• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-89

CVE-2020-15468

February 26, 2023 by

Persian VIP Download Script 1.0 allows SQL Injection via the cart_edit.php active parameter.

CVE-2020-15394

February 26, 2023 by

The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution.

CVE-2020-15363

February 26, 2023 by

The Nexos theme through 1.7 for WordPress allows side-map/?search_order= SQL Injection.

CVE-2020-15308

February 26, 2023 by

Support Incident Tracker (aka SiT! or SiTracker) 3.67 p2 allows post-authentication SQL injection via the site_edit.php typeid or site parameter, the search_incidents_advanced.php search_title parameter, or the report_qbe.php criteriafield parameter.

CVE-2020-15333

February 26, 2023 by

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL “select * from Administrator_users” and “select * from Users_users” requests.

CVE-2020-15226

February 26, 2023 by

In GLPI before version 9.5.2, there is a SQL Injection in the API’s search function. Not only is it possible to break the SQL syntax, but it is also possible to utilise a UNION SELECT query to reflect sensitive information such as the current database version, or database user. The most likely scenario for this vulnerability is with someone who has an API account to the system. The issue is patched in version 9.5.2. A proof-of-concept with technical details is available in the linked advisory.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 459
  • Go to page 460
  • Go to page 461
  • Go to page 462
  • Go to page 463
  • Interim pages omitted …
  • Go to page 956
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE