• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-89

CVE-2021-41765

February 23, 2023 by

A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of ResourceSpace 9.5 and 9.6 < rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of the ResourceSpace database, including user session cookies. An attacker who gets an admin user session cookie can use the session cookie to execute arbitrary code on the server.

CVE-2021-41679

February 23, 2023 by

A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/grades/InputFinalGrades.php, period parameter.

CVE-2021-41695

February 23, 2023 by

An SQL Injection vulnerability exists in Premiumdatingscript 4.2.7.7 via the ip parameter in connect.php. .

CVE-2021-41746

February 23, 2023 by

SQL Injection vulnerability exists in all versions of Yonyou TurboCRM.via the orgcode parameter in changepswd.php. Attackers can use the vulnerabilities to obtain sensitive database information.

CVE-2021-41754

February 23, 2023 by

dynamicMarkt <= 3.10 is affected by SQL injection in the parent parameter of index.php.

CVE-2021-41755

February 23, 2023 by

dynamicMarkt <= 3.10 is affected by SQL injection in the kat1 parameter of index.php.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 578
  • Go to page 579
  • Go to page 580
  • Go to page 581
  • Go to page 582
  • Interim pages omitted …
  • Go to page 956
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE