• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-89

CVE-2020-26712

February 26, 2023 by

REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. The application uses the addition of a string of information from the submitted user that is not validated well in the database query, resulting in an SQL injection vulnerability where an attacker can exploit and compromise all databases.

CVE-2020-26773

February 26, 2023 by

Restaurant Reservation System 1.0 suffers from an authenticated SQL injection vulnerability, which allows a remote, authenticated attacker to execute arbitrary SQL commands via the date parameter in includes/reservation.inc.php.

CVE-2020-26668

February 26, 2023 by

A SQL injection vulnerability was discovered in /core/feeds/custom.php in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to inject a malicious SQL query to the applications via the ‘Create New Feed’ function.

CVE-2020-26677

February 26, 2023 by

Any user logged in to a vFairs 3.3 virtual conference or event can perform SQL injection with a malicious query to the API.

CVE-2020-26518

February 26, 2023 by

Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter.

CVE-2020-26525

February 26, 2023 by

Damstra Smart Asset 2020.7 has SQL injection via the API/api/Asset originator parameter. This allows forcing the database and server to initiate remote connections to third party DNS servers.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 417
  • Go to page 418
  • Go to page 419
  • Go to page 420
  • Go to page 421
  • Interim pages omitted …
  • Go to page 956
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE