• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-89

CVE-2020-35674

February 26, 2023 by

BigProf Online Invoicing System before 2.9 suffers from an unauthenticated SQL Injection found in /membership_passwordReset.php (the endpoint that is responsible for issuing self-service password resets). An unauthenticated attacker is able to send a request containing a crafted payload that can result in sensitive information being extracted from the database, eventually leading into an application takeover. This vulnerability was introduced as a result of the developer trying to roll their own sanitization implementation in order to allow the application to be used in legacy environments.

CVE-2020-35597

February 26, 2023 by

Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_update_categories.php.

CVE-2020-35613

February 26, 2023 by

An issue was discovered in Joomla! 3.0.0 through 3.9.22. Improper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list.

CVE-2020-35545

February 26, 2023 by

Time-based SQL injection exists in Spotweb 1.4.9 via the query string.

CVE-2020-35378

February 26, 2023 by

SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute arbitrary SQL commands and bypass authentication via the username and password fields.

CVE-2020-35382

February 26, 2023 by

SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 400
  • Go to page 401
  • Go to page 402
  • Go to page 403
  • Go to page 404
  • Interim pages omitted …
  • Go to page 956
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE