Vulmon Recent Vulnerabilities Trends About Contact

sql injection vulnerabilities and exploits

(subscribe to this query)

NA
CVE-2020-6114
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to...
NA
CVE-2020-15504
A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. The fix is built into the re-release of XG Firewall v18 MR-1 (named MR-1-Build396) and the v17.5 MR13...
NA
CVE-2020-13993
An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A blind time-based SQL injection issue allows remote unauthenticated attackers to retrieve information from the database via a ticket....
NA
CVE-2020-15072
An issue was discovered in phpList through 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administrators section....
NA
CVE-2020-3973
The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged....
7.5
CVSSv2
CVE-2020-8519
SQL injection with the search parameter in Records.php for phpzag live add edit delete data tables records with ajax php mysql...
Phpzag
NA
CVE-2020-15008
A SQLi exists in the probe code of all Connectwise Automate versions before 2020.7 or 2019.12. A SQL Injection in the probe implementation to save data to a custom table exists due to inadequate server side validation. As the code creates dynamic SQL for the insert statement and...
7.5
CVSSv2
CVE-2020-8521
SQL injection with start and length parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql...
Phpzag
7.5
CVSSv2
CVE-2020-8520
SQL injection in order and column parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql...
Phpzag
7.5
CVSSv2
CVE-2019-20896
WebChess 1.0 allows SQL injection via the messageFrom, gameID, opponent, messageID, or to parameter....
Webchess ProjectWebchess
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-2034SSTImods-for-heskphplistmods for heskCVE-2020-15092CVE-2020-8195open redirectCVE-2018-12371overflowCVE-2012-6489CVE-2013-0802