Search Results (36906 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-45821 1 Btiteam 1 Xbtit 2024-11-21 8.8 High
A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid parameter in ajaxchat/getHistoryChatData.php file that is accessible by a registered user. As a result, a malicious user can extract sensitive data such as usernames and passwords and in some cases use this vulnerability in order to get a remote code execution on the remote web server.
CVE-2021-45814 1 Nettemp 1 Nnt 2024-11-21 9.8 Critical
Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel with an administrative account.
CVE-2021-45811 1 Enhancesoft 1 Osticket 2024-11-21 6.5 Medium
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
CVE-2021-45803 1 Iresturant Project 1 Iresturant 2024-11-21 8.8 High
MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because this view parameter value is added to the SQL query without additional verification when viewing reservation.
CVE-2021-45802 1 Iresturant Project 1 Iresturant 2024-11-21 9.8 Critical
MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because the email and phone parameter values are added to the SQL query without any verification at the time of membership registration.
CVE-2021-45794 1 Slims 1 Senayan Library Management System 2024-11-21 7.5 High
Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can be obtained.
CVE-2021-45793 1 Slims 1 Senayan Library Management System 2024-11-21 7.5 High
Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained.
CVE-2021-45791 1 Slims 1 Senayan Library Management System 2024-11-21 8.8 High
Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users.
CVE-2021-45788 1 Metersphere 1 Metersphere 2024-11-21 8.8 High
Time-based SQL Injection vulnerabilities were found in Metersphere v1.15.4 via the "orders" parameter.
CVE-2021-45471 2 Fedoraproject, Mediawiki 2 Fedora, Mediawiki 2024-11-21 5.3 Medium
In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items.
CVE-2021-45457 1 Apache 1 Kylin 2024-11-21 7.5 High
In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.
CVE-2021-45445 1 Unisys 1 Clearpath Mcp Tcp\/ip Networking Services 2024-11-21 7.5 High
Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 has an Infinite Loop.
CVE-2021-45435 1 Oretnom23 1 Simple Cold Storage Management System 2024-11-21 9.8 Critical
An SQL Injection vulnerability exists in Sourcecodester Simple Cold Storage Management System using PHP/OOP 1.0 via the username field in login.php.
CVE-2021-45406 1 Salonerp Project 1 Salonerp 2024-11-21 8.8 High
In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password.
CVE-2021-45339 1 Avast 1 Antivirus 2024-11-21 7.8 High
Privilege escalation vulnerability in Avast Antivirus prior to 20.4 allows a local user to gain elevated privileges by "hollowing" trusted process which could lead to the bypassing of Avast self-defense.
CVE-2021-45334 1 Online Thesis Archiving System Project 1 Online Thesis Archiving System 2024-11-21 9.8 Critical
Sourcecodester Online Thesis Archiving System 1.0 is vulnerable to SQL Injection. An attacker can bypass admin authentication and gain access to admin panel using SQL Injection
CVE-2021-45297 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size.
CVE-2021-45257 1 Nasm 1 Netwide Assembler 2024-11-21 5.5 Medium
An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function.
CVE-2021-45255 1 Video Sharing Website Project 1 Video Sharing Website 2024-11-21 9.8 Critical
The email parameter from ajax.php of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed.
CVE-2021-45253 1 Simple Cold Storage Management System Project 1 Simple Cold Storage Managment System 2024-11-21 9.8 Critical
The id parameter in view_storage.php from Simple Cold Storage Management System 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed.