CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2021(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2021-29053 89 Exec Code Sql 2021-05-17 2021-05-24
6.5
None Remote Low ??? Partial Partial Partial
Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1 allow remote authenticated users to execute arbitrary SQL commands via the classPKField parameter to (1) CommerceChannelRelFinder.countByC_C, or (2) CommerceChannelRelFinder.findByC_C.
252 CVE-2021-29004 89 Sql 2021-10-11 2021-10-16
6.5
None Remote Low ??? Partial Partial Partial
rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely.
253 CVE-2021-28993 89 Sql +Info 2021-06-30 2021-07-06
5.0
None Remote Low Not required Partial None None
Plixer Scrutinizer 19.0.2 is affected by: SQL Injection. The impact is: obtain sensitive information (remote).
254 CVE-2021-28970 89 Sql 2021-04-01 2021-04-07
4.0
None Remote Low ??? Partial None None
eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the job_id parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3.
255 CVE-2021-28969 89 Sql 2021-04-01 2021-04-07
4.0
None Remote Low ??? Partial None None
eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort_by parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3. NOTE: this is different from CVE-2020-25034 and affects newer versions of the software.
256 CVE-2021-28925 89 Sql 2021-04-08 2021-04-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Nagios Network Analyzer before 2.4.3 via the o[col] parameter to api/checks/read/.
257 CVE-2021-28890 89 Sql 2021-08-12 2021-08-23
7.5
None Remote Low Not required Partial Partial Partial
J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the (1) compId parameter to fast/sys/user/list, (2) deptId parameter to fast/sys/role/list, or (3) roleId parameter to fast/sys/role/authUser/list, related to the use of ${} to join SQL statements.
258 CVE-2021-28828 89 Sql 2021-04-20 2021-04-23
6.5
None Remote Low ??? Partial Partial Partial
The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, and TIBCO Administrator - Enterprise Edition for z/Linux contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a SQL injection attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.10.2 and below, and TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.11.0 and 5.11.1.
259 CVE-2021-28668 89 Sql 2021-03-29 2021-04-01
7.5
None Remote Low Not required Partial Partial Partial
Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities.
260 CVE-2021-28423 89 Exec Code Sql 2021-07-01 2021-07-07
6.5
None Remote Low ??? Partial Partial Partial
Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the 'searchdata' POST parameter in search.php.
261 CVE-2021-28419 89 Sql 2021-03-18 2021-04-27
6.5
None Remote Low ??? Partial Partial Partial
The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases.
262 CVE-2021-28381 89 Sql 2021-03-16 2021-03-22
7.5
None Remote Low Not required Partial Partial Partial
The vhs (aka VHS: Fluid ViewHelpers) extension before 5.1.1 for TYPO3 allows SQL injection via isLanguageViewHelper.
263 CVE-2021-28295 89 Sql 2021-03-16 2021-03-22
5.0
None Remote Low Not required Partial None None
Online Ordering System 1.0 is vulnerable to unauthenticated SQL injection through /onlineordering/GPST/admin/design.php, which may lead to database information disclosure.
264 CVE-2021-28245 89 Sql 2021-03-31 2021-04-05
5.0
None Remote Low Not required Partial None None
PbootCMS 3.0.4 contains a SQL injection vulnerability through index.php via the search parameter that can reveal sensitive information through adding an admin account.
265 CVE-2021-28242 77 Sql +Info 2021-04-15 2021-06-04
6.5
None Remote Low ??? Partial Partial Partial
SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cf_name" parameter when creating a new filter under the "Collections" tab.
266 CVE-2021-28157 89 Exec Code Sql 2021-04-14 2021-04-21
6.5
None Remote Low ??? Partial Partial Partial
An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete.
267 CVE-2021-28142 89 Sql 2021-04-06 2021-04-19
6.5
None Remote Low ??? Partial Partial Partial
CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete."
268 CVE-2021-28053 89 Exec Code Sql 2021-07-16 2021-08-02
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A SQL injection vulnerability in "Configuration > Users > Contacts / Users" allows remote authenticated users to execute arbitrary SQL commands via the Additional Information parameters.
269 CVE-2021-28022 89 Sql 2021-11-08 2021-11-09
5.0
None Remote Low Not required Partial None None
Blind SQL injection in the login form in ServiceTonic Helpdesk software < 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries.
270 CVE-2021-27999 89 Sql 2021-08-19 2021-08-24
4.0
None Remote Low ??? None Partial None
A SQL injection vulnerability was discovered in the editid parameter in Local Services Search Engine Management System Project 1.0. This vulnerability gives admin users the ability to dump all data from the database.
271 CVE-2021-27973 89 Sql 2021-04-02 2021-04-30
6.5
None Remote Low ??? Partial Partial Partial
SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages.
272 CVE-2021-27950 89 Exec Code Sql 2021-07-02 2021-07-06
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through 1.2.3.12 allows an authenticated attacker to execute arbitrary SQL commands via the id parameter to mesdocs.ajax.php in azurWebEngine/eShop. By default, the query is executed as DBA.
