Total
16372 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13873 | 1 Codologic | 1 Codoforum | 2024-11-21 | 9.8 Critical |
| A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers (pre-authentication) to bypass the admin page via a leaked password-reset token of the admin. (As an admin, an attacker can upload a PHP shell and execute remote code on the operating system.) | ||||
| CVE-2020-13769 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 8.8 High |
| LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request. | ||||
| CVE-2020-13640 | 1 Gvectors | 1 Wpdiscuz | 2024-11-21 | 9.8 Critical |
| A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments request. (No 7.x versions are affected.) | ||||
| CVE-2020-13592 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 8.8 High |
| An exploitable SQL injection vulnerability exists in "global_lists/choices" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. | ||||
| CVE-2020-13591 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 8.8 High |
| An exploitable SQL injection vulnerability exists in the "access_rules/rules_form" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. | ||||
| CVE-2020-13589 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 8.8 High |
| An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The entities_id parameter in the 'entities/fields page (mulitple_edit or copy_selected or export function) is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. | ||||
| CVE-2020-13588 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 8.8 High |
| An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The heading_field_id parameter in ‘‘entities/fields’ page is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. | ||||
| CVE-2020-13587 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 8.8 High |
| An exploitable SQL injection vulnerability exists in the "forms_fields_rules/rules" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. | ||||
| CVE-2020-13568 | 2 Open-emr, Phpgacl Project | 2 Openemr, Phpgacl | 2024-11-21 | 8.8 High |
| SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin/edit_group.php, when the POST parameter action is “Submit”, the POST parameter parent_id leads to a SQL injection. | ||||
| CVE-2020-13566 | 2 Open-emr, Phpgacl Project | 2 Openemr, Phpgacl | 2024-11-21 | 8.8 High |
| SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability In admin/edit_group.php, when the POST parameter action is “Delete”, the POST parameter delete_group leads to a SQL injection. | ||||
| CVE-2020-13526 | 1 Processmaker | 1 Processmaker | 2024-11-21 | 8.8 High |
| SQL injection vulnerability exists in the handling of sort parameters in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. The reportTables_Ajax and clientSetupAjax pages are vulnerable to SQL injection in the sort parameter.An attacker can make an authenticated HTTP request to trigger these vulnerabilities. | ||||
| CVE-2020-13525 | 1 Processmaker | 1 Processmaker | 2024-11-21 | 8.8 High |
| The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-13505 | 1 Aveva | 1 Edna Enterprise Data Historian | 2024-11-21 | 9.8 Critical |
| Parameter psClass in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability. | ||||
| CVE-2020-13504 | 1 Aveva | 1 Edna Enterprise Data Historian | 2024-11-21 | 9.8 Critical |
| Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability. | ||||
| CVE-2020-13501 | 1 Aveva | 1 Edna Enterprise Data Historian | 2024-11-21 | 9.8 Critical |
| An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter InstanceName in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks. | ||||
| CVE-2020-13500 | 1 Aveva | 1 Edna Enterprise Data Historian | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter ClassName in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks. | ||||
| CVE-2020-13499 | 1 Aveva | 1 Edna Enterprise Data Historian | 2024-11-21 | 9.8 Critical |
| An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter InstancePath in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks. | ||||
| CVE-2020-13433 | 1 Adminpanel Project | 1 Adminpanel | 2024-11-21 | 9.8 Critical |
| Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php hidden parameter. | ||||
| CVE-2020-13381 | 1 Os4ed | 1 Opensis | 2024-11-21 | 9.8 Critical |
| openSIS through 7.4 allows SQL Injection. | ||||
| CVE-2020-13380 | 1 Os4ed | 1 Opensis | 2024-11-21 | 9.8 Critical |
| openSIS before 7.4 allows SQL Injection. | ||||