Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-4972

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-13 Jun, 2017 | 06:00
Updated At-05 Aug, 2024 | 14:47
Rejected At-
Credits

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30. An attacker can use a blind SQL injection attack to query the contents of the UAA database.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:13 Jun, 2017 | 06:00
Updated At:05 Aug, 2024 | 14:47
Rejected At:
▼CVE Numbering Authority (CNA)

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30. An attacker can use a blind SQL injection attack to query the contents of the UAA database.

Affected Products
Vendor
n/a
Product
Cloud Foundry UAA
Versions
Affected
  • Cloud Foundry UAA
Problem Types
TypeCWE IDDescription
textN/ABlind SQL Injection in UAA
Type: text
CWE ID: N/A
Description: Blind SQL Injection in UAA
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cloudfoundry.org/cve-2017-4972/
x_refsource_CONFIRM
Hyperlink: https://www.cloudfoundry.org/cve-2017-4972/
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cloudfoundry.org/cve-2017-4972/
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.cloudfoundry.org/cve-2017-4972/
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:13 Jun, 2017 | 06:29
Updated At:20 Apr, 2025 | 01:37

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30. An attacker can use a blind SQL injection attack to query the contents of the UAA database.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Cloud Foundry
cloudfoundry
>>cf-release>>Versions up to 256(inclusive)
cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*
Cloud Foundry
cloudfoundry
>>cloud_foundry_uaa_bosh>>Versions up to 29(inclusive)
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:*:*:*:*:*:*:*:*
Cloud Foundry
cloudfoundry
>>cloud_foundry_uaa_bosh>>13.1
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.1:*:*:*:*:*:*:*
Cloud Foundry
cloudfoundry
>>cloud_foundry_uaa_bosh>>13.2
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.2:*:*:*:*:*:*:*
Cloud Foundry
cloudfoundry
>>cloud_foundry_uaa_bosh>>13.3
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.3:*:*:*:*:*:*:*
Cloud Foundry
cloudfoundry
>>cloud_foundry_uaa_bosh>>13.4
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.4:*:*:*:*:*:*:*
Cloud Foundry
cloudfoundry
>>cloud_foundry_uaa_bosh>>13.5
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.5:*:*:*:*:*:*:*
Cloud Foundry
cloudfoundry
>>cloud_foundry_uaa_bosh>>13.6
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.6:*:*:*:*:*:*:*
Cloud Foundry
cloudfoundry
>>cloud_foundry_uaa_bosh>>13.7
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.7:*:*:*:*:*:*:*
Cloud Foundry
cloudfoundry
>>cloud_foundry_uaa_bosh>>13.8
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.8:*:*:*:*:*:*:*
Cloud Foundry
cloudfoundry
>>cloud_foundry_uaa_bosh>>13.9
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.9:*:*:*:*:*:*:*
Cloud Foundry
cloudfoundry
>>cloud_foundry_uaa_bosh>>13.10
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.10:*:*:*:*:*:*:*
Cloud Foundry
cloudfoundry
>>cloud_foundry_uaa_bosh>>13.11
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.11:*:*:*:*:*:*:*
Cloud Foundry
cloudfoundry
>>cloud_foundry_uaa_bosh>>24
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24:*:*:*:*:*:*:*
Cloud Foundry
cloudfoundry
>>cloud_foundry_uaa_bosh>>24.1
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.1:*:*:*:*:*:*:*
Cloud Foundry
cloudfoundry
>>cloud_foundry_uaa_bosh>>24.2
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.2:*:*:*:*:*:*:*
Cloud Foundry
cloudfoundry
>>cloud_foundry_uaa_bosh>>24.3
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.3:*:*:*:*:*:*:*
Cloud Foundry
cloudfoundry
>>cloud_foundry_uaa_bosh>>24.4
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.4:*:*:*:*:*:*:*
Cloud Foundry
cloudfoundry
>>cloud_foundry_uaa_bosh>>24.5
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.5:*:*:*:*:*:*:*
Cloud Foundry
cloudfoundry
>>cloud_foundry_uaa_bosh>>24.6
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.6:*:*:*:*:*:*:*
Cloud Foundry
cloudfoundry
>>cloud_foundry_uaa_bosh>>30
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30:*:*:*:*:*:*:*
Cloud Foundry
cloudfoundry
>>cloud_foundry_uaa_bosh>>30.1
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.1:*:*:*:*:*:*:*
Cloud Foundry
cloudfoundry
>>cloud_foundry_uaa_bosh>>30.2
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.2:*:*:*:*:*:*:*
Cloud Foundry
cloudfoundry
>>cloud_foundry_uaa_bosh>>30.3
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.3:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_uaa>>Versions up to 3.15.0(inclusive)
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_uaa>>2.2.5.4
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.2.5.4:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_uaa>>2.7.1
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.1:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_uaa>>2.7.2
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.2:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_uaa>>2.7.3
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.3:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_uaa>>2.7.4
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_uaa>>2.7.4.1
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.1:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_uaa>>2.7.4.2
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.2:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_uaa>>2.7.4.3
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.3:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_uaa>>2.7.4.4
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.4:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_uaa>>2.7.4.5
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.5:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_uaa>>2.7.4.6
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.6:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_uaa>>2.7.4.7
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.7:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_uaa>>2.7.4.8
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.8:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_uaa>>2.7.4.9
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.9:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_uaa>>2.7.4.11
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.11:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_uaa>>2.7.4.12
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.12:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_uaa>>2.7.4.13
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.13:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_uaa>>3.6.1
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.1:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_uaa>>3.6.2
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.2:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_uaa>>3.6.3
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.3:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_uaa>>3.6.4
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.4:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_uaa>>3.6.5
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.5:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_uaa>>3.6.6
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.6:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_uaa>>3.6.7
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.7:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_uaa>>3.6.8
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.8:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Primarynvd@nist.gov
CWE ID: CWE-89
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.cloudfoundry.org/cve-2017-4972/security_alert@emc.com
Vendor Advisory
https://www.cloudfoundry.org/cve-2017-4972/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://www.cloudfoundry.org/cve-2017-4972/
Source: security_alert@emc.com
Resource:
Vendor Advisory
Hyperlink: https://www.cloudfoundry.org/cve-2017-4972/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

717Records found
CVE-2020-22173
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.47% / 80.13%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 14:07
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\edit-profile.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

Action-Not Available
Vendor-n/aPHPGurukul LLP
Product-hospital_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-3038
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.8||CRITICAL
EPSS-0.06% / 18.22%
||
7 Day CHG~0.00%
Published-04 Oct, 2023 | 11:11
Updated-19 Sep, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HelpDezk Community improper authorization

SQL injection vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the rows parameter of the jsonGrid route and extract all the information stored in the application.

Action-Not Available
Vendor-helpdezkHelpDezk
Product-helpdezkHelpDezk Community
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-23149
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.50%
||
7 Day CHG~0.00%
Published-09 Aug, 2021 | 22:54
Updated-04 Aug, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a SQL injection and access sensitive database information.

Action-Not Available
Vendor-rconfign/a
Product-rconfign/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-22166
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.46% / 80.05%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 14:13
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\forgot-password.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

Action-Not Available
Vendor-n/aPHPGurukul LLP
Product-hospital_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-37393
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-84.93% / 99.30%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 00:00
Updated-02 Aug, 2024 | 03:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the /secserver HTTP endpoint. This may include ms-Mcs-AdmPwd, which has a cleartext password for the Local Administrator Password Solution (LAPS) feature.

Action-Not Available
Vendor-securenvoyn/asecurenvoy
Product-multi-factor_authentication_solutionsn/amfa
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-23282
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.24% / 46.80%
||
7 Day CHG~0.00%
Published-21 Jul, 2021 | 13:13
Updated-04 Aug, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection in Logon Page in MV's mConnect application, v02.001.00, allows an attacker to use a non existing user with a generic password to connect to the application and get access to unauthorized information.

Action-Not Available
Vendor-mvn/a
Product-mconnectn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-22169
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.46% / 80.05%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 14:10
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\appointment-history.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

Action-Not Available
Vendor-n/aPHPGurukul LLP
Product-hospital_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-36837
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-90.98% / 99.62%
||
7 Day CHG~0.00%
Published-05 Jun, 2024 | 00:00
Updated-02 Aug, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file.

Action-Not Available
Vendor-crmebn/acrmeb
Product-crmebn/acrmeb
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-24315
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.78% / 72.66%
||
7 Day CHG~0.00%
Published-26 Aug, 2020 | 13:04
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who craft specific SQL statements to dump the entire targets database.

Action-Not Available
Vendor-wordpress_poll_projectn/a
Product-wordpress_polln/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-22540
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.82%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:05
Updated-03 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database. Successful attacks could result in disclosure of a table of contents from the system, but no risk of modification possible.

