CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2021(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2021-24138 89 Sql 2021-03-18 2021-03-24
5.5
None Remote Low ??? Partial None Partial
Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param "id". This requires an admin privileged user.
452 CVE-2021-24137 89 Sql 2021-03-18 2021-03-23
6.5
None Remote Low ??? Partial Partial Partial
Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands.
453 CVE-2021-24132 89 Sql 2021-03-18 2021-03-24
6.5
None Remote Low ??? Partial Partial Partial
The Slider by 10Web WordPress plugin, versions before 1.2.36, in the bulk_action, export_full and save_slider_db functionalities of the plugin were vulnerable, allowing a high privileged user (Admin), or medium one such as Contributor+ (if "Role Options" is turn on for other users) to perform a SQL Injection attacks.
454 CVE-2021-24131 89 Sql 2021-03-18 2021-03-24
6.5
None Remote Low ??? Partial Partial Partial
Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, versions before 5.149, lead to multiple authenticated SQL injection vulnerabilities, however, it requires high privilege user (admin+).
455 CVE-2021-24130 89 Sql 2021-03-18 2021-03-24
6.5
None Remote Low ??? Partial Partial Partial
Unvalidated input in the WP Google Map Plugin WordPress plugin, versions before 4.1.5, in the Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privileged user (admin+).
456 CVE-2021-24125 89 Sql 2021-03-18 2021-04-09
6.5
None Remote Low ??? Partial Partial Partial
Unvalidated input in the Contact Form Submissions WordPress plugin before 1.7.1, could lead to SQL injection in the wpcf7_contact_form GET parameter when submitting a filter request as a high privilege user (admin+)
457 CVE-2021-24007 89 Exec Code Sql 2021-07-09 2021-07-12
7.5
None Remote Low Not required Partial Partial Partial
Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
458 CVE-2021-23837 89 Sql 2021-01-15 2021-01-22
4.0
None Remote Low ??? Partial None None
An issue was discovered in flatCore before 2.0.0 build 139. A time-based blind SQL injection was identified in the selected_folder HTTP request body parameter for the acp interface. The affected parameter (which retrieves the file contents of the specified folder) was found to be accepting malicious user input without proper sanitization, thus leading to SQL injection. Database related information can be successfully retrieved.
459 CVE-2021-23463 611 Sql 2021-12-10 2022-01-03
6.4
None Remote Low Not required Partial None Partial
The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.
460 CVE-2021-23405 89 Sql 2021-07-09 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
This affects the package pimcore/pimcore before 10.0.7. This issue exists due to the absence of check on the storeId parameter in the method collectionsActionGet and groupsActionGet method within the ClassificationstoreController class.
461 CVE-2021-23352 89 Sql 2021-03-09 2021-03-13
7.5
None Remote Low Not required Partial Partial Partial
This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image(), .svg() or .dot() functions are called, is executed by the childprocess.exec function.
462 CVE-2021-23276 89 Sql 2021-04-13 2021-04-21
6.5
None Remote Low ??? Partial Partial Partial
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated SQL injection. A malicious user can send a specially crafted packet to exploit the vulnerability. Successful exploitation of this vulnerability can allow attackers to add users in the data base.
463 CVE-2021-23230 89 Sql 2021-06-11 2021-06-22
3.5
None Remote Medium ??? None Partial None
A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions.
464 CVE-2021-23040 89 Sql 2021-09-14 2021-09-24
6.5
None Remote Low ??? Partial Partial Partial
On BIG-IP AFM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This issue is exposed only when BIG-IP AFM is provisioned. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
465 CVE-2021-22911 20 Sql 2021-05-27 2021-07-30
7.5
None Remote Low Not required Partial Partial Partial
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.
466 CVE-2021-22910 74 Sql 2021-08-09 2021-08-17
7.5
None Remote Low Not required Partial Partial Partial
A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE.
467 CVE-2021-22859 89 Exec Code Sql 2021-03-17 2021-03-23
7.5
None Remote Low Not required Partial Partial Partial
The users’ data querying function of EIC e-document system does not filter the special characters which resulted in remote attackers can inject SQL syntax and execute arbitrary commands without privilege.
468 CVE-2021-22856 89 Sql 2021-02-17 2021-02-25
5.0
None Remote Low Not required Partial None None
The CGE property management system contains SQL Injection vulnerabilities. Remote attackers can inject SQL commands into the parameters in Cookie and obtain data in the database without privilege.
469 CVE-2021-22854 89 Sql 2021-02-17 2021-02-24
5.0
None Remote Low Not required Partial None None
The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege.
470 CVE-2021-22852 89 Sql 2021-01-19 2021-01-22
6.5
None Remote Low ??? Partial Partial Partial
HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (online registration) to obtain database schema and data.
471 CVE-2021-22851 89 Sql 2021-01-19 2021-01-22
7.5
None Remote Low Not required Partial Partial Partial
HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (document management page) to obtain database schema and data.
472 CVE-2021-22848 89 Exec Code Sql 2021-03-18 2021-03-23
7.5
None Remote Low Not required Partial Partial Partial
HGiga MailSherlock contains a SQL Injection. Remote attackers can inject SQL syntax and execute SQL commands in a URL parameter of email pages without privilege.
473 CVE-2021-22847 89 Exec Code Sql 2021-01-22 2021-01-28
6.5
None Remote Low ??? Partial Partial Partial
Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege.
474 CVE-2021-22658 89 Sql 2021-02-11 2021-02-12
7.5
None Remote Low Not required Partial Partial Partial
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'.
475 CVE-2021-22654 89 Sql 2021-02-11 2021-02-12
5.0
None Remote Low Not required Partial None None
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information.
476 CVE-2021-22207 89 DoS Sql 2021-04-23 2021-12-26
5.0
None Remote Low Not required None None Partial
Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file
477 CVE-2021-21937 89 Sql CSRF 2021-12-22 2021-12-28
6.5
None Remote Low ??? Partial Partial Partial
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery.
478 CVE-2021-21936 89 Sql CSRF 2021-12-22 2021-12-28
6.5
None Remote Low ??? Partial Partial Partial
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘health_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery.
479 CVE-2021-21935 89 Sql CSRF 2021-12-22 2021-12-28
6.5
None Remote Low ??? Partial Partial Partial
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter2’ parameter. This can be done as any authenticated user or through cross-site request forgery.
480 CVE-2021-21934 89 Sql CSRF 2021-12-22 2021-12-28
6.5
None Remote Low ??? Partial Partial Partial
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘imei_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery.
481 CVE-2021-21933 89 Sql CSRF 2021-12-22 2021-12-28
6.5
None Remote Low ??? Partial Partial Partial
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘esn_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery.
482 CVE-2021-21932 89 Sql CSRF 2021-12-22 2021-12-28
6.5
None Remote Low ??? Partial Partial Partial
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘name_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery.
483 CVE-2021-21931 89 Sql CSRF 2021-12-22 2021-12-28
6.5
None Remote Low ??? Partial Partial Partial
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at‘ stat_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.
484 CVE-2021-21930 89 Sql CSRF 2021-12-22 2021-12-28
6.5
None Remote Low ??? Partial Partial Partial
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘sn_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.
485 CVE-2021-21929 89 Sql CSRF 2021-12-22 2021-12-28
6.5
None Remote Low ??? Partial Partial Partial
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘prod_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.
486 CVE-2021-21928 89 Sql CSRF 2021-12-22 2021-12-28
6.5
None Remote Low ??? Partial Partial Partial
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘mac_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.
487 CVE-2021-21927 89 Sql CSRF 2021-12-22 2021-12-28
6.5
None Remote Low ??? Partial Partial Partial
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘loc_filter’ parameter.
488 CVE-2021-21926 89 Sql CSRF 2021-12-22 2021-12-23
4.0
None Remote Low ??? Partial None None
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘health_filter’ parameter.
489 CVE-2021-21925 89 Sql CSRF 2021-12-22 2021-12-28
6.5
None Remote Low ??? Partial Partial Partial
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘firm_filter’ parameter.
490 CVE-2021-21924 89 Sql CSRF 2021-12-22 2021-12-28
6.5
None Remote Low ??? Partial Partial Partial
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘desc_filter’ parameter.
491 CVE-2021-21923 89 Sql CSRF 2021-12-22 2021-12-28
6.5
None Remote Low ??? Partial Partial Partial
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘company_filter’ parameter with the administrative account or through cross-site request forgery.
492 CVE-2021-21922 89 Sql CSRF 2021-12-22 2021-12-28
6.5
None Remote Low ??? Partial Partial Partial
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘username_filter’ parameter with the administrative account or through cross-site request forgery.
493 CVE-2021-21921 89 Sql CSRF 2021-12-22 2021-12-28
6.5
None Remote Low ??? Partial Partial Partial
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter with the administrative account or through cross-site request forgery.
494 CVE-2021-21920 89 Sql CSRF 2021-12-22 2021-12-28
6.5
None Remote Low ??? Partial Partial Partial
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘surname_filter’ parameter with the administrative account or through cross-site request forgery.
495 CVE-2021-21919 89 Sql CSRF 2021-12-22 2021-12-28
6.5
None Remote Low ??? Partial Partial Partial
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ord’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack.
496 CVE-2021-21918 89 Sql CSRF 2021-12-22 2021-12-28
6.5
None Remote Low ??? Partial Partial Partial
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack.
497 CVE-2021-21917 89 Sql CSRF 2021-12-22 2021-12-28
6.5
None Remote Low ??? Partial Partial Partial
An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at '‘ord’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.
498 CVE-2021-21916 89 Sql CSRF 2021-12-22 2021-12-28
7.5
None Remote Low Not required Partial Partial Partial
An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at 'description_filter’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.
499 CVE-2021-21915 89 Sql CSRF 2021-12-22 2021-12-28
6.5
None Remote Low ??? Partial Partial Partial
An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at ‘company_filter’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.
500 CVE-2021-21465 89 Exec Code Sql 2021-01-12 2021-02-11
6.5
None Remote Low ??? Partial Partial Partial
The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection vulnerability which can fully compromise the affected SAP system.
Total number of vulnerabilities : 627   Page : 1 2 3 4 5 6 7 8 9 10 (This Page)11 12 13
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.