Total
16419 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-11942 | 1 Opmantek | 1 Open-audit | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL Injections. | ||||
| CVE-2020-11886 | 1 Opennms | 2 Horizon, Meridian | 2024-11-21 | 8.1 High |
| OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList.htm (aka the NodeListController) via snmpParm or snmpParmValue to addCriteriaForSnmpParm. This affects Horizon before 25.2.1, Meridian 2019 before 2019.1.4, Meridian 2018 before 2018.1.16, and Meridian 2017 before 2017.1.21. | ||||
| CVE-2020-11820 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 9.8 Critical |
| Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the entities_id parameter. | ||||
| CVE-2020-11816 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 9.8 Critical |
| Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the reports_id (POST) parameter. | ||||
| CVE-2020-11812 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 9.8 Critical |
| Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the filters[0][value] or filters[1][value] parameter. | ||||
| CVE-2020-11717 | 1 Bilanc | 1 Bilanc | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Programi 014 31.01.2020. It has multiple SQL injection vulnerabilities. | ||||
| CVE-2020-11597 | 1 Cipplanner | 1 Cipace | 2024-11-21 | 9.8 Critical |
| An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request and inject SQL statements in the user context of the db owner. | ||||
| CVE-2020-11545 | 1 Projectworlds | 1 Official Car Rental System | 2024-11-21 | 9.8 Critical |
| Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and parameters (account.php), uname and pass parameters (login.php), and id parameter (book_car.php) This allows an attacker to dump the MySQL database and to bypass the login authentication prompt. | ||||
| CVE-2020-11537 | 1 Onlyoffice | 1 Document Server | 2024-11-21 | 9.8 Critical |
| A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Websocket API. | ||||
| CVE-2020-11530 | 1 Idangero | 1 Chop Slider | 2024-11-21 | 9.8 Critical |
| A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user. | ||||
| CVE-2020-11437 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | 4.3 Medium |
| LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database. | ||||
| CVE-2020-11032 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 7.6 High |
| In GLPI before version 9.4.6, there is a SQL injection vulnerability for all helpdesk instances. Exploiting this vulnerability requires a technician account. This is fixed in version 9.4.6. | ||||
| CVE-2020-11010 | 1 Tortoise Orm Project | 1 Tortoise Orm | 2024-11-21 | 6.3 Medium |
| In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL are only affected when filtering with contains, starts_with, or ends_with filters (and their case-insensitive counterparts). | ||||
| CVE-2020-11004 | 1 Admidio | 1 Admidio | 2024-11-21 | 7.7 High |
| SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging in, can send a GET request with arbitrary SQL queries appended to the cookie parameter and execute SQL queries. The vulnerability impacts the confidentiality of the system. This has been patched in version 3.3.13. | ||||
| CVE-2020-10983 | 1 Gambio | 1 Gambio Gx | 2024-11-21 | 4.9 Medium |
| Gambio GX before 4.0.1.0 allows SQL Injection in admin/mobile.php. | ||||
| CVE-2020-10982 | 1 Gambio | 1 Gambio Gx | 2024-11-21 | 4.9 Medium |
| Gambio GX before 4.0.1.0 allows SQL Injection in admin/gv_mail.php. | ||||
| CVE-2020-10817 | 1 Custom Searchable Data Entry System Project | 1 Custom Searchable Data Entry System | 2024-11-21 | 8.8 High |
| The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued. | ||||
| CVE-2020-10804 | 4 Fedoraproject, Opensuse, Phpmyadmin and 1 more | 6 Fedora, Backports Sle, Leap and 3 more | 2024-11-21 | 8.0 High |
| In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges). | ||||
| CVE-2020-10803 | 5 Debian, Fedoraproject, Opensuse and 2 more | 7 Debian Linux, Fedora, Backports Sle and 4 more | 2024-11-21 | 5.4 Medium |
| In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack. | ||||
| CVE-2020-10802 | 5 Debian, Fedoraproject, Opensuse and 2 more | 7 Debian Linux, Fedora, Backports Sle and 4 more | 2024-11-21 | 8.0 High |
| In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table. | ||||