• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-89

CVE-2021-42258

February 23, 2023 by

BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xp_cmdshell.

CVE-2021-42169

February 23, 2023 by

The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parameter (username) from the login form is not protected correctly and there is no security and escaping from malicious payloads.

CVE-2021-42185

February 23, 2023 by

wdja v2.1 is affected by a SQL injection vulnerability in the foreground search function.

CVE-2021-42224

February 23, 2023 by

SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php.

CVE-2021-42131

February 23, 2023 by

A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.

CVE-2021-42064

February 23, 2023 by

If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized “in” clause, SAP Commerce – versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. The vulnerability is present if the parameterized “in” clause accepts more than 1000 values.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 575
  • Go to page 576
  • Go to page 577
  • Go to page 578
  • Go to page 579
  • Interim pages omitted …
  • Go to page 956
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE