CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2021(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
601 CVE-2020-24913 89 Sql 2021-03-04 2021-03-22
7.5
None Remote Low Not required Partial Partial Partial
A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.
602 CVE-2020-24877 89 Sql Bypass 2021-03-15 2021-03-16
7.5
None Remote Low Not required Partial Partial Partial
A SQL injection vulnerability in zzzphp v1.8.0 through /form/index.php?module=getjson may lead to a possible access restriction bypass.
603 CVE-2020-24862 89 Sql 2021-06-02 2021-06-09
5.0
None Remote Low Not required Partial None None
The catID parameter in Pharmacy Medical Store and Sale Point v1.0 has been found to be vulnerable to a Time-Based blind SQL injection via the /medical/inventories.php path which allows attackers to retrieve all databases.
604 CVE-2020-24841 89 Sql 2021-02-16 2021-02-19
7.5
None Remote Low Not required Partial Partial Partial
PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in /browse.jsp. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
605 CVE-2020-24791 89 Sql 2021-03-10 2021-03-12
7.5
None Remote Low Not required Partial Partial Partial
FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
606 CVE-2020-24671 89 Sql 2021-06-10 2021-06-11
6.5
None Remote Low ??? Partial Partial Partial
Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL injection vulnerability, which was fixed in 6.3.0.03.
607 CVE-2020-24667 89 Sql 2021-06-10 2021-06-11
6.5
None Remote Low ??? Partial Partial Partial
Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL injection vulnerability, which was fixed in 6.3.0.03.
608 CVE-2020-24617 89 Sql 2021-02-19 2021-02-25
6.0
None Remote Medium ??? Partial Partial Partial
Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns.js via /campaigns/clicked/ajax because variable column names are not properly escaped.
609 CVE-2020-24000 89 Exec Code Sql 2021-11-03 2021-11-04
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php.
610 CVE-2020-23763 89 Exec Code Sql Bypass 2021-04-09 2021-04-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication.
611 CVE-2020-23711 89 Sql 2021-06-28 2021-07-01
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php.
612 CVE-2020-23685 89 Exec Code +Priv Sql 2021-11-02 2021-11-03
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection vulnerability in 188Jianzhan v2.1.0, allows attackers to execute arbitrary code and gain escalated privileges, via the username parameter to login.php.
613 CVE-2020-23630 89 Sql 2021-01-11 2021-01-14
6.5
None Remote Low ??? Partial Partial Partial
A blind SQL injection vulnerability exists in zzcms ver201910 based on time (cookie injection).
614 CVE-2020-23282 89 Sql 2021-07-21 2021-07-30
5.0
None Remote Low Not required Partial None None
SQL injection in Logon Page in MV's mConnect application, v02.001.00, allows an attacker to use a non existing user with a generic password to connect to the application and get access to unauthorized information.
615 CVE-2020-23262 89 Sql 2021-01-26 2021-01-30
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in ming-soft MCMS v5.0, where a malicious user can exploit SQL injection without logging in through /mcms/view.do.
616 CVE-2020-23150 89 Sql 2021-08-09 2021-08-12
5.0
None Remote Low Not required Partial None None
A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allows attackers to access sensitive database information via a crafted GET request to install/lib/ajaxHandlers/ajaxDbInstall.php.
617 CVE-2020-23149 89 Sql 2021-08-09 2021-08-12
5.0
None Remote Low Not required Partial None None
The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a SQL injection and access sensitive database information.
618 CVE-2020-23045 89 Sql 2021-10-22 2021-10-29
6.5
None Remote Low ??? Partial Partial Partial
Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a SQL injection vulnerability via the 'roleId' parameter of the `editRole` and `deletUser` modules.
619 CVE-2020-22807 89 Sql 2021-04-29 2021-05-19
7.5
None Remote Low Not required Partial Partial Partial
An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature.
620 CVE-2020-22425 89 Exec Code Sql 2021-02-15 2021-02-22
6.5
None Remote Low ??? Partial Partial Partial
Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command execution.
621 CVE-2020-22226 89 Sql 2021-11-05 2021-11-09
7.5
None Remote Low Not required Partial Partial Partial
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionSetAmount function.
622 CVE-2020-22225 89 Sql 2021-11-05 2021-11-09
7.5
None Remote Low Not required Partial Partial Partial
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoadForm function.
623 CVE-2020-22223 89 Sql 2021-11-05 2021-11-09
7.5
None Remote Low Not required Partial Partial Partial
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoad function.
624 CVE-2020-22212 89 Sql 2021-06-16 2021-06-21
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection in 74cms 3.2.0 via the id parameter to wap/wap-company-show.php.
625 CVE-2020-22211 89 Sql 2021-06-16 2021-06-21
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajax_street.php.
626 CVE-2020-22210 89 Sql 2021-06-16 2021-06-21
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection in 74cms 3.2.0 via the x parameter to ajax_officebuilding.php.
627 CVE-2020-22209 89 Sql 2021-06-16 2021-06-21
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajax_common.php.
628 CVE-2020-22208 89 Sql 2021-06-16 2021-06-21
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajax_street.php.
629 CVE-2020-22206 89 Sql 2021-06-16 2021-06-21
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection in ECShop 3.0 via the aid parameter to admin/affiliate_ck.php.
630 CVE-2020-22205 89 Sql 2021-06-16 2021-06-21
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection in ECShop 3.0 via the id parameter to admin/shophelp.php.
631 CVE-2020-22204 89 Sql 2021-06-16 2021-06-21
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection in ECShop 2.7.6 via the goods_number parameter to flow.php. .
632 CVE-2020-22203 89 Sql 2021-06-16 2021-06-21
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection in phpCMS 2008 sp4 via the genre parameter to yp/job.php.
633 CVE-2020-22199 89 Sql 2021-06-16 2021-06-21
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection vulnerability in phpCMS 2007 SP6 build 0805 via the digg_mod parameter to digg_add.php.
634 CVE-2020-22198 89 Sql 2021-06-16 2021-06-21
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection vulnerability in DedeCMS 5.7 via mdescription parameter to member/ajax_membergroup.php.
635 CVE-2020-22175 89 Sql +Info 2021-06-22 2021-06-24
5.0
None Remote Low Not required Partial None None
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\admin\betweendates-detailsreports.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
636 CVE-2020-22174 89 Sql +Info 2021-06-22 2021-06-24
5.0
None Remote Low Not required Partial None None
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\book-appointment.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
637 CVE-2020-22173 89 Sql +Info 2021-06-22 2021-06-24
5.0
None Remote Low Not required Partial None None
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\edit-profile.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
638 CVE-2020-22172 89 Sql +Info 2021-06-22 2021-06-24
5.0
None Remote Low Not required Partial None None
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
639 CVE-2020-22171 89 Sql +Info 2021-06-22 2021-06-24
5.0
None Remote Low Not required Partial None None
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\registration.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
640 CVE-2020-22170 89 Sql +Info 2021-06-22 2021-06-24
5.0
None Remote Low Not required Partial None None
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
641 CVE-2020-22169 89 Sql +Info 2021-06-22 2021-06-24
5.0
None Remote Low Not required Partial None None
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\appointment-history.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
642 CVE-2020-22168 89 Sql +Info 2021-06-22 2021-06-24
5.0
None Remote Low Not required Partial None None
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
643 CVE-2020-22166 89 Sql +Info 2021-06-22 2021-06-24
5.0
None Remote Low Not required Partial None None
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\forgot-password.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
644 CVE-2020-22165 89 Sql +Info 2021-06-22 2021-06-24
5.0
None Remote Low Not required Partial None None
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
645 CVE-2020-22164 89 Sql +Info 2021-06-22 2021-06-24
5.0
None Remote Low Not required Partial None None
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\check_availability.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
646 CVE-2020-22122 89 Sql 2021-08-18 2021-08-24
5.0
None Remote Low Not required Partial None None
A SQL injection vulnerability in /oa.php?c=Staff&a=read of Find a Place LJCMS v 1.3 allows attackers to access sensitive database information via a crafted POST request.
647 CVE-2020-21809 89 Sql 2021-07-30 2021-08-03
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the (1) listid parameter in detail.php and the (2) group_price or groupid parameters in search_result.php.
648 CVE-2020-21808 89 Sql 2021-07-30 2021-08-03
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection vulnerability in NukeViet CMS 4.0.10 - 4.3.07 via:the topicsid parameter in modules/news/admin/addtotopics.php.
649 CVE-2020-21806 89 Sql 2021-07-30 2021-08-03
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection Vulnerability in ECTouch v2 via the shop page in index.php..
650 CVE-2020-21726 89 Sql 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the cid parameter.
Total number of vulnerabilities : 627   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.