Action-Not Available
Vendor-SAP SE
Product-netweaver_application_server_abapSAP NetWeaver AS ABAP (Workplace Server)
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-34334
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||CRITICAL
EPSS-0.15% / 35.92%
||
7 Day CHG~0.00%
Published-12 Sep, 2024 | 00:00
Updated-18 Sep, 2024 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL injection vulnerability via the forgot password function.

Action-Not Available
Vendor-ordatn/aordat
Product-ordat.erpn/afoss-online
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-27871
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 14.52%
||
7 Day CHG~0.00%
Published-21 Mar, 2023 | 14:29
Updated-25 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Faspex information disclosure

IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM Corporation
Product-linux_kernelaspera_faspexAspera Faspex
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-22172
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.47% / 80.13%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 14:08
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

Action-Not Available
Vendor-n/aPHPGurukul LLP
Product-hospital_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7735
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-8.7||HIGH
EPSS-0.07% / 21.83%
||
7 Day CHG~0.00%
Published-17 Jul, 2025 | 03:20
Updated-21 Jul, 2025 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
UNIMAX|Hospital Information System - SQL Injection

The Hospital Information System developed by UNIMAX has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.

Action-Not Available
Vendor-UNIMAX
Product-Hospital Information System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-34220
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.62%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 18:31
Updated-18 Apr, 2025 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the 'leave' parameter.

Action-Not Available
Vendor-n/aSourceCodesteroretnom23
Product-human_resource_management_systemn/ahuman_resource_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-23387
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.30% / 52.45%
||
7 Day CHG+0.01%
Published-01 Mar, 2022 | 16:42
Updated-03 Aug, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in taocms 3.0.2. This is a SQL blind injection that can obtain database data through the Comment Update field.

Action-Not Available
Vendor-taocmsn/a
Product-taocmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-22165
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.97% / 82.78%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 14:14
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

Action-Not Available
Vendor-n/aPHPGurukul LLP
Product-hospital_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-22170
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.47% / 80.13%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 14:17
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

Action-Not Available
Vendor-n/aPHPGurukul LLP
Product-hospital_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-23150
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.50%
||
7 Day CHG~0.00%
Published-09 Aug, 2021 | 22:54
Updated-04 Aug, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allows attackers to access sensitive database information via a crafted GET request to install/lib/ajaxHandlers/ajaxDbInstall.php.

Action-Not Available
Vendor-rconfign/a
Product-rconfign/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-22164
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.46% / 80.05%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 14:15
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\check_availability.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

Action-Not Available
Vendor-n/aPHPGurukul LLP
Product-hospital_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-34458
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.27% / 49.93%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 00:00
Updated-14 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in information disclosure.

Action-Not Available
Vendor-keyfactorn/a
Product-commandn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-33971
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.67%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 11:55
Updated-08 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection in Janobe products

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'username' in '/login.php' parameter.

Action-Not Available
Vendor-janobe
Product-credit_cardschool_event_management_systemdebit_card_paymentpaypalschool_attendence_monitoring_systemchool Event Management SystemSchool Attendance Monitoring System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-22174
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.47% / 80.13%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 14:06
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\book-appointment.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

Action-Not Available
Vendor-n/aPHPGurukul LLP
Product-hospital_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-33967
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.67%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 11:53
Updated-08 Aug, 2024 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection in Janobe products

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'view' in 'Attendance' and 'YearLevel' in '/AttendanceMonitoring/report/attendance_print.php' parameter.

Action-Not Available
Vendor-janobe
Product-credit_cardschool_event_management_systemdebit_card_paymentpaypalschool_attendence_monitoring_systemchool Event Management SystemSchool Attendance Monitoring Systemschool_attendance_monitoring_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-33964
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.67%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 11:20
Updated-08 Aug, 2024 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection in Janobe products

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/admin/mod_users/index.php' parameter.

Action-Not Available
Vendor-janobe
Product-credit_cardschool_event_management_systemdebit_card_paymentpaypalschool_attendence_monitoring_systemJanobe PayPalJanobe Debit Card PaymentJanobe Credit Cardjanobe_debit_card_paymentjanobe_paypaljanobe_credit_card
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-19451
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.67%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 14:26
Updated-04 Aug, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, updateLog function via the X-forwarded-for Header parameter.

Action-Not Available
Vendor-jdownloadsn/a
Product-jdownloadsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-33968
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.67%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 11:54
Updated-08 Aug, 2024 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection in Janobe products

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Attendance' and 'YearLevel' in '/AttendanceMonitoring/report/index.php' parameter.

Action-Not Available
Vendor-janobe
Product-credit_cardschool_event_management_systemdebit_card_paymentpaypalschool_attendence_monitoring_systemchool Event Management SystemSchool Attendance Monitoring Systemschool_attendance_monitoring_systemschool_event_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-20469
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.26% / 48.78%
||
7 Day CHG~0.00%
Published-21 Jun, 2021 | 04:01
Updated-04 Aug, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the log_edit.php files failing to filter the csa_to_user parameter, remote attackers can exploit the vulnerability to obtain database sensitive information.

Action-Not Available
Vendor-white_shark_systems_projectn/a
Product-white_shark_systemsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-32738
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-41.45% / 97.31%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 14:58
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CyberPower PowerPanel Enterprise SQL Injection

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_ptask_lean" function within MCUDBHelper.

Action-Not Available
Vendor-Cyber Power Systems, Inc.
Product-CyberPower PowerPanel Enterprisepowerpanel_enterprise
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-33973
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.67%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 11:56
Updated-08 Aug, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection in Janobe products

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Attendance' and 'YearLevel' in '/report/attendance_print.php' parameter.

Action-Not Available
Vendor-janobe
Product-credit_cardschool_event_management_systemdebit_card_paymentpaypalschool_attendence_monitoring_systemchool Event Management SystemSchool Attendance Monitoring Systemschool_attendance_monitoring_systemschool_event_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-33966
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.67%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 11:21
Updated-08 Aug, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection in Janobe products

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'xtsearch' in '/admin/mod_reports/index.php' parameter.

Action-Not Available
Vendor-janobe
Product-credit_cardschool_event_management_systemdebit_card_paymentpaypalschool_attendence_monitoring_systemJanobe PayPalJanobe Debit Card PaymentJanobe Credit Cardjanobe_debit_card_paymentjanobe_paypaljanobe_credit_card
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-33332
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.45%
||
7 Day CHG~0.00%
Published-30 Apr, 2024 | 00:00
Updated-03 Jun, 2025 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafted GET request to api/blade-system/tenant.

Action-Not Available
Vendor-bladexn/asmallchill
Product-springbladen/aspringblade
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-20625
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.74% / 71.97%
||
7 Day CHG~0.00%
Published-31 Aug, 2020 | 15:52
Updated-04 Aug, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sliced Invoices plugin for WordPress 3.8.2 and earlier allows unauthenticated information disclosure and authenticated SQL injection via core/class-sliced.php.

Action-Not Available
Vendor-slicedinvoicesn/a
Product-sliced_invoicesn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-21486
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.04% / 11.35%
||
7 Day CHG~0.00%
Published-20 Jun, 2023 | 00:00
Updated-09 Dec, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in PHPOK v.5.4. allows a remote attacker to obtain sensitive information via the _userlist function in framerwork/phpok_call.php file.

Action-Not Available
Vendor-phpokn/a
Product-phpokn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-33958
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.67%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 11:04
Updated-15 Aug, 2024 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection in Janobe E-Negosyo System

SQL injection vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in 'phonenumber' in '/passwordrecover.php' parameter.

Action-Not Available
Vendor-janobe
Product-young_entrepreneur_e-negosyo_systemE-Negosyo Systemenegosyo_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-20636
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 14.25%
||
7 Day CHG~0.00%
Published-20 Jun, 2023 | 00:00
Updated-10 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability found in Joyplus-cms v.1.6.0 allows a remote attacker to access sensitive information via the id parameter of the goodbad() function.

Action-Not Available
Vendor-joyplus-cms_projectn/a
Product-joyplus-cmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-33969
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.67%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 11:55
Updated-08 Aug, 2024 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection in Janobe products

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/AttendanceMonitoring/department/index.php' parameter.

Action-Not Available
Vendor-janobe
Product-credit_cardschool_event_management_systemdebit_card_paymentpaypalschool_attendence_monitoring_systemchool Event Management SystemSchool Attendance Monitoring Systemschool_attendance_monitoring_systemschool_event_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-20474
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.23% / 45.93%
||
7 Day CHG~0.00%
Published-21 Jun, 2021 | 04:07
Updated-04 Aug, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the default_task_edituser.php files failing to filter the csa_to_user parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information.

