Vulmon
Recent Vulnerabilities
Trends
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
sql injection vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-11545
Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and parameters (account.php), uname and pass parameters (login.php), and id parameter (book_car.php) This allows an attacker to dump the MySQL database and to...
Projectworlds
Official Car Rental System
7.5
CVSSv2
CVE-2020-8637
A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the node_id parameter....
Testlink
7.5
CVSSv2
CVE-2020-8638
A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter....
Testlink
7.5
CVSSv2
CVE-2020-6009
LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL Injection....
Learndash
6.5
CVSSv2
CVE-2020-5292
Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiality, integrity, and availability of the site. Attackers can exfiltrate data like...
Leantime
6.5
CVSSv2
CVE-2019-7755
In webERP 4.15, the Import Bank Transactions function fails to sanitize the content of imported MT940 bank statement files, resulting in the execution of arbitrary SQL queries, aka SQL Injection....
Weberp
7.5
CVSSv2
CVE-2016-11023
odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE: this product is apparently discontinued....
Odata4j Project
Odata4j
7.5
CVSSv2
CVE-2016-11024
odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: this product is apparently discontinued....
Odata4j Project
Odata4j
4.3
CVSSv2
CVE-2020-5725
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the login action with a crafted username and, through the use of timing attacks, can discover user...
5
CVSSv2
CVE-2020-5726
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords....
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-0674
CVE-2020-7615
clink office
CVE-2017-18687
android
google
buffer overflow
communilink
spoof
CVE-2017-18691
CVE-2020-11512
CVE-2019-17026
cross-site scripting
1
2
3
4
5
NEXT »
Vulmon