CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2021(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
551 CVE-2020-35327 89 Sql 2021-03-04 2021-03-10
4.0
None Remote Low ??? Partial None None
SQL injection vulnerability was discovered in Courier Management System 1.0, which can be exploited via the ref_no (POST) parameter to admin_class.php
552 CVE-2020-35270 89 Sql 2021-01-26 2021-02-01
6.4
None Remote Low Not required Partial Partial None
Student Result Management System In PHP With Source Code is affected by SQL injection. An attacker can able to access of Admin Panel and manage every account of Result.
553 CVE-2020-35263 89 Exec Code Sql 2021-01-26 2021-02-02
7.5
None Remote Low Not required Partial Partial Partial
EgavilanMedia User Registration & Login System 1.0 is affected by SQL injection to the admin panel, which may allow arbitrary code execution.
554 CVE-2020-35012 89 Sql 2021-12-01 2021-12-03
6.5
None Remote Low ??? Partial Partial Partial
The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to an SQL Injection
555 CVE-2020-29493 89 Exec Code Sql 2021-01-14 2021-01-21
7.5
None Remote Low Not required Partial Partial Partial
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity.
556 CVE-2020-29437 89 Exec Code Sql 2021-01-05 2021-01-07
5.5
None Remote Low ??? Partial None Partial
SQL injection in the Buzz module of OrangeHRM through 4.6 allows remote authenticated attackers to execute arbitrary SQL commands via the orangehrmBuzzPlugin/lib/dao/BuzzDao.php loadMorePostsForm[profileUserId] parameter to the buzz/loadMoreProfile endpoint.
557 CVE-2020-29214 89 Sql Bypass 2021-06-15 2021-06-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SourceCodester Alumni Management System 1.0 allows the user to inject SQL payload to bypass the authentication via admin/login.php.
558 CVE-2020-29163 89 Sql 2021-02-03 2021-02-04
6.5
None Remote Low ??? Partial Partial Partial
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by SQL injection.
559 CVE-2020-29147 89 Sql +Info 2021-07-14 2021-07-16
5.0
None Remote Low Not required Partial None None
A SQL injection vulnerability in wy_controlls/wy_side_visitor.php of Wayang-CMS v1.0 allows attackers to obtain sensitive database information.
560 CVE-2020-29143 89 Exec Code Sql 2021-02-15 2021-02-22
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection vulnerability in interface/reports/non_reported.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter.
561 CVE-2020-29142 89 Exec Code Sql 2021-02-15 2021-02-18
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the schedule_facility parameter when restrict_user_facility=on is in global settings.
562 CVE-2020-29140 89 Exec Code Sql 2021-02-15 2021-02-22
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection vulnerability in interface/reports/immunization_report.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter.
563 CVE-2020-29139 89 Exec Code Sql 2021-02-15 2021-02-22
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection vulnerability in interface/main/finder/patient_select.php from library/patient.inc in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the searchFields parameter.
564 CVE-2020-29015 89 Exec Code Sql 2021-01-14 2021-01-20
7.5
None Remote Low Not required Partial Partial Partial
A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement.
565 CVE-2020-29011 89 Exec Code Sql 2021-08-04 2021-08-10
6.5
None Remote Low ??? Partial Partial Partial
Instances of SQL Injection vulnerabilities in the checksum search and MTA-quarantine modules of FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated attacker to execute unauthorized code on the underlying SQL interpreter via specifically crafted HTTP requests.
566 CVE-2020-28960 89 Sql 2021-10-22 2021-10-28
10.0
None Remote Low Not required Complete Complete Complete
Chichen Tech CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the file product_list.php via the id and cid parameters.
567 CVE-2020-28702 89 Sql 2021-11-01 2021-11-08
5.0
None Remote Low Not required Partial None None
A SQL injection vulnerability in TopicMapper.xml of PybbsCMS v5.2.1 allows attackers to access sensitive database information.
568 CVE-2020-28657 89 Sql 2021-03-02 2021-03-04
7.5
None Remote Low Not required Partial Partial Partial
In bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) are accessible without authentication and allow SQL injections, which could lead to platform compromise.
569 CVE-2020-28172 89 Sql Bypass 2021-03-31 2021-04-02
7.5
None Remote Low Not required Partial Partial Partial
A SQL injection vulnerability in Simple College Website 1.0 allows remote unauthenticated attackers to bypass the admin authentication mechanism in college_website/admin/ajax.php?action=login, thus gaining access to the website administrative panel.
570 CVE-2020-28087 89 Sql 2021-08-06 2021-08-14
5.0
None Remote Low Not required Partial None None
A SQL injection vulnerability in /jeecg boot/sys/dict/loadtreedata of jeecg-boot CMS 2.3 allows attackers to access sensitive database information.
571 CVE-2020-27869 89 Sql 2021-02-12 2021-03-26
9.0
None Remote Low ??? Complete Complete Complete
This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2. Authentication is required to exploit this vulnerability. The specific flaw exists within the WriteToFile method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges and reset the password for the Admin user. Was ZDI-CAN-11804.
572 CVE-2020-27733 89 Sql 2021-01-19 2021-01-26
6.5
None Remote Low ??? Partial Partial Partial
Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request.
573 CVE-2020-27246 89 Sql 2021-05-11 2021-05-13
6.5
None Remote Low ??? Partial Partial Partial
An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoComment parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
574 CVE-2020-27245 89 Sql 2021-05-11 2021-05-13
6.5
None Remote Low ??? Partial Partial Partial
An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoBuyer parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
575 CVE-2020-27244 89 Sql 2021-05-11 2021-05-13
6.5
None Remote Low ??? Partial Partial Partial
An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoCode parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
576 CVE-2020-27243 89 Sql 2021-05-11 2021-05-13
6.5
None Remote Low ??? Partial Partial Partial
An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoService parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
577 CVE-2020-27242 89 Sql 2021-05-11 2021-05-13
6.5
None Remote Low ??? Partial Partial Partial
An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoLocation parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
578 CVE-2020-27241 77 Sql 2021-04-19 2021-04-23
7.5
None Remote Low Not required Partial Partial Partial
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The serialnumber parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
579 CVE-2020-27240 77 Sql 2021-04-19 2021-04-23
7.5
None Remote Low Not required Partial Partial Partial
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The componentStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.
580 CVE-2020-27239 89 Sql 2021-04-15 2021-04-21
7.5
None Remote Low Not required Partial Partial Partial
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The assetStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.
581 CVE-2020-27238 89 Sql 2021-04-15 2021-04-21
7.5
None Remote Low Not required Partial Partial Partial
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
582 CVE-2020-27237 89 Sql 2021-04-15 2021-04-21
7.5
None Remote Low Not required Partial Partial Partial
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the The nomenclature parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
583 CVE-2020-27236 89 Sql 2021-04-13 2021-04-14
7.5
None Remote Low Not required Partial Partial Partial
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the compnomenclature parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.
584 CVE-2020-27235 89 Sql 2021-04-13 2021-04-14
7.5
None Remote Low Not required Partial Partial Partial
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the description parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.
585 CVE-2020-27234 89 Sql 2021-04-13 2021-04-14
7.5
None Remote Low Not required Partial Partial Partial
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the serviceUID parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.
586 CVE-2020-27233 89 Sql 2021-04-13 2021-04-14
7.5
None Remote Low Not required Partial Partial Partial
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the supplierUID parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.
587 CVE-2020-27232 89 Sql 2021-05-10 2021-05-14
6.5
None Remote Low ??? Partial Partial Partial
An exploitable SQL injection vulnerability exists in ‘manageServiceStocks.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
588 CVE-2020-27231 89 Sql 2021-05-10 2021-05-13
6.5
None Remote Low ??? Partial Partial Partial
A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findDistrict parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
589 CVE-2020-27230 89 Sql 2021-05-10 2021-05-13
6.5
None Remote Low ??? Partial Partial Partial
A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findSector parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.
590 CVE-2020-27229 89 Sql 2021-05-10 2021-05-13
6.5
None Remote Low ??? Partial Partial Partial
A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findPersonID parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
591 CVE-2020-27226 89 Sql 2021-05-10 2021-05-13
6.5
None Remote Low ??? Partial Partial Partial
An exploitable SQL injection vulnerability exists in ‘quickFile.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
592 CVE-2020-26773 89 Exec Code Sql 2021-01-07 2021-01-14
6.5
None Remote Low ??? Partial Partial Partial
Restaurant Reservation System 1.0 suffers from an authenticated SQL injection vulnerability, which allows a remote, authenticated attacker to execute arbitrary SQL commands via the date parameter in includes/reservation.inc.php.
593 CVE-2020-26712 89 Sql 2021-01-12 2021-07-01
10.0
None Remote Low Not required Complete Complete Complete
REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. The application uses the addition of a string of information from the submitted user that is not validated well in the database query, resulting in an SQL injection vulnerability where an attacker can exploit and compromise all databases.
594 CVE-2020-26677 89 Sql 2021-05-26 2021-06-01
6.5
None Remote Low ??? Partial Partial Partial
Any user logged in to a vFairs 3.3 virtual conference or event can perform SQL injection with a malicious query to the API.
595 CVE-2020-26668 89 Sql 2021-06-01 2021-06-09
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection vulnerability was discovered in /core/feeds/custom.php in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to inject a malicious SQL query to the applications via the 'Create New Feed' function.
596 CVE-2020-26051 89 Sql 2021-02-08 2021-02-10
7.5
None Remote Low Not required Partial Partial Partial
College Management System Php 1.0 suffers from SQL injection vulnerabilities in the index.php page from POST parameters 'unametxt' and 'pwdtxt', which are not filtered before passing a SQL query.
597 CVE-2020-26045 89 Sql 2021-01-05 2021-01-08
7.5
None Remote Low Not required Partial Partial Partial
FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
598 CVE-2020-25409 89 Sql 2021-05-24 2021-05-27
7.5
None Remote Low Not required Partial Partial Partial
Projectsworlds College Management System Php 1.0 is vulnerable to SQL injection issues over multiple parameters.
599 CVE-2020-25362 89 Sql 2021-06-02 2021-06-09
5.0
None Remote Low Not required Partial None None
The id paramater in Online Shopping Alphaware 1.0 has been discovered to be vulnerable to an Error-Based blind SQL injection in the /alphaware/details.php path. This allows an attacker to retrieve all databases.
600 CVE-2020-24932 89 Sql 2021-10-27 2021-10-29
7.5
None Remote Low Not required Partial Partial Partial
An SQL Injection vulnerability exists in Sourcecodester Complaint Management System 1.0 via the cid parameter in complaint-details.php.
Total number of vulnerabilities : 627   Page : 1 2 3 4 5 6 7 8 9 10 11 12 (This Page)13
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.