• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-89

CVE-2020-15008

February 26, 2023 by

A SQLi exists in the probe code of all Connectwise Automate versions before 2020.7 or 2019.12. A SQL Injection in the probe implementation to save data to a custom table exists due to inadequate server side validation. As the code creates dynamic SQL for the insert statement and utilizes the user supplied table name with little validation, the table name can be modified to allow arbitrary update commands to be run. Usage of other SQL injection techniques such as timing attacks, it is possible to perform full data extraction as well. Patched in 2020.7 and in a hotfix for 2019.12.

CVE-2020-14960

February 26, 2023 by

A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter,

CVE-2020-14972

February 26, 2023 by

Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution (RCE) via the user_email, user_pass, and id parameters on the admin login-portal and the edit-lessons webpages.

CVE-2020-14982

February 26, 2023 by

A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later before 4.0 (affecting the com.threeis.webta.H352premPayRequest servlet’s SortBy parameter) allows an attacker with the Employee, Supervisor, or Timekeeper role to read sensitive data from the database.

CVE-2020-14497

February 26, 2023 by

Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code.

CVE-2020-14443

February 26, 2023 by

A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 461
  • Go to page 462
  • Go to page 463
  • Go to page 464
  • Go to page 465
  • Interim pages omitted …
  • Go to page 956
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE