Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.
Max CVSS
9.8
EPSS Score
75.37%
Published
2020-12-30
Updated
2022-04-05

CVE-2020-35847

Public exploit
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.
Max CVSS
9.8
EPSS Score
77.40%
Published
2020-12-30
Updated
2022-04-05

CVE-2020-35846

Public exploit
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
Max CVSS
9.8
EPSS Score
78.77%
Published
2020-12-30
Updated
2022-09-02
HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages.
Max CVSS
7.6
EPSS Score
0.09%
Published
2020-12-31
Updated
2021-01-07
HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter.
Max CVSS
7.6
EPSS Score
0.09%
Published
2020-12-31
Updated
2021-01-07
phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page.
Max CVSS
7.2
EPSS Score
0.10%
Published
2020-12-25
Updated
2020-12-28
Steedos Platform through 1.21.24 allows NoSQL injection because the /api/collection/findone implementation in server/packages/steedos_base.js mishandles req.body validation, as demonstrated by MongoDB operator attacks such as an X-User-Id[$ne]=1 value.
Max CVSS
8.8
EPSS Score
0.09%
Published
2020-12-23
Updated
2020-12-23
An issue was discovered in Joomla! 3.0.0 through 3.9.22. Improper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list.
Max CVSS
9.8
EPSS Score
0.20%
Published
2020-12-28
Updated
2020-12-30
Time-based SQL injection exists in Spotweb 1.4.9 via the query string.
Max CVSS
9.8
EPSS Score
0.14%
Published
2020-12-17
Updated
2020-12-21
SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user.
Max CVSS
7.2
EPSS Score
0.09%
Published
2020-12-14
Updated
2020-12-14
SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute arbitrary SQL commands and bypass authentication via the username and password fields.
Max CVSS
9.8
EPSS Score
0.22%
Published
2020-12-14
Updated
2020-12-14
EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. An attacker can bypass the Admin Login panel through SQLi and get Admin access and add or remove any user.
Max CVSS
9.8
EPSS Score
0.15%
Published
2020-12-21
Updated
2020-12-23
Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addUser.
Max CVSS
9.8
EPSS Score
0.20%
Published
2020-12-26
Updated
2020-12-29
Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addGroup.
Max CVSS
9.8
EPSS Score
0.20%
Published
2020-12-26
Updated
2020-12-29
Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserInfoInDb.
Max CVSS
9.8
EPSS Score
0.20%
Published
2020-12-26
Updated
2020-12-29
Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserTeamInfoInDbAndMemory.
Max CVSS
9.8
EPSS Score
0.20%
Published
2020-12-26
Updated
2020-12-29
The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection.
Max CVSS
8.8
EPSS Score
0.16%
Published
2020-12-21
Updated
2023-11-14
An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could bypass the access controls for using a saved database connection profile to submit arbitrary SQL against a saved database connection.
Max CVSS
7.5
EPSS Score
0.08%
Published
2020-12-15
Updated
2020-12-17
An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely.
Max CVSS
9.8
EPSS Score
0.15%
Published
2020-12-11
Updated
2020-12-14
EGavilan Media EGM Address Book 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution.
Max CVSS
9.8
EPSS Score
4.42%
Published
2020-12-24
Updated
2021-04-22
EGavilan Media Under Construction page with cPanel 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution.
Max CVSS
9.8
EPSS Score
4.42%
Published
2020-12-24
Updated
2021-04-22
An SQL injection vulnerability was discovered in Gym Management System In manage_user.php file, GET parameter 'id' is vulnerable.
Max CVSS
9.8
EPSS Score
5.49%
Published
2020-12-02
Updated
2020-12-03
An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php.
Max CVSS
9.8
EPSS Score
5.49%
Published
2020-12-02
Updated
2020-12-03
SQL injection vulnerability was discovered in Point of Sales in PHP/PDO 1.0, which can be exploited via the id parameter to edit_category.php.
Max CVSS
9.8
EPSS Score
0.20%
Published
2020-12-02
Updated
2020-12-04
The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability.
Max CVSS
9.8
EPSS Score
12.30%
Published
2020-12-02
Updated
2020-12-04
466 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!