CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

CVE•added 2026/02/06 11:14 p.m.•7 views

CVE-2020-37163

CVE-2020-37163 – QuickDate 1.3.2 suffers a SQL injection in the find_matches endpoint via the '_located' parameter, enabling UNION-based payloads to exfiltrate database information (credentials, DB name, system version). Evidence across sources confirms the vulnerable component and location of in...

8.8CVSS5.7AI score0.00026EPSS

Exploits0References3

RedhatCVE•added 2025/05/22 8:37 p.m.•2 views

CVE-2021-35458

Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php aka p=products via the c or s parameter...

9.8CVSS7.3AI score0.00451EPSS

Exploits1References1

Positive Technologies•added 2023/09/07 12:0 a.m.•3 views

PT-2023-26944 · Resort Data Processing +1 · Irm Next Generation +1

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The RDPData.dll file exposes the "/irmdata/api/common" endpoint that handles session IDs, among other features. By using a UNION SQL operator, an attacker can leak the sessions table, obta...

9.1CVSS9.3AI score0.00103EPSS

Exploits0References7

NVD•added 2022/02/24 4:15 p.m.•17 views

CVE-2022-24707

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. UNION SQL injection and time-based blind injection vulnerabilities existed in Time Tracker Puncher plugin in versions of anuko timetracker prior to 1.20.0.5642. This was happening because the Puncher plugin...

8.8CVSS0.02438EPSS

Exploits5References3

NVD•added 2021/07/30 2:15 p.m.•10 views

CVE-2021-35458

Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php aka p=products via the c or s parameter...

9.8CVSS0.00451EPSS

Exploits1References3

Prion•added 2021/07/30 2:15 p.m.•11 views

Sql injection

Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php aka p=products via the c or s parameter...

7.5CVSS9.8AI score0.00451EPSS

Exploits1References3Affected Software1

CVE•added 2021/07/27 5:24 a.m.•48 views

CVE-2021-35458

The CVE-2021-35458 case concerns the Online Pet Shop Web App 1.0, where the products.php endpoint (p=products) is vulnerable to a Union-based SQL Injection through the c or s parameter. Multiple sources (NVD, CVE lists) describe this as a critical, network-exposed flaw with high impact to confide...

9.8CVSS9.8AI score0.00451EPSS

Exploits1References3Affected Software1

Cvelist•added 2021/07/27 5:24 a.m.•18 views

CVE-2021-35458

Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php aka p=products via the c or s parameter...

10AI score0.00451EPSS

Exploits1References3

NVD•added 2021/04/29 7:15 p.m.•9 views

CVE-2020-22807

An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature...

9.8CVSS0.00264EPSS

Exploits1References1

Cvelist•added 2021/04/29 6:17 p.m.•13 views

CVE-2020-22807

An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature...

9.6AI score0.00264EPSS

Exploits1References1

VulnCheck KEV•added 2021/03/15 12:0 a.m.•1 views

VulnCheck KEV: CVE-2021-24182

The tutorquizbuildergetanswersbyquestion AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students...

6.5CVSS6.7AI score0.07632EPSS

Exploits2References1

Packet Storm•added 2010/11/27 12:0 a.m.•27 views

NoScript Cross Site Scripting Via SQL Injection

Hi List NoScript fails to detect the reflective XSS from trusted domains when an attack is conducted through SQLXSSI. The bypass in NoScript has been successfully conducted by using "Reflective XSS" through Union SQL poisoning attacks by exploiting the reverted errors in the browser. The attack...

1.2AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by