Total
16419 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40814 | 1 Mypresta | 1 Customer Photo Gallery | 2024-11-21 | 9.8 Critical |
| The Customer Photo Gallery addon before 2.9.4 for PrestaShop is vulnerable to SQL injection. | ||||
| CVE-2021-40674 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 9.8 Critical |
| An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyValue parameter in coreframe/app/order/admin/index.php. | ||||
| CVE-2021-40670 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file. | ||||
| CVE-2021-40669 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file. | ||||
| CVE-2021-40645 | 1 Jfinaloa Project | 1 Jfinaloa | 2024-11-21 | 6.5 Medium |
| An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController. | ||||
| CVE-2021-40644 | 1 Oasys Project | 1 Oasys | 2024-11-21 | 6.5 Medium |
| An SQL Injection vulnerability exists in oasys oa_system as of 9/7/2021 in resources/mappers/notice-mapper.xml. | ||||
| CVE-2021-40636 | 1 Os4ed | 1 Opensis | 2024-11-21 | 7.5 High |
| OS4ED openSIS 8.0 is affected by SQL Injection in CheckDuplicateName.php, which can extract information from the database. | ||||
| CVE-2021-40635 | 1 Os4ed | 1 Opensis | 2024-11-21 | 7.5 High |
| OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch.php, ChooseRequestSearch.php. An attacker can inject a SQL query to extract information from the database. | ||||
| CVE-2021-40618 | 1 Os4ed | 1 Opensis | 2024-11-21 | 9.8 Critical |
| An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1) ADDR_CONT_USRN, 2) ADDR_CONT_PSWD, 3) SECN_CONT_USRN or 4) SECN_CONT_PSWD parameters in HoldAddressFields.php. | ||||
| CVE-2021-40595 | 1 Online Leave Management System Project | 1 Online Leave Management System | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in Sourcecodester Online Leave Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /leave_system/classes/Login.php. | ||||
| CVE-2021-40578 | 1 Online Enrollment Management System Project | 1 Online Enrollment Management System | 2024-11-21 | 7.2 High |
| Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, that allows attackers to obtain sensitive information and execute arbitrary SQL commands via IDNO parameter. | ||||
| CVE-2021-40543 | 1 Os4ed | 1 Opensis | 2024-11-21 | 9.8 Critical |
| Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters $_GET['usrid'] and $_GET['prof_id'] in the PasswordCheck.php file. | ||||
| CVE-2021-40493 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API. | ||||
| CVE-2021-40353 | 1 Os4ed | 1 Opensis | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the index.php USERNAME parameter. NOTE: this issue may exist because of an incomplete fix for CVE-2020-6637. | ||||
| CVE-2021-40317 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 8.8 High |
| Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter. | ||||
| CVE-2021-40313 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 8.8 High |
| Piwigo v11.5 was discovered to contain a SQL injection vulnerability via the parameter pwg_token in /admin/batch_manager_global.php. | ||||
| CVE-2021-40309 | 1 Os4ed | 1 Opensis | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability exists in the Take Attendance functionality of OS4Ed's OpenSIS 8.0. allows an attacker to inject their own SQL query. The cp_id_miss_attn parameter from TakeAttendance.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request as a user with access to "Take Attendance" functionality to trigger this vulnerability. | ||||
| CVE-2021-40282 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 8.8 High |
| An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php. when registering ordinary users. | ||||
| CVE-2021-40281 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 8.8 High |
| An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary users. | ||||
| CVE-2021-40280 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.2 High |
| An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/dl_sendmail.php. | ||||