• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-89

CVE-2021-43851

February 23, 2023 by

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. SQL injection vulnerability exist in multiple files in Time Tracker version 1.19.33.5606 and prior due to not properly checking of the “group” and “status” parameters in POST requests. Group parameter is posted along when navigating between organizational subgroups (groups.php file). Status parameter is used in multiple files to change a status of an entity such as making a project, task, or user inactive. This issue has been patched in version 1.19.33.5607. An upgrade is highly recommended. If an upgrade is not practical, introduce ttValidStatus function as in the latest version and start using it user input check blocks wherever status field is used. For groups.php fix, introduce ttValidInteger function as in the latest version and use it in the access check block in the file.

CVE-2021-43735

February 23, 2023 by

CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule.

CVE-2021-43789

February 23, 2023 by

PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop prior to 1.7.8.2 are vulnerable to blind SQL injection using search filters with `orderBy` and `sortOrder` parameters. The problem is fixed in version 1.7.8.2.

CVE-2021-43679

February 23, 2023 by

ecshop v2.7.3 is affected by a SQL injection vulnerability in shopexecshopuploadapiclientapi.php.

CVE-2021-43700

February 23, 2023 by

An issue was discovered in ApiManager 1.1. there is sql injection vulnerability that can use in /index.php?act=api&tag=8.

CVE-2021-43701

February 23, 2023 by

CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the fieldS[] and orderby parameters.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 565
  • Go to page 566
  • Go to page 567
  • Go to page 568
  • Go to page 569
  • Interim pages omitted …
  • Go to page 956
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE