Total
16419 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-44349 | 1 Yejiao | 1 Tuzicms | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameter in App\Manage\Controller\DownloadController.class.php. | ||||
| CVE-2021-44348 | 1 Yejiao | 1 Tuzicms | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameer in App\Manage\Controller\AdvertController.class.php. | ||||
| CVE-2021-44347 | 1 Yejiao | 1 Tuzicms | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Controller\GuestbookController.class.php. | ||||
| CVE-2021-44345 | 1 Wvti | 1 One Card Integrated Management System | 2024-11-21 | 7.5 High |
| Beijing Wisdom Vision Technology Industry Co., Ltd One Card Integrated Management System 3.0 is vulnerable to SQL Injection. | ||||
| CVE-2021-44302 | 1 Baicloud-cms Project | 1 Baicloud-cms | 2024-11-21 | 8.8 High |
| BaiCloud-cms v2.5.7 was discovered to contain multiple SQL injection vulnerabilities via the tongji and baidu_map parameters in /user/ztconfig.php. | ||||
| CVE-2021-44280 | 1 Attendance Management System Project | 1 Attendance Management System | 2024-11-21 | 9.8 Critical |
| attendance management system 1.0 is affected by a SQL injection vulnerability in admin/incFunctions.php through the makeSafe function. | ||||
| CVE-2021-44249 | 1 Online Motorcycle \(bike\) Rental System Project | 1 Online Motorcycle \(bike\) Rental System | 2024-11-21 | 9.8 Critical |
| Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Time-Based SQL Injection attack within the login portal. This can lead attackers to remotely dump MySQL database credentials. | ||||
| CVE-2021-44245 | 1 Covid 19 Testing Management System Project | 1 Covid 19 Testing Management System | 2024-11-21 | 9.8 Critical |
| An SQL Injection vulnerability exists in Courcecodester COVID 19 Testing Management System (CTMS) 1.0 via the (1) username and (2) contactno parameters. | ||||
| CVE-2021-44244 | 1 Sourcecodester Logistic Hub Parcel\'s Management System Project | 1 Sourcecodester Logistic Hub Parcel\'s Management System | 2024-11-21 | 9.8 Critical |
| An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Parcel's Management System 1.0 via the username parameter in login.php. | ||||
| CVE-2021-44161 | 1 Changingtec | 1 Motp | 2024-11-21 | 8.8 High |
| Changing MOTP (Mobile One Time Password) system’s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication. | ||||
| CVE-2021-44135 | 1 Pagekit | 1 Pagekit | 2024-11-21 | 9.8 Critical |
| pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing. | ||||
| CVE-2021-44098 | 1 Egavilanmedia | 1 Expense Management System | 2024-11-21 | 9.8 Critical |
| EGavilan Media Expense-Management-System 1.0 is vulnerable to SQL Injection via /expense_action.php. This allows a remote attacker to compromise Application SQL database. | ||||
| CVE-2021-44097 | 1 Contact-form-with-messages-entry-management Project | 1 Contact-form-with-messages-entry-management | 2024-11-21 | 9.8 Critical |
| EGavilan Media Contact-Form-With-Messages-Entry-Management 1.0 is vulnerable to SQL Injection via Addmessage.php. This allows a remote attacker to compromise Application SQL database. | ||||
| CVE-2021-44096 | 1 Egavilanmedia | 1 User Registration And Login System With Admin Panel | 2024-11-21 | 9.8 Critical |
| EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 is vulnerable to SQL Injection via profile_action - update_user. This allows a remote attacker to compromise Application SQL database. | ||||
| CVE-2021-44095 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability exists in ProjectWorlds Hospital Management System in php 1.0 on login page that allows a remote attacker to compromise Application SQL database. | ||||
| CVE-2021-44090 | 1 Sourcecodester Online Reviewer System Project | 1 Sourcecodester Online Reviewer System | 2024-11-21 | 9.8 Critical |
| An SQL Injection vulnerability exists in Sourcecodester Online Reviewer System 1.0 via the password parameter. | ||||
| CVE-2021-44088 | 1 Attendance And Payroll System Project | 1 Attendance And Payroll System | 2024-11-21 | 9.8 Critical |
| An SQL Injection vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows a remote attacker to bypass authentication via unsanitized login parameters. | ||||
| CVE-2021-44050 | 2 Broadcom, Microsoft | 4 Ca Network Flow Analysis, Windows Server 2012, Windows Server 2016 and 1 more | 2024-11-21 | 6.5 Medium |
| CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated user to access sensitive data. | ||||
| CVE-2021-43971 | 1 Sysaid | 1 Sysaid | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to execute arbitrary SQL commands via the filterText parameter. | ||||
| CVE-2021-43969 | 1 Quicklert | 1 Quicklert | 2024-11-21 | 6.5 Medium |
| The login.jsp page of Quicklert for Digium 10.0.0 (1043) is affected by both Blind SQL Injection with Out-of-Band Interaction (DNS) and Blind Time-Based SQL Injections. Exploitation can be used to disclose all data within the database (up to and including the administrative accounts' login IDs and passwords) via the login.jsp uname parameter. | ||||