CVE-2021-41920

webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based unsighted SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. This allows an attacker to admittance all the data in the database and obtain entree to the webTareas application. (CVSS:0.0) (Last Update:2021-10-08)

2021-10-07T20:00:00-04:00October 7th, 2021|Sql injection|

CVE-2020-21725

OpenSNS v6.1.0 contains a unsighted SQL injection vulnerability in /Controller/ChinaCityController.class.php via the pid parameter. (CVSS:0.0) (Terminal Update:2021-10-07)

2021-10-06T20:00:00-04:00October 6th, 2021|Sql injection|

CVE-2020-21726

OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the cid parameter. (CVSS:0.0) (Final Update:2021-10-07)

2021-10-06T20:00:00-04:00October 6th, 2021|Sql injection|

CVE-2021-39351

The WP Bannerize WordPress plugin is vulnerable to authenticated SQL injection via the id parameter found in the ~/Classes/wpBannerizeAdmin.php file which allows attackers to exfiate easily broken information from vulnerable sites. This issue affects versions 2.0.0 - 4.0.2. (CVSS:0.0) (Final Update:2021-10-06)

2021-10-05T20:00:00-04:00October 5th, 2021|Sql injection|

CVE-2021-29798

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 203734. (CVSS:0.0) (Last Update:2021-10-06)

2021-10-05T20:00:00-04:00October 5th, 2021|Sql injection|

CVE-2021-29903

IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 207506. (CVSS:0.0) (Closing Update:2021-10-06)

2021-10-05T20:00:00-04:00October 5th, 2021|Sql injection|

CVE-2021-25482

SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1 allow untrusted application to overwrite some CMFA framework information. (CVSS:0.0) (Concluding Update:2021-10-06)

2021-10-05T20:00:00-04:00October 5th, 2021|Sql injection|

CVE-2021-41651

A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. A malicious attacker can retrieve sensitive database information and interact with the database using the vulnerable cid parameter in process_update_profile.php. (CVSS:0.0) (Final Update:2021-10-04)

2021-10-03T20:00:00-04:00October 3rd, 2021|Sql injection|

CVE-2021-41647

An un-authenticated error-based and time-based unsighted SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable "username" parameter in login.php and retrieve easily broken database information, as well as add an administrative user. (CVSS:0.0) (Closing Update:2021-10-01)

2021-09-30T20:00:00-04:00September 30th, 2021|Sql injection|
Go to Top