Lucene search
K

303 matches found

OSV
OSV
added 2021/12/29 8:15 a.m.4 views

CVE-2021-44161

Changing MOTP Mobile One Time Password system’s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication...

8.8CVSS5.8AI score0.00495EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/12/29 7:15 a.m.15 views

CVE-2021-44161 Changing Information Technology Inc. MOTP(Mobile One Time Password) - SQL Injection

Changing MOTP Mobile One Time Password system’s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication...

8.8CVSS9.1AI score0.00495EPSS
Exploits0References1
NVD
NVD
added 2021/12/14 4:15 p.m.22 views

CVE-2021-42064

If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. The vulnerability is present if th...

9.8CVSS0.01091EPSS
Exploits0References2
NVD
NVD
added 2021/10/13 6:15 p.m.14 views

CVE-2021-40842

Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the...

9.8CVSS0.00964EPSS
Exploits0References2
Prion
Prion
added 2021/10/13 6:15 p.m.15 views

Sql injection

Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the...

7.5CVSS9.7AI score0.00964EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/09/14 12:15 p.m.2 views

CVE-2021-33688

SAP Business One allows an attacker with business privileges to execute crafted database queries, exposing the back-end database. Due to framework restrictions, only some information can be obtained...

4.3CVSS5.8AI score
Exploits0References2
Cvelist
Cvelist
added 2021/09/14 11:19 a.m.23 views

CVE-2021-38176

Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query or inject ABAP code to gain access to Backend Database. On successful exploitation the threat actor could...

9.9CVSS9.1AI score0.01228EPSS
Exploits0References2
CNVD
CNVD
added 2021/07/27 12:0 a.m.15 views

Navigate CMS sql injection vulnerability (CNVD-2021-57421)

Navigate CMS is a powerful and intuitive content management system. A sql injection vulnerability exists in the id parameter in product.php in Navigate CMS 2.9.4 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary sql queries in the backend database...

9.8CVSS9.7AI score0.02162EPSS
Exploits1References1
CNVD
CNVD
added 2021/07/27 12:0 a.m.9 views

Navigate CMS sql injection vulnerability (CNVD-2021-57423)

Navigate CMS is a powerful and intuitive content management system. A sql injection vulnerability exists in the block-order parameter of the block function in Navigate CMS 2.9.4 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary sql queries in the backend databa...

9.8CVSS9.7AI score0.02162EPSS
Exploits1References1
CNVD
CNVD
added 2021/07/27 12:0 a.m.15 views

Navigate CMS sql injection vulnerability (CNVD-2021-57420)

Navigate CMS is a powerful and intuitive content management system. A sql injection vulnerability exists in the template-properties-order parameter in templates.php in Navigate CMS 2.9.4 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary sql queries in the backe...

9.8CVSS9.7AI score0.02483EPSS
Exploits1References1
CNVD
CNVD
added 2021/07/27 12:0 a.m.11 views

Navigate CMS sql injection vulnerability (CNVD-2021-57422)

Navigate CMS is a powerful and intuitive content management system. A sql injection vulnerability exists in the childrenorder parameter in structure.php in Navigate CMS 2.9.4 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary sql queries in the backend database...

9.8CVSS9.7AI score0.02162EPSS
Exploits1References1
CNVD
CNVD
added 2021/07/27 12:0 a.m.12 views

Navigate CMS sql injection vulnerability (CNVD-2021-57419)

Navigate CMS is a powerful and intuitive content management system. A sql injection vulnerability exists in the products-order parameter in products.php in Navigate CMS 2.9.4 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary sql queries in the backend database...

9.8CVSS9.7AI score0.02162EPSS
Exploits1References1
OSV
OSV
added 2021/07/26 6:15 p.m.3 views

CVE-2021-37475

In NavigateCMS version 2.9.4 and below, function in templates.php is vulnerable to sql injection on parameter template-properties-order, which results in arbitrary sql query execution in the backend database...

9.8CVSS6AI score0.02483EPSS
Exploits1References3
OSV
OSV
added 2021/07/26 6:15 p.m.0 views

CVE-2021-37473

In NavigateCMS version 2.9.4 and below, function in product.php is vulnerable to sql injection on parameter products-order through a post request, which results in arbitrary sql query execution in the backend database...

9.8CVSS6AI score0.02162EPSS
Exploits1References3
Prion
Prion
added 2021/07/26 6:15 p.m.14 views

Sql injection

In NavigateCMS version 2.9.4 and below, function in templates.php is vulnerable to sql injection on parameter template-properties-order, which results in arbitrary sql query execution in the backend database...

7.5CVSS9.5AI score0.02483EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2021/07/26 6:15 p.m.8 views

Sql injection

In NavigateCMS version 2.9.4 and below, function block is vulnerable to sql injection on parameter block-order, which results in arbitrary sql query execution in the backend database...

7.5CVSS9.5AI score0.02162EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2021/07/26 6:15 p.m.12 views

Sql injection

In NavigateCMS version 2.9.4 and below, function in product.php is vulnerable to sql injection on parameter id through a post request, which results in arbitrary sql query execution in the backend database...

7.5CVSS9.5AI score0.02162EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/07/26 5:17 p.m.22 views

CVE-2021-37477

In NavigateCMS version 2.9.4 and below, function in structure.php is vulnerable to sql injection on parameter childrenorder, which results in arbitrary sql query execution in the backend database...

9.8AI score0.02162EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/07/26 5:15 p.m.18 views

CVE-2021-37475

In NavigateCMS version 2.9.4 and below, function in templates.php is vulnerable to sql injection on parameter template-properties-order, which results in arbitrary sql query execution in the backend database...

9.8AI score0.02483EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/07/26 5:11 p.m.15 views

CVE-2021-37473

In NavigateCMS version 2.9.4 and below, function in product.php is vulnerable to sql injection on parameter products-order through a post request, which results in arbitrary sql query execution in the backend database...

9.8AI score0.02162EPSS
Exploits1References3
Rows per page
Query Builder