273 CVE-2021-27948 89 Sql 2021-03-15 2021-03-16
6.5
None Remote Low ??? Partial Partial Partial
SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (issue 3 of 3).
274 CVE-2021-27947 89 Sql 2021-03-15 2021-03-16
6.5
None Remote Low ??? Partial Partial Partial
SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. (issue 2 of 3).
275 CVE-2021-27946 89 Sql 2021-03-15 2021-03-23
6.5
None Remote Low ??? Partial Partial Partial
SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. (issue 1 of 3).
276 CVE-2021-27928 78 Exec Code Sql 2021-03-19 2022-01-04
9.0
None Remote Low ??? Complete Complete Complete
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.
277 CVE-2021-27890 89 Sql 2021-03-15 2021-09-21
6.8
None Remote Medium Not required Partial Partial Partial
SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files.
278 CVE-2021-27828 89 Sql 2021-06-01 2021-06-09
6.4
None Remote Low Not required None Partial Partial
SQL injection in In4Suite ERP 3.2.74.1370 allows attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries.
279 CVE-2021-27672 89 Sql +Info 2021-04-15 2021-04-21
4.0
None Remote Low ??? Partial None None
SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component.
280 CVE-2021-27644 89 Sql 2021-11-01 2021-11-02
6.0
None Remote Medium ??? Partial Partial Partial
In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)
281 CVE-2021-27581 89 Sql 2021-03-05 2021-03-15
7.5
None Remote Low Not required Partial Partial Partial
The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter.
282 CVE-2021-27545 89 Sql +Info 2021-04-15 2021-04-21
4.0
None Remote Low ??? Partial None None
SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter.
283 CVE-2021-27320 89 Sql 2021-03-24 2021-03-24
5.0
None Remote Low Not required Partial None None
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter.
284 CVE-2021-27319 89 Sql 2021-03-24 2021-03-24
5.0
None Remote Low Not required Partial None None
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter.
285 CVE-2021-27316 89 Sql 2021-03-24 2021-03-24
5.0
None Remote Low Not required Partial None None
Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter.
286 CVE-2021-27315 89 Sql 2021-03-24 2021-03-24
5.0
None Remote Low Not required Partial None None
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment parameter.
287 CVE-2021-27314 89 Sql 2021-03-05 2021-03-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page.
288 CVE-2021-27234 89 Sql 2021-02-16 2021-02-22
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. The web application suffers from SQL injection on Adminlog.asp, Archivemsgs.asp, Deletelog.asp, Eventlog.asp, and Evmlog.asp.
289 CVE-2021-27130 89 Sql Bypass 2021-04-14 2021-04-19
7.5
None Remote Low Not required Partial Partial Partial
Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload.
290 CVE-2021-27124 89 Sql 2021-02-18 2021-02-24
4.0
None Remote Low ??? Partial None None
SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack.
291 CVE-2021-27101 89 Sql 2021-02-16 2021-02-17
7.5
None Remote Low Not required Partial Partial Partial
Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later.
292 CVE-2021-27021 89 Sql 2021-07-20 2022-01-24
6.5
None Remote Low ??? Partial Partial Partial
A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.
293 CVE-2021-26966 89 Sql +Info 2021-03-05 2021-03-10
5.5
None Remote Low ??? Partial Partial None
A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database.
294 CVE-2021-26965 89 Sql +Info 2021-03-05 2021-03-10
5.5
None Remote Low ??? Partial Partial None
A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database.
295 CVE-2021-26935 89 Sql 2021-03-18 2021-03-24
5.0
None Remote Low Not required Partial None None
In WoWonder < 3.1, remote attackers can gain access to the database by exploiting a requests.php?f=search-my-followers SQL Injection vulnerability via the event_id parameter.
296 CVE-2021-26904 89 Sql 2021-02-26 2021-03-04
7.5
None Remote Low Not required Partial Partial Partial
LMA ISIDA Retriever 5.2 allows SQL Injection.
297 CVE-2021-26830 89 Sql 2021-04-16 2021-04-19
6.4
None Remote Low Not required Partial Partial None
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.
298 CVE-2021-26822 89 Exec Code Sql +Info 2021-02-15 2021-11-30
7.5
None Remote Low Not required Partial Partial Partial
Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in 'searchteacher' POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthenticated attacker to leak sensitive information and perform code execution attacks.
299 CVE-2021-26795 89 Sql +Info 2021-11-14 2021-11-17
6.5
None Remote Low ??? Partial Partial Partial
A SQL Injection vulnerability in /appliance/shiftmgn.php in TalariaX sendQuick Alert Plus Server Admin 4.3 before 8HF11 allows attackers to obtain sensitive information via a Roster Time to Roster Management.
300 CVE-2021-26765 89 Sql 2021-07-22 2021-09-21
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the sid parameter to edit-sub.php.
Total number of vulnerabilities : 627   Page : 1 2 3 4 5 6 (This Page)7 8 9 10 11 12 13
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.