Vulmon Recent Vulnerabilities Trends Blog About Contact

sql injection vulnerabilities and exploits

(subscribe to this query)

NA
CVE-2019-19876
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An EnMon PHP script was vulnerable to SQL injection, a different vulnerability than CVE-2019-10006....
NA
CVE-2020-27207
Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in sqlite3.c. A remote denial of service attack can be performed. For example, a SQL injection can be used to execute the crafted SQL command sequence. After that, some...
NA
CVE-2020-4003
VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. An authenticated SD-WAN Orchestrator user may inject code into SQL queries which...
NA
CVE-2020-3984
The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 does not apply correct input validation which allows for SQL-injection. An authenticated SD-WAN Orchestrator user may exploit a vulnerable API call using specially crafted SQL queries which may lead to...
7.5
CVSSv2
CVE-2020-25475
SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action....
NA
CVE-2020-26228
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly...
NA
CVE-2020-28994
A SQL injection vulnerability was discovered in Karenderia Multiple Restaurant System, affecting versions 5.4.2 and below. The vulnerability allows for an unauthenticated attacker to perform various tasks such as modifying and leaking all contents of the database....
NA
CVE-2020-28091
cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php....
NA
CVE-2020-28183
SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php....
NA
CVE-2020-28133
An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in sales_inventory/login.php....
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
localCVE-2020-25654CVE-2020-26237hrsaleoscommerce72408a firmwarecdataCVE-2020-29063CVE-2020-26238code executionCVE-2020-5902CVE-2020-28948unprivileged