Low ??? Partial Partial Partial
Any user logged in to a vFairs 3.3 virtual conference or event can perform SQL injection with a malicious query to the API.
29 CVE-2020-25409 89 Sql 2021-05-24 2021-05-27
7.5
None Remote Low Not required Partial Partial Partial
Projectsworlds College Management System Php 1.0 is vulnerable to SQL injection issues over multiple parameters.
30 CVE-2020-15180 20 Exec Code Sql 2021-05-27 2021-06-10
6.8
None Remote Medium Not required Partial Partial Partial
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.
31 CVE-2020-13873 89 Exec Code Sql Bypass 2021-05-12 2021-05-20
10.0
None Remote Low Not required Complete Complete Complete
A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers (pre-authentication) to bypass the admin page via a leaked password-reset token of the admin. (As an admin, an attacker can upload a PHP shell and execute remote code on the operating system.)
32 CVE-2020-4990 89 Sql 2021-05-24 2021-05-25
6.5
None Remote Low ??? Partial Partial Partial
IBM Security Guardium 11.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 192710.
33 CVE-2019-12348 89 Sql 2021-05-24 2021-05-27
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in zzcms 2019. SQL Injection exists in user/ztconfig.php via the daohang or img POST parameter.
Total number of vulnerabilities : 33   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.