Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 18268 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18268 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-26051 | 1 College Management System Project | 1 College Management System | 2024-11-21 | 9.8 Critical |
| College Management System Php 1.0 suffers from SQL injection vulnerabilities in the index.php page from POST parameters 'unametxt' and 'pwdtxt', which are not filtered before passing a SQL query. | ||||
| CVE-2020-26045 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 9.8 Critical |
| FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. | ||||
| CVE-2020-26042 | 1 Hoosk | 1 Hoosk | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php | ||||
| CVE-2020-25990 | 1 Websitebaker | 1 Websitebaker | 2024-11-21 | 9.8 Critical |
| WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. | ||||
| CVE-2020-25905 | 1 Mobile Shop System Project | 1 Mobile Shop System | 2024-11-21 | 9.8 Critical |
| An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop System in PHP MySQL 1.0 via the email parameter in (1) login.php or (2) LoginAsAdmin.php. | ||||
| CVE-2020-25889 | 1 Online Bus Booking System Project | 1 Online Bus Booking System | 2024-11-21 | 9.8 Critical |
| Online Bus Booking System Project Using PHP/MySQL version 1.0 has SQL injection via the login page. By placing SQL injection payload on the login page attackers can bypass the authentication and can gain the admin privilege. | ||||
| CVE-2020-25839 | 1 Microfocus | 1 Identity Manager | 2024-11-21 | 9.8 Critical |
| NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. This vulnerability is fixed in NetIQ IdM 4.8 SP2 HF1. | ||||
| CVE-2020-25762 | 1 Seat Reservation System Project | 1 Seat Reservation System | 2024-11-21 | 9.1 Critical |
| An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract sensitive information etc. | ||||
| CVE-2020-25751 | 1 Corephp | 1 Pago Commerce | 2024-11-21 | 8.8 High |
| The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via the administrator/index.php?option=com_pago&view=comments filter_published parameter. | ||||
| CVE-2020-25727 | 1 Flexsolution | 1 Reset Password | 2024-11-21 | 7.5 High |
| The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS-SQL Injection, which allows a malicious user to inject a query within the email input field. | ||||
| CVE-2020-25700 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 6.5 Medium |
| In moodle, some database module web services allowed students to add entries within groups they did not belong to. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.8.6, 3.7.9, 3.5.15, and 3.10. | ||||
| CVE-2020-25695 | 3 Debian, Postgresql, Redhat | 6 Debian Linux, Postgresql, Enterprise Linux and 3 more | 2024-11-21 | 8.8 High |
| A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2020-25608 | 1 Mitel | 1 Micollab | 2024-11-21 | 7.2 High |
| The SAS portal of Mitel MiCollab before 9.2 could allow an attacker to access user credentials due to improper input validation, aka SQL Injection. | ||||
| CVE-2020-25514 | 1 Simple Library Management System Project | 1 Simple Library Management System | 2024-11-21 | 8.4 High |
| Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http://<site>/lms/admin.php. | ||||
| CVE-2020-25487 | 1 Phpgurukul | 1 Zoo Management System | 2024-11-21 | 7.8 High |
| PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php. | ||||
| CVE-2020-25475 | 1 Newsscriptphp | 1 News Script Php Pro | 2024-11-21 | 9.8 Critical |
| SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action. | ||||
| CVE-2020-25409 | 1 College Management System Project | 1 College Management System | 2024-11-21 | 9.8 Critical |
| Projectsworlds College Management System Php 1.0 is vulnerable to SQL injection issues over multiple parameters. | ||||
| CVE-2020-25379 | 1 Recall-products Project | 1 Recall-products | 2024-11-21 | 8.8 High |
| Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the 'Manufacturer[]' parameter which allows an authenticated attacker to inject a malicious SQL query. | ||||
| CVE-2020-25362 | 1 Online Shopping Alphaware Project | 1 Online Shopping Alphaware | 2024-11-21 | 7.5 High |
| The id paramater in Online Shopping Alphaware 1.0 has been discovered to be vulnerable to an Error-Based blind SQL injection in the /alphaware/details.php path. This allows an attacker to retrieve all databases. | ||||
| CVE-2020-25273 | 1 Online Bus Booking System Project | 1 Online Bus Booking System | 2024-11-21 | 9.8 Critical |
| In SourceCodester Online Bus Booking System 1.0, there is Authentication bypass on the Admin Login screen in admin.php via username or password SQL injection. | ||||