CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2021(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-37593 89 Exec Code Sql 2021-07-30 2021-09-21
6.4
None Remote Low Not required Partial Partial None
PEEL Shopping version 9.4.0 allows remote SQL injection. A public user/guest (unauthenticated) can inject a malicious SQL query in order to affect the execution of predefined SQL commands. Upon a successful SQL injection attack, an attacker can read sensitive data from the database and possibly modify database data.
2 CVE-2021-37478 89 Sql 2021-07-26 2021-08-03
7.5
None Remote Low Not required Partial Partial Partial
In NavigateCMS version 2.9.4 and below, function `block` is vulnerable to sql injection on parameter `block-order`, which results in arbitrary sql query execution in the backend database.
3 CVE-2021-37477 89 Sql 2021-07-26 2021-07-28
7.5
None Remote Low Not required Partial Partial Partial
In NavigateCMS version 2.9.4 and below, function in `structure.php` is vulnerable to sql injection on parameter `children_order`, which results in arbitrary sql query execution in the backend database.
4 CVE-2021-37476 89 Sql 2021-07-26 2021-07-28
7.5
None Remote Low Not required Partial Partial Partial
In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `id` through a post request, which results in arbitrary sql query execution in the backend database.
5 CVE-2021-37475 89 Sql 2021-07-26 2021-07-28
7.5
None Remote Low Not required Partial Partial Partial
In NavigateCMS version 2.9.4 and below, function in `templates.php` is vulnerable to sql injection on parameter `template-properties-order`, which results in arbitrary sql query execution in the backend database.
6 CVE-2021-37473 89 Sql 2021-07-26 2021-07-28
7.5
None Remote Low Not required Partial Partial Partial
In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `products-order` through a post request, which results in arbitrary sql query execution in the backend database.
7 CVE-2021-36624 89 Sql Bypass 2021-07-30 2021-11-06
7.5
None Remote Low Not required Partial Partial Partial
Sourcecodester Phone Shop Sales Managements System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
8 CVE-2021-36621 89 Sql 2021-07-30 2021-10-18
6.8
None Remote Medium Not required Partial Partial Partial
Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection. The username parameter is vulnerable to time-based SQL injection. Upon successful dumping the admin password hash, an attacker can decrypt and obtain the plain-text password. Hence, the attacker could authenticate as Administrator.
9 CVE-2021-36124 287 Sql 2021-07-13 2021-07-15
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Echo ShareCare 8.15.5. It does not perform authentication or authorization checks when accessing a subset of sensitive resources, leading to the ability for unauthenticated users to access pages that are vulnerable to attacks such as SQL injection.
10 CVE-2021-35458 89 Sql 2021-07-30 2021-11-05
7.5
None Remote Low Not required Partial Partial Partial
Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php (aka p=products) via the c or s parameter.
11 CVE-2021-35042 89 Sql 2021-07-02 2021-09-21
7.5
None Remote Low Not required Partial Partial Partial
Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.
12 CVE-2021-34609 89 Sql 2021-07-08 2021-07-12
6.5
None Remote Low ??? Partial Partial Partial
A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
13 CVE-2021-34166 287 Sql Bypass 2021-07-30 2021-08-04
7.5
None Remote Low Not required Partial Partial Partial
A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1.0 allows a remote attacker to Bypass Authentication and become Admin.
14 CVE-2021-34165 89 Sql Bypass 2021-07-30 2021-08-04
7.5
None Remote Low Not required Partial Partial Partial
A SQL Injection vulnerability in Sourcecodester Basic Shopping Cart 1.0 allows a remote attacker to Bypass Authentication and become Admin.
15 CVE-2021-33578 89 Sql Bypass 2021-07-13 2021-07-15
7.5
None Remote Low Not required Partial Partial Partial
Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities when processing remote input from both authenticated and unauthenticated users, leading to the ability to bypass authentication, exfiltrate Structured Query Language (SQL) records, and manipulate data.
16 CVE-2021-32790 89 Sql 2021-07-26 2021-08-04
4.0
None Remote Low ??? Partial None None
Woocommerce is an open source eCommerce plugin for WordPress. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce plugin between version 3.3.0 and 3.3.6. Malicious actors (already) having admin access, or API keys to the WooCommerce site can exploit vulnerable endpoints of `/wp-json/wc/v3/webhooks`, `/wp-json/wc/v2/webhooks` and other webhook listing API. Read-only SQL queries can be executed using this exploit, while data will not be returned, by carefully crafting `search` parameter information can be disclosed using timing and related attacks. Version 3.3.6 is the earliest version of Woocommerce with a patch for this vulnerability. There are no known workarounds other than upgrading.
17 CVE-2021-32789 89 Sql 2021-07-26 2021-08-05
5.0
None Remote Low Not required Partial None None
woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be executed against the `wc/store/products/collection-data?calculate_attribute_counts[][taxonomy]` endpoint that allows the execution of a read only sql query. There are patches for many versions of this package, starting with version 2.5.16. There are no known workarounds aside from upgrading.
18 CVE-2021-30486 89 Sql 2021-07-22 2021-07-31
6.5
None Remote Low ??? Partial Partial Partial
SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via AssetManagementChart.jsp (GET computerID), AssetManagementChart.jsp (POST group1), AssetManagementList.jsp (GET computerID or group1), or AssetManagementSummary.jsp (GET group1).
19 CVE-2021-30117 89 Sql 2021-07-09 2021-07-12
6.5
None Remote Low ??? Partial Partial Partial
SQL injection exists in Kaseya VSA before 9.5.6.
20 CVE-2021-29730 89 Sql 2021-07-09 2021-07-15
6.5
None Remote Low ??? Partial Partial Partial
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 201164.
21 CVE-2021-28423 89 Exec Code Sql 2021-07-01 2021-07-07
6.5
None Remote Low ??? Partial Partial Partial
Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the 'searchdata' POST parameter in search.php.
22 CVE-2021-28053 89 Exec Code Sql 2021-07-16 2021-08-02
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A SQL injection vulnerability in "Configuration > Users > Contacts / Users" allows remote authenticated users to execute arbitrary SQL commands via the Additional Information parameters.
23 CVE-2021-27950 89 Exec Code Sql 2021-07-02 2021-07-06
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through 1.2.3.12 allows an authenticated attacker to execute arbitrary SQL commands via the id parameter to mesdocs.ajax.php in azurWebEngine/eShop. By default, the query is executed as DBA.
24 CVE-2021-27021 89 Sql 2021-07-20 2021-07-29
6.5
None Remote Low ??? Partial Partial Partial
A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.
25 CVE-2021-26765 89 Sql 2021-07-22 2021-09-21
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the sid parameter to edit-sub.php.
26 CVE-2021-26764 89 Sql 2021-07-22 2021-09-21
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in PHPGurukul Student Record System v 4.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit-std.php.
27 CVE-2021-26762 89 Sql 2021-07-22 2021-09-21
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php.
28 CVE-2021-26232 89 Exec Code Sql 2021-07-22 2021-07-30
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SourceCodester Simple College Website v 1.0 allows remote attackers to execute arbitrary SQL statements via the id parameter to news.php.
29 CVE-2021-26231 89 Exec Code Sql 2021-07-22 2021-07-30
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SourceCodester Fantastic Blog CMS v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to category.php.
30 CVE-2021-26229 89 Exec Code Sql 2021-07-22 2021-07-30
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_stud.php.
31 CVE-2021-26228 89 Exec Code Sql 2021-07-22 2021-07-30
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_class1.php.
32 CVE-2021-26226 89 Exec Code Sql 2021-07-22 2021-07-30
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_user.php.
33 CVE-2021-26223 89 Exec Code Sql 2021-07-22 2021-07-30
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to view_pay.php.
34 CVE-2021-25427 89 Sql 2021-07-08 2021-07-14
3.3
None Local Network Low Not required Partial None None
SQL injection vulnerability in Bluetooth prior to SMR July-2021 Release 1 allows unauthorized access to paired device information
35 CVE-2021-25213 89 Exec Code Sql 2021-07-22 2021-07-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SourceCodester Travel Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the catid parameter to subcat.php.
36 CVE-2021-25212 89 Exec Code Sql 2021-07-22 2021-07-30
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SourceCodester Alumni Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to manage_event.php.
37 CVE-2021-25209 89 Exec Code Sql 2021-07-22 2021-07-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SourceCodester Theme Park Ticketing System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to view_user.php .
38 CVE-2021-25205 89 Exec Code Sql 2021-07-22 2021-07-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SourceCodester E-Commerce Website V 1.0 allows remote attackers to execute arbitrary SQL statements, via the update parameter to empViewUpdate.php .
39 CVE-2021-25202 89 Exec Code Sql 2021-07-22 2021-07-30
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SourceCodester Sales and Inventory System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to \ahira\admin\inventory.php.
40 CVE-2021-25201 89 Sql +Info 2021-07-23 2021-07-29
5.0
None Remote Low Not required Partial None None
SQL injection vulnerability in Learning Management System v 1.0 allows remote attackers to execute arbitrary SQL statements through the id parameter to obtain sensitive database information.
41 CVE-2021-24451 89 Sql 2021-07-06 2021-07-09
6.5
None Remote Low ??? Partial Partial Partial
The Export Users With Meta WordPress plugin before 0.6.5 did not escape the list of roles to export before using them in a SQL statement in the export functionality, available to admins, leading to an authenticated SQL Injection.
42 CVE-2021-24442 89 Sql 2021-07-12 2021-07-15
7.5
None Remote Low Not required Partial Partial Partial
The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, escape or validate the date_answers[] POST parameter before using it in a SQL statement when sending a Poll result, allowing unauthenticated users to perform SQL Injection attacks
43 CVE-2021-24385 89 Sql 2021-07-12 2021-07-15
7.5
None Remote Low Not required Partial Partial Partial
The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the get_col function and it allows SQL injection. The Rest API endpoint which invokes this function also does not have any required permissions/authentication and can be accessed by an anonymous user.
44 CVE-2021-24007 89 Exec Code Sql 2021-07-09 2021-07-12
7.5
None Remote Low Not required Partial Partial Partial
Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
45 CVE-2021-23405 89 Sql 2021-07-09 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
This affects the package pimcore/pimcore before 10.0.7. This issue exists due to the absence of check on the storeId parameter in the method collectionsActionGet and groupsActionGet method within the ClassificationstoreController class.
46 CVE-2020-36033 89 Sql 2021-07-22 2021-07-30
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the id parameter to edituser.php.
47 CVE-2020-35427 89 Exec Code Sql Bypass 2021-07-20 2021-09-21
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.
48 CVE-2020-29147 89 Sql +Info 2021-07-14 2021-07-16
5.0
None Remote Low Not required Partial None None
A SQL injection vulnerability in wy_controlls/wy_side_visitor.php of Wayang-CMS v1.0 allows attackers to obtain sensitive database information.
49 CVE-2020-23282 89 Sql 2021-07-21 2021-07-30
5.0
None Remote Low Not required Partial None None
SQL injection in Logon Page in MV's mConnect application, v02.001.00, allows an attacker to use a non existing user with a generic password to connect to the application and get access to unauthorized information.
50 CVE-2020-21809 89 Sql 2021-07-30 2021-08-03
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the (1) listid parameter in detail.php and the (2) group_price or groupid parameters in search_result.php.
Total number of vulnerabilities : 64   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.