Lucene search
K

484 matches found

CVE
CVE
added 2026/02/10 3:1 a.m.37 views

CVE-2026-0488

CVE-2026-0488 affects SAP CRM and SAP S/4HANA (Scripting Editor) via a flaw in a generic function module call that an authenticated attacker can abuse to execute an arbitrary SQL statement. This can lead to full database compromise with high impact to confidentiality, integrity, and availability....

9.9CVSS6.1AI score0.0049EPSS
Exploits0References2Affected Software3
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.14 views

PT-2026-7203

Name of the Vulnerable Software and Affected Versions SAP CRM and SAP S/4HANA affected versions not specified Description An authenticated attacker in SAP CRM and SAP S/4HANA Scripting Editor can exploit a flaw in a generic function module call and execute unauthorized critical functionalities...

9.9CVSS6.3AI score0.0049EPSS
Exploits0References18
NVD
NVD
added 2026/02/03 6:16 p.m.7 views

CVE-2020-37116

GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise...

8.8CVSS0.00415EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/03 4:52 p.m.30 views

CVE-2020-37116 GUnet OpenEclass 1.7.3 E-learning platform - phpMyAdmin Remote Access

GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise...

8.8CVSS0.00415EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.6 views

PT-2026-5861

GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise...

8.8CVSS5.5AI score0.00415EPSS
Exploits1References5
Packet Storm News
Packet Storm News
added 2026/02/02 12:0 a.m.3 views

Openbiz Cubi SQL Injection

Multiple SQL injection vulnerabilities exist in Openbiz Cubi. These vulnerabilities allow remote attackers to execute arbitrary SQL commands and potentially compromise the entire database. This issue is older research added to the archive...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/02 12:0 a.m.6 views

Plikli CMS 4.0.0 Blind SQL Injection

A blind SQL injection vulnerability exists in Plikli CMS version 4.0.0. The vulnerability allows remote attackers to execute arbitrary SQL commands and potentially compromise the database. This is older research added to the archive...

6.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/02 12:0 a.m.6 views

TestLink 1.9.13 SQL Injection

A SQL injection vulnerability exists in TestLink version 1.9.13. The vulnerability allows remote attackers to execute arbitrary SQL commands and potentially compromise the database. This issue is older research added to the archive...

9.8CVSS6.1AI score0.01589EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2026/02/01 12:15 p.m.3 views

CVE-2021-47918 Simple CMS 2.1 SQL Injection Vulnerability via Users Module

Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application...

8.6CVSS5.8AI score0.00511EPSS
Exploits1References3
EUVD
EUVD
added 2026/02/01 12:15 p.m.6 views

EUVD-2021-34753

Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application...

8.6CVSS6AI score0.00511EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/01 12:15 p.m.35 views

CVE-2021-47916

...

Exploits0
EUVD
EUVD
added 2026/02/01 12:15 p.m.7 views

EUVD-2021-34756

PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web...

8.6CVSS6.2AI score0.00527EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/01 12:15 p.m.4 views

CVE-2021-47916

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

5.8AI score
Exploits0References3
EUVD
EUVD
added 2026/02/01 12:15 p.m.6 views

EUVD-2021-34761

Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, vendor, and order modules. Remote attackers with privileged vendor or admin roles can exploit the 'id' parameter to execute malicious SQL commands and compromise the database management system...

8.6CVSS6.1AI score0.00315EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/01 12:0 a.m.9 views

PT-2026-5561

Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application...

8.6CVSS6AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/01 12:0 a.m.9 views

PT-2026-5555

Name of the Vulnerable Software and Affected Versions Mult-E-Cart Ultimate version 2.4 Description The software contains multiple SQL injection flaws within the inventory, customer, vendor, and order modules. Attackers with vendor or administrator privileges can exploit the id parameter to execut...

8.6CVSS5.7AI score0.00315EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/01/09 10:54 a.m.9 views

CVE-2022-23694

Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information...

8.8CVSS7.7AI score0.00889EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:59 a.m.7 views

CVE-2020-7114

A vulnerability exists allowing attackers, when present in the same network segment as ClearPass' management interface, to make changes to certain databases in ClearPass by crafting HTTP packets. As a result of this attack, a possible complete cluster compromise might occur. Resolution: Fixed in...

9.8CVSS6.8AI score0.01089EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:55 a.m.7 views

CVE-2020-12429

Online Course Registration 2.0 has multiple SQL injections that would can lead to a complete database compromise and authentication bypass in the login pages: admin/change-password.php, admin/checkavailability.php, admin/index.php, change-password.php, checkavailability.php, includes/header.php,...

9.8CVSS7.8AI score0.02447EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:33 a.m.7 views

CVE-2024-41915

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in...

8.8CVSS7.2AI score0.00547EPSS
Exploits0References1
Rows per page
Query Builder