CVE-2020-35666 (v3: 8.8) 23 Dec 2020

Steedos Platform through 1.21.24 allows NoSQL injection because the /api/collection/findone implementation in server/packages/steedos_base.js mishandl... Read more ➔

CVE-2020-13968 (v3: 9.8) 23 Dec 2020

CRK Business Platform <= 2019.1 allows can inject SQL statements against the DB on any path using the 'strSessao' parameter. Read more ➔

CVE-2020-28070 (v3: 9.8) 23 Dec 2020

SourceCodester Alumni Management System 1.0 is affected by SQL injection causing arbitrary remote code execution from GET input in view_event.php via... Read more ➔

CVE-2020-28073 (v3: 9.8) 23 Dec 2020

SourceCodester Library Management System 1.0 is affected by SQL Injection allowing an attacker to bypass the user authentication and impersonate any u... Read more ➔

CVE-2020-28074 (v3: 9.8) 23 Dec 2020

SourceCodester Online Health Care System 1.0 is affected by SQL Injection which allows a potential attacker to bypass the authentication system and be... Read more ➔

CVE-2020-25608 (v3: 7.2) 18 Dec 2020

The SAS portal of Mitel MiCollab before 9.2 could allow an attacker to access user credentials due to improper input validation, aka SQL Injection. Read more ➔

CVE-2019-19286 14 Dec 2020

A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow SQL injection attacks if an attacker is able to modi... Read more ➔

CVE-2020-35378 (v3: 9.8) 14 Dec 2020

SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute arbitrary SQL commands and bypass authentication via... Read more ➔

CVE-2020-35382 (v3: 7.2) 14 Dec 2020

SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user. Read more ➔

CVE-2020-24400 9 Nov 2020

Magento versions 2.4.0 and 2.3.5 (and earlier) are affected by an SQL Injection vulnerability that could lead to sensitive information disclosure. Thi... Read more ➔

CVE-2020-23945 (v3: 7.5) 27 Oct 2020

A SQL injection vulnerability exists in Victor CMS V1.0 in the cat_id parameter of the category.php file. This parameter can be used by sqlmap to obta... Read more ➔

CVE-2019-4680 (v3: 8.8) 20 Oct 2020

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.2.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQ... Read more ➔

CVE-2020-15792 15 Oct 2020

A vulnerability has been identified in Desigo Insight (All versions). The web service does not properly apply input validation for some query paramete... Read more ➔

CVE-2020-15226 7 Oct 2020

In GLPI before version 9.5.2, there is a SQL Injection in the API's search function. Not only is it possible to break the SQL syntax, but it is also p... Read more ➔

CVE-2020-15176 7 Oct 2020

In GLPI before version 9.5.2, when supplying a back tick in input that gets put into a SQL query,the application does not escape or sanitize allowing... Read more ➔

CVE-2020-15160 24 Sep 2020

PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerable to a blind SQL Injection attack in the Catalog Product edition page with loca... Read more ➔

CVE-2020-17463 (v3: 9.8) 13 Aug 2020

FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items. Read more ➔

CVE-2020-15616 28 Jul 2020