Total
16419 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-10623 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 6.5 Medium |
| Multiple vulnerabilities could allow an attacker with low privileges to perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. | ||||
| CVE-2020-10617 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 7.5 High |
| There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. | ||||
| CVE-2020-10582 | 1 Invigo | 1 Automatic Device Management | 2024-11-21 | 9.8 Critical |
| A SQL injection on the /admin/display_errors.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to execute arbitrary SQL requests (including data reading and modification) on the database. | ||||
| CVE-2020-10563 | 1 Devome | 1 Grr | 2024-11-21 | 9.8 Critical |
| An issue was discovered in DEVOME GRR before 3.4.1c. frmcontactlist.php mishandles a SQL query. | ||||
| CVE-2020-10549 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 9.8 Critical |
| rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | ||||
| CVE-2020-10548 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 9.8 Critical |
| rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | ||||
| CVE-2020-10547 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 9.8 Critical |
| rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | ||||
| CVE-2020-10546 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 9.8 Critical |
| rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | ||||
| CVE-2020-10512 | 1 Hgiga | 1 Oaklouds Ccm\@il | 2024-11-21 | 8.8 High |
| HGiga C&Cmail CCMAILQ before olln-calendar-6.0-100.i386.rpm and CCMAILN before olln-calendar-5.0-100.i386.rpm contains a SQL Injection vulnerability which allows attackers to injecting SQL commands in the URL parameter to execute unauthorized commands. | ||||
| CVE-2020-10505 | 1 The School Manage System Project | 1 The School Manage System | 2024-11-21 | 9.8 Critical |
| The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, an attacker can use a union based injection query string to get databases schema and username/password. | ||||
| CVE-2020-10381 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-11-21 | 5.3 Medium |
| An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated SQL injection in DATA24, allowing attackers to discover database and table names. | ||||
| CVE-2020-10380 | 1 R-consortium | 1 Rmysql | 2024-11-21 | 9.8 Critical |
| RMySQL through 0.10.19 allows SQL Injection. | ||||
| CVE-2020-10365 | 1 Logicaldoc | 1 Logicaldoc | 2024-11-21 | 6.5 Medium |
| LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database. This list could be filtered by modifying some of the parameters. Some of them are not properly sanitized which could allow an authenticated attacker to perform arbitrary queries to the database. | ||||
| CVE-2020-10243 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype. | ||||
| CVE-2020-10230 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 9.8 Critical |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) allows SQL Injection via the /cwp_{SESSION_HASH}/admin/loader_ajax.php term parameter. | ||||
| CVE-2020-10220 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 9.8 Critical |
| An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter. | ||||
| CVE-2020-10218 | 1 Sapplica | 1 Sentrifugo | 2024-11-21 | 6.5 Medium |
| A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function. | ||||
| CVE-2020-10190 | 1 Munkireport Project | 1 Munkireport | 2024-11-21 | 8.8 High |
| An issue was discovered in MunkiReport before 5.3.0. An authenticated user could achieve SQL Injection in app/models/tablequery.php by crafting a special payload on the /datatables/data endpoint. | ||||
| CVE-2020-10184 | 1 Yubico | 1 Yubikey One Time Password Validation Server | 2024-11-21 | 7.5 High |
| The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service; the issue does NOT affect YubiCloud. | ||||
| CVE-2020-10106 | 1 Phpgurukul | 1 Daily Expense Tracker System | 2024-11-21 | 9.8 Critical |
| PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injection, as demonstrated by the email parameter in index.php or register.php. The SQL injection allows to dump the MySQL database and to bypass the login prompt. | ||||