Export limit exceeded: 336204 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 18006 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18006 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-6637 | 1 Os4ed | 1 Opensis | 2024-11-21 | 9.8 Critical |
| openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php. | ||||
| CVE-2020-6577 | 1 It-recht-kanzlei | 1 It-recht-kanzlei | 2024-11-21 | 9.8 Critical |
| The IT-Recht Kanzlei plugin in Zen Cart 1.5.6c (German edition) allows itrk-api.php rechtstext_language SQL Injection. | ||||
| CVE-2020-6253 | 1 Sap | 1 Adaptive Server Enterprise | 2024-11-21 | 7.2 High |
| Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute, leading to SQL Injection. | ||||
| CVE-2020-6249 | 1 Sap | 3 Master Data Governance \(s4core\), Master Data Governance \(s4fnd\), Master Data Governance \(sap Bs Fnd\) | 2024-11-21 | 8.8 High |
| The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection. | ||||
| CVE-2020-6241 | 1 Sap | 1 Adaptive Server Enterprise | 2024-11-21 | 8.8 High |
| SAP Adaptive Server Enterprise, version 16.0, allows an authenticated user to execute crafted database queries to elevate privileges of users in the system, leading to SQL Injection. | ||||
| CVE-2020-6145 | 1 Frappe | 1 Erpnext | 2024-11-21 | 8.8 High |
| An SQL injection vulnerability exists in the frappe.desk.reportview.get functionality of ERPNext 11.1.38. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6141 | 1 Os4ed | 1 Opensis | 2024-11-21 | 9.8 Critical |
| An exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6140 | 1 Os4ed | 1 Opensis | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6139 | 1 Os4ed | 1 Opensis | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The username_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6138 | 1 Os4ed | 1 Opensis | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The uname parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6137 | 1 Os4ed | 1 Opensis | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6136 | 1 Os4ed | 1 Opensis | 2024-11-21 | 8.8 High |
| An exploitable SQL injection vulnerability exists in the DownloadWindow.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6135 | 1 Os4ed | 1 Opensis | 2024-11-21 | 8.8 High |
| An exploitable SQL injection vulnerability exists in the Validator.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6134 | 1 Os4ed | 1 Opensis | 2024-11-21 | 8.8 High |
| SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page MassDropModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6133 | 1 Os4ed | 1 Opensis | 2024-11-21 | 8.8 High |
| SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page CourseMoreInfo.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6132 | 1 Os4ed | 1 Opensis | 2024-11-21 | 8.8 High |
| SQL injection vulnerability exists in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page ChooseCP.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6131 | 1 Os4ed | 1 Opensis | 2024-11-21 | 8.8 High |
| SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassScheduleSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. | ||||
| CVE-2020-6130 | 1 Os4ed | 1 Opensis | 2024-11-21 | 8.8 High |
| SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassDropSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. | ||||
| CVE-2020-6129 | 1 Os4ed | 1 Opensis | 2024-11-21 | 8.8 High |
| SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page CpSessionSet.php is vulnerable to SQL injection.An attacker can make an authenticated HTTP request to trigger these vulnerabilities. | ||||
| CVE-2020-6128 | 1 Os4ed | 1 Opensis | 2024-11-21 | 8.8 High |
| SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. The meet_date parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||