Action-Not Available
Vendor-white_shark_systems_projectn/a
Product-white_shark_systemsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-32739
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-59.34% / 98.16%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 14:58
Updated-28 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CyberPower PowerPanel Enterprise SQL Injection

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_ptask_verbose" function within MCUDBHelper.

Action-Not Available
Vendor-Cyber Power Systems, Inc.
Product-CyberPower PowerPanel Enterprisepowerpanel_enterprise
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-33959
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.67%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 11:12
Updated-08 Aug, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection in Janobe products

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'categ' in '/admin/mod_reports/printreport.php' parameter.

Action-Not Available
Vendor-janobe
Product-credit_cardschool_event_management_systemdebit_card_paymentpaypalschool_attendence_monitoring_systemJanobe PayPalJanove Credit CardJanobe Debit Card Paymentjanobe_debit_card_paymentjanobe_paypaljanobe_credit_card
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-32736
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-65.00% / 98.40%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 14:57
Updated-25 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CyberPower PowerPanel Enterprise SQL Injection

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_utask_verbose" function within MCUDBHelper.

Action-Not Available
Vendor-Cyber Power Systems, Inc.
Product-CyberPower PowerPanel Enterprisepowerpanel_enterprise
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-32737
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-41.45% / 97.31%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 14:57
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CyberPower PowerPanel Enterprise SQL Injection

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_contract_result" function within MCUDBHelper.

Action-Not Available
Vendor-Cyber Power Systems, Inc.
Product-CyberPower PowerPanel Enterprisepowerpanel_enterprise
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-33970
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.67%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 11:55
Updated-08 Aug, 2024 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection in Janobe products

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'studid' in '/candidate/controller.php' parameter.

Action-Not Available
Vendor-janobe
Product-credit_cardschool_event_management_systemdebit_card_paymentpaypalschool_attendence_monitoring_systemchool Event Management SystemSchool Attendance Monitoring Systemschool_attendance_monitoring_systemschool_event_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-19455
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.67%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 15:17
Updated-04 Aug, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection exists in the jdownloads 3.2.63 component for Joomla! via components/com_jdownloads/helpers/categories.php, order function via the filter_order parameter.

Action-Not Available
Vendor-jdownloadsn/a
Product-jdownloadsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-33957
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 30.54%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 11:03
Updated-15 Aug, 2024 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection in Janobe E-Negosyo System

SQL injection vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in 'id' in '/admin/orders/controller.php' parameter

Action-Not Available
Vendor-janobe
Product-young_entrepreneur_e-negosyo_systemE-Negosyo Systemenegosyo_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-24647
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.50%
||
7 Day CHG~0.00%
Published-13 Feb, 2023 | 00:00
Updated-21 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Food Ordering System v2.0 was discovered to contain a SQL injection vulnerability via the email parameter.

Action-Not Available
Vendor-online_food_ordering_system_projectn/a
Product-online_food_ordering_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-19450
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.67%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 14:16
Updated-04 Aug, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, getUserLimits function in the list parameter.

Action-Not Available
Vendor-jdownloadsn/a
Product-jdownloadsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-33962
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.67%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 11:19
Updated-08 Aug, 2024 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection in Janobe products

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'code' in '/admin/mod_reservation/index.php' parameter.

Action-Not Available
Vendor-janobe
Product-credit_cardschool_event_management_systemdebit_card_paymentpaypalschool_attendence_monitoring_systemJanobe PayPalJanobe Debit Card PaymentJanobe Credit Cardjanobe_debit_card_paymentjanobe_paypaljanobe_credit_card
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-20340
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.24% / 46.80%
||
7 Day CHG~0.00%
Published-01 Sep, 2021 | 19:30
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A SQL injection vulnerability in the 4.edu.php\conn\function.php component of S-CMS v1.0 allows attackers to access sensitive database information.

Action-Not Available
Vendor-s-cmsn/a
Product-s-cmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-20583
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.24% / 46.80%
||
7 Day CHG~0.00%
Published-08 Jul, 2021 | 15:44
Updated-04 Aug, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A SQL injection vulnerability in /question.php of LJCMS Version v4.3.R60321 allows attackers to obtain sensitive database information.

Action-Not Available
Vendor-8cmsn/a
Product-ljcmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 14
  • 15
  • Next
Details not found