Total
16405 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-6114 | 1 Icehrm | 1 Icehrm | 2024-11-21 | 7.2 High |
| An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6010 | 1 Thimpress | 1 Learnpress | 2024-11-21 | 8.8 High |
| LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection | ||||
| CVE-2020-6009 | 1 Learndash | 1 Learndash | 2024-11-21 | 9.8 Critical |
| LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL Injection. | ||||
| CVE-2020-5920 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2024-11-21 | 4.3 Medium |
| In versions 15.0.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a vulnerability in the BIG-IP AFM Configuration utility may allow any authenticated BIG-IP user to perform a read-only blind SQL injection attack. | ||||
| CVE-2020-5841 | 1 Opservices | 1 Opmon | 2024-11-21 | 9.8 Critical |
| An issue was discovered in OpServices OpMon 9.3.1-1. Using password change parameters, an attacker could perform SQL injection without authentication. | ||||
| CVE-2020-5768 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-11-21 | 4.9 Medium |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote, authenticated attacker to determine the value of database fields. | ||||
| CVE-2020-5766 | 1 Srs Simple Hits Counter Project | 1 Srs Simple Hits Counter | 2024-11-21 | 7.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4 allows a remote, unauthenticated attacker to determine the value of database fields. | ||||
| CVE-2020-5726 | 1 Grandstream | 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more | 2024-11-21 | 7.5 High |
| The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords. | ||||
| CVE-2020-5725 | 1 Grandstream | 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more | 2024-11-21 | 5.9 Medium |
| The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the login action with a crafted username and, through the use of timing attacks, can discover user passwords. | ||||
| CVE-2020-5724 | 1 Grandstream | 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more | 2024-11-21 | 7.5 High |
| The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords. | ||||
| CVE-2020-5659 | 1 Riken | 1 Xoonips | 2024-11-21 | 8.8 High |
| SQL injection vulnerability in the XooNIps 3.49 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2020-5651 | 1 Tipsandtricks-hq | 1 Simple Download Monitor | 2024-11-21 | 8.8 High |
| SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL. | ||||
| CVE-2020-5624 | 1 Riken | 1 Xoonips | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in the XooNIps 3.48 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2020-5579 | 1 Strangerstudios | 1 Paid Memberships Pro | 2024-11-21 | 7.2 High |
| SQL injection vulnerability in the Paid Memberships versions prior to 2.3.3 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2020-5515 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 7.2 High |
| Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection. | ||||
| CVE-2020-5511 | 1 Small Crm Project | 1 Small Crm | 2024-11-21 | 8.8 High |
| PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when logging into the administrator login page. | ||||
| CVE-2020-5510 | 1 Phpgurukul | 1 Hostel Management System | 2024-11-21 | 9.8 Critical |
| PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file. | ||||
| CVE-2020-5428 | 1 Vmware | 1 Spring Cloud Task | 2024-11-21 | 6.0 Medium |
| In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer. | ||||
| CVE-2020-5427 | 1 Vmware | 1 Spring Cloud Data Flow | 2024-11-21 | 7.2 High |
| In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution. | ||||
| CVE-2020-5320 | 1 Dell | 2 Emc Openmanage Enterprise, Emc Openmanage Enterprise-modular | 2024-11-21 | 9 Critical |
| Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain a SQL injection vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions. | ||||