CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2021(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2021-26764 89 Sql 2021-07-22 2021-09-21
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in PHPGurukul Student Record System v 4.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit-std.php.
302 CVE-2021-26762 89 Sql 2021-07-22 2021-09-21
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php.
303 CVE-2021-26754 89 Sql 2021-02-08 2021-02-09
10.0
None Remote Low Not required Complete Complete Complete
wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=get_wdtable order[0][dir] SQL injection.
304 CVE-2021-26751 89 Sql 2021-02-12 2021-02-14
4.0
None Remote Low ??? Partial None None
NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access to the NeDi application.
305 CVE-2021-26739 89 Exec Code Sql 2021-11-01 2021-11-02
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection vulnerability in pay.php in millken doyocms 2.3, allows attackers to execute arbitrary code, via the attribute parameter.
306 CVE-2021-26686 89 Sql +Info 2021-02-23 2021-02-26
5.5
None Remote Low ??? Partial Partial None
A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database.
307 CVE-2021-26685 78 Sql +Info 2021-02-23 2021-02-27
5.5
None Remote Low ??? Partial Partial None
A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database.
308 CVE-2021-26609 89 Sql 2021-10-26 2021-10-28
5.0
None Remote Low Not required Partial None None
A vulnerability was found in Mangboard(WordPress plugin). A SQL-Injection vulnerability was found in order_type parameter. The order_type parameter makes a SQL query using unfiltered data. This vulnerability allows a remote attacker to steal user information.
309 CVE-2021-26578 89 Sql 2021-03-22 2021-03-25
5.0
None Remote Low Not required Partial None None
A potential security vulnerability has been identified in HPE Network Orchestrator (NetO) version(s): Prior to 2.5. The vulnerability could be remotely exploited with SQL injection.
310 CVE-2021-26232 89 Exec Code Sql 2021-07-22 2021-07-30
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SourceCodester Simple College Website v 1.0 allows remote attackers to execute arbitrary SQL statements via the id parameter to news.php.
311 CVE-2021-26231 89 Exec Code Sql 2021-07-22 2021-07-30
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SourceCodester Fantastic Blog CMS v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to category.php.
312 CVE-2021-26229 89 Exec Code Sql 2021-07-22 2021-07-30
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_stud.php.
313 CVE-2021-26228 89 Exec Code Sql 2021-07-22 2021-07-30
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_class1.php.
314 CVE-2021-26226 89 Exec Code Sql 2021-07-22 2021-07-30
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_user.php.
315 CVE-2021-26223 89 Exec Code Sql 2021-07-22 2021-07-30
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to view_pay.php.
316 CVE-2021-26201 89 Sql Bypass 2021-02-15 2021-02-22
7.5
None Remote Low Not required Partial Partial Partial
The Login Panel of CASAP Automated Enrollment System 1.0 is vulnerable to SQL injection authentication bypass. An attacker can obtain access to the admin panel by injecting a SQL query in the username field of the login page.
317 CVE-2021-26200 89 Sql Bypass 2021-02-15 2021-02-22
7.5
None Remote Low Not required Partial Partial Partial
The user area for Library System 1.0 is vulnerable to SQL injection where a user can bypass the authentication and login as the admin user.
318 CVE-2021-25899 89 Sql 2021-04-23 2021-08-13
5.0
None Remote Low Not required Partial None None
An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind time-based SQL Injection. The vulnerable parameter is param1.
319 CVE-2021-25874 89 Sql 2021-11-01 2021-11-08
5.0
None Remote Low Not required Partial None None
AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases information such as application passwords hashes.
320 CVE-2021-25784 89 Sql 2021-12-02 2021-12-04
6.5
None Remote Low ??? Partial Partial Partial
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article.
321 CVE-2021-25783 89 Sql 2021-12-02 2021-12-04
6.5
None Remote Low ??? Partial Partial Partial
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search.
322 CVE-2021-25779 89 Sql 2021-02-17 2021-02-23
7.5
None Remote Low Not required Partial Partial Partial
Baby Care System v1.0 is vulnerable to SQL injection via the 'id' parameter on the contentsectionpage.php page.
323 CVE-2021-25482 89 Sql 2021-10-06 2021-10-13
3.6
None Local Low Not required None Partial Partial
SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1 allow untrusted application to overwrite some CMFA framework information.
324 CVE-2021-25427 89 Sql 2021-07-08 2021-07-14
3.3
None Local Network Low Not required Partial None None
SQL injection vulnerability in Bluetooth prior to SMR July-2021 Release 1 allows unauthorized access to paired device information
325 CVE-2021-25213 89 Exec Code Sql 2021-07-22 2021-07-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SourceCodester Travel Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the catid parameter to subcat.php.
326 CVE-2021-25212 89 Exec Code Sql 2021-07-22 2021-07-30
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SourceCodester Alumni Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to manage_event.php.
327 CVE-2021-25209 89 Exec Code Sql 2021-07-22 2021-07-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SourceCodester Theme Park Ticketing System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to view_user.php .
328 CVE-2021-25205 89 Exec Code Sql 2021-07-22 2021-07-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SourceCodester E-Commerce Website V 1.0 allows remote attackers to execute arbitrary SQL statements, via the update parameter to empViewUpdate.php .
329 CVE-2021-25202 89 Exec Code Sql 2021-07-22 2021-07-30
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SourceCodester Sales and Inventory System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to \ahira\admin\inventory.php.
330 CVE-2021-25201 89 Sql +Info 2021-07-23 2021-07-29
5.0
None Remote Low Not required Partial None None
SQL injection vulnerability in Learning Management System v 1.0 allows remote attackers to execute arbitrary SQL statements through the id parameter to obtain sensitive database information.
331 CVE-2021-25153 Sql 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
332 CVE-2021-24951 89 Sql 2021-12-13 2021-12-16
7.5
None Remote Low Not required Partial Partial Partial
The LearnPress WordPress plugin before 4.1.4 does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Injections issues
333 CVE-2021-24946 89 Sql 2021-12-13 2021-12-16
7.5
None Remote Low Not required Partial Partial Partial
The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue
334 CVE-2021-24943 89 Sql 2021-12-06 2021-12-07
7.5
None Remote Low Not required Partial Partial Partial
The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the event_id in the rtec_send_unregister_link AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL injection.
335 CVE-2021-24931 89 Sql 2021-12-06 2021-12-07
7.5
None Remote Low Not required Partial Partial Partial
The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an SQL injection.
336 CVE-2021-24915 89 Sql 2021-11-29 2021-12-15
7.5
None Remote Low Not required Partial Partial Partial
The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections attacks, as well as get the list of all users registered on the blog, including their username and email address
337 CVE-2021-24889 89 Sql 2021-11-29 2021-11-29
6.5
None Remote Low ??? Partial Partial Partial
The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks
338 CVE-2021-24877 89 Sql 2021-11-23 2021-11-26
6.0
None Remote Medium ??? Partial Partial Partial
The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed
339 CVE-2021-24866 89 Sql 2021-12-06 2021-12-07
7.5
None Remote Low Not required Partial Partial Partial
The WP Data Access WordPress plugin before 5.0.0 does not properly sanitise and escape the backup_date parameter before using it a SQL statement, leading to a SQL injection issue and could allow arbitrary table deletion
340 CVE-2021-24863 89 Sql 2021-12-13 2021-12-16
7.5
None Remote Low Not required Partial Partial Partial
The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots WordPress plugin before 6.67 does not sanitise and escape the User Agent before using it in a SQL statement to save it, leading to a SQL injection
341 CVE-2021-24861 89 Sql 2021-12-13 2021-12-16
6.5
None Remote Low ??? Partial Partial Partial
The Quotes Collection WordPress plugin through 2.5.2 does not validate and escape the bulkcheck parameter before using it in a SQL statement, leading to a SQL injection
342 CVE-2021-24860 89 Sql 2021-11-29 2021-11-29
6.5
None Remote Low ??? Partial Partial Partial
The BSK PDF Manager WordPress plugin before 3.1.2 does not validate and escape the orderby and order parameters before using them in a SQL statement, leading to a SQL injection issue
343 CVE-2021-24849 89 Sql 2021-12-21 2021-12-27
7.5
None Remote Low Not required Partial Partial Partial
The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections
344 CVE-2021-24848 89 Sql 2021-12-13 2022-01-10
6.5
None Remote Low ??? Partial Partial Partial
The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPress plugin before 2.8.1, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL statement, leading to an SQL injection
345 CVE-2021-24847 89 Sql 2021-11-17 2021-11-18
6.5
None Remote Low ??? Partial Partial Partial
The importFromRedirection AJAX action of the SEO Redirection Plugin – 301 Redirect Manager WordPress plugin before 8.2, available to any authenticated user, does not properly sanitise the offset parameter before using it in a SQL statement, leading an SQL injection when the redirection plugin is also installed
346 CVE-2021-24846 89 Sql 2021-12-21 2021-12-27
6.5
None Remote Low ??? Partial Partial Partial
The get_query() function of the Ni WooCommerce Custom Order Status WordPress plugin before 1.9.7, used by the niwoocos_ajax AJAX action, available to all authenticated users, does not properly sanitise the sort parameter before using it in a SQL statement, leading to an SQL injection, exploitable by any authenticated users, such as subscriber
347 CVE-2021-24844 89 Sql 2021-11-08 2021-11-13
6.5
None Remote Low ??? Partial Partial Partial
The Affiliates Manager WordPress plugin before 2.8.7 does not validate the orderby parameter before using it in an SQL statement in the admin dashboard, leading to an SQL Injection issue
348 CVE-2021-24835 89 Sql 2021-11-08 2021-11-13
6.5
None Remote Low ??? Partial Partial Partial
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible WordPress plugin before 6.5.12, when used in combination with another WCFM - WooCommerce Multivendor plugin such as WCFM - WooCommerce Multivendor Marketplace, does not escape the withdrawal_vendor parameter before using it in a SQL statement, allowing low privilege users such as Subscribers to perform SQL injection attacks
349 CVE-2021-24829 89 Sql 2021-11-08 2021-11-10
6.5
None Remote Low ??? Partial Partial Partial
The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 does not validate and escape user input passed to the today_traffic_index AJAX action (available to any authenticated users) before using it in a SQL statement, leading to an SQL injection issue
350 CVE-2021-24827 89 Sql 2021-11-08 2021-11-10
7.5
None Remote Low Not required Partial Partial Partial
The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection issue
Total number of vulnerabilities : 627   Page : 1 2 3 4 5 6 7 (This Page)8 9 10 11 12 13
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.