Total
17769 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44348 | 1 Yejiao | 1 Tuzicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameer in App\Manage\Controller\AdvertController.class.php. | |||||
| CVE-2021-44347 | 1 Yejiao | 1 Tuzicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Controller\GuestbookController.class.php. | |||||
| CVE-2021-44345 | 1 Wvti | 1 One Card Integrated Management System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Beijing Wisdom Vision Technology Industry Co., Ltd One Card Integrated Management System 3.0 is vulnerable to SQL Injection. | |||||
| CVE-2021-44302 | 1 Baicloud-cms Project | 1 Baicloud-cms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| BaiCloud-cms v2.5.7 was discovered to contain multiple SQL injection vulnerabilities via the tongji and baidu_map parameters in /user/ztconfig.php. | |||||
| CVE-2021-44280 | 1 Attendance Management System Project | 1 Attendance Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| attendance management system 1.0 is affected by a SQL injection vulnerability in admin/incFunctions.php through the makeSafe function. | |||||
| CVE-2021-44249 | 1 Online Motorcycle \(bike\) Rental System Project | 1 Online Motorcycle \(bike\) Rental System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Time-Based SQL Injection attack within the login portal. This can lead attackers to remotely dump MySQL database credentials. | |||||
| CVE-2021-44245 | 1 Covid 19 Testing Management System Project | 1 Covid 19 Testing Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Courcecodester COVID 19 Testing Management System (CTMS) 1.0 via the (1) username and (2) contactno parameters. | |||||
| CVE-2021-44244 | 1 Sourcecodester Logistic Hub Parcel\'s Management System Project | 1 Sourcecodester Logistic Hub Parcel\'s Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Parcel's Management System 1.0 via the username parameter in login.php. | |||||
| CVE-2021-44161 | 1 Changingtec | 1 Motp | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| Changing MOTP (Mobile One Time Password) system’s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication. | |||||
| CVE-2021-44135 | 1 Pagekit | 1 Pagekit | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing. | |||||
| CVE-2021-44098 | 1 Egavilanmedia | 1 Expense Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| EGavilan Media Expense-Management-System 1.0 is vulnerable to SQL Injection via /expense_action.php. This allows a remote attacker to compromise Application SQL database. | |||||
| CVE-2021-44097 | 1 Contact-form-with-messages-entry-management Project | 1 Contact-form-with-messages-entry-management | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| EGavilan Media Contact-Form-With-Messages-Entry-Management 1.0 is vulnerable to SQL Injection via Addmessage.php. This allows a remote attacker to compromise Application SQL database. | |||||
| CVE-2021-44096 | 1 Egavilanmedia | 1 User Registration And Login System With Admin Panel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 is vulnerable to SQL Injection via profile_action - update_user. This allows a remote attacker to compromise Application SQL database. | |||||
| CVE-2021-44095 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in ProjectWorlds Hospital Management System in php 1.0 on login page that allows a remote attacker to compromise Application SQL database. | |||||
| CVE-2021-44090 | 1 Sourcecodester Online Reviewer System Project | 1 Sourcecodester Online Reviewer System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Online Reviewer System 1.0 via the password parameter. | |||||
| CVE-2021-44088 | 1 Attendance And Payroll System Project | 1 Attendance And Payroll System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows a remote attacker to bypass authentication via unsanitized login parameters. | |||||
| CVE-2021-44050 | 2 Broadcom, Microsoft | 4 Ca Network Flow Analysis, Windows Server 2012, Windows Server 2016 and 1 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated user to access sensitive data. | |||||
| CVE-2021-43971 | 1 Sysaid | 1 Sysaid | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to execute arbitrary SQL commands via the filterText parameter. | |||||
| CVE-2021-43969 | 1 Quicklert | 1 Quicklert | 2024-11-21 | 7.8 HIGH | 6.5 MEDIUM |
| The login.jsp page of Quicklert for Digium 10.0.0 (1043) is affected by both Blind SQL Injection with Out-of-Band Interaction (DNS) and Blind Time-Based SQL Injections. Exploitation can be used to disclose all data within the database (up to and including the administrative accounts' login IDs and passwords) via the login.jsp uname parameter. | |||||
| CVE-2021-43863 | 1 Nextcloud | 1 Nextcloud | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcloud Android app uses content providers to manage its data. Prior to version 3.18.1, the providers `FileContentProvider` and `DiskLruImageCacheFileProvider` have security issues (an SQL injection, and an insufficient permission control, respectively) that allow malicious apps in the same device to access Nextcloud's data bypassing the permission control system. Users should upgrade to version 3.18.1 to receive a patch. There are no known workarounds aside from upgrading. | |||||