Search Results (36897 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-43608 1 Doctrine-project 1 Database Abstraction Layer 2024-11-21 9.8 Critical
Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of offset and length inputs to the generation of a LIMIT clause was not probably cast to an integer, allowing SQL injection to take place if application developers passed unescaped user input to the DBAL QueryBuilder or any other API that ultimately uses the AbstractPlatform::modifyLimitQuery API.
CVE-2021-43560 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-11-21 5.3 Medium
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.
CVE-2021-43553 1 Osisoft 1 Pi Vision 2024-11-21 3.1 Low
PI Vision could disclose information to a user with insufficient privileges for an AF attribute that is the child of another attribute and is configured as a Limits property.
CVE-2021-43545 3 Debian, Mozilla, Redhat 7 Debian Linux, Firefox, Firefox Esr and 4 more 2024-11-21 6.5 Medium
Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
CVE-2021-43510 1 Simple Client Management System Project 1 Simple Client Management System 2024-11-21 9.8 Critical
SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the username field in login.php.
CVE-2021-43509 1 Simple Client Management System Project 1 Simple Client Management System 2024-11-21 9.8 Critical
SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the id parameter in view-service.php.
CVE-2021-43506 1 Simple Client Management System Project 1 Simple Client Management System 2024-11-21 9.8 Critical
An SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the password parameter in Login.php.
CVE-2021-43484 1 Simple Client Management System Project 1 Simple Client Management System 2024-11-21 9.8 Critical
A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request.
CVE-2021-43481 1 Webtareas Project 1 Webtareas 2024-11-21 9.8 Critical
An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php.
CVE-2021-43451 1 Phpgurukul 1 Employee Record Management System 2024-11-21 9.8 Critical
SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php.
CVE-2021-43420 1 Online Payment Hub Project 1 Online Payment Hub 2024-11-21 9.8 Critical
SQL injection vulnerability in Login.php in Sourcecodester Online Payment Hub v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter.
CVE-2021-43408 1 Duplicate Post Project 1 Duplicate Post 2024-11-21 6.5 Medium
The "Duplicate Post" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In many cases it also possible to exploit features of SQL server to execute system commands and/or access the local file system. This particular vulnerability can be exploited by any authenticated user who has been granted access to use the Duplicate Post plugin. By default, this is limited to Administrators, however the plugin presents the option to permit access to the Editor, Author, Contributor and Subscriber roles.
CVE-2021-43329 1 Mumara 1 Classic 2024-11-21 9.8 Critical
A SQL injection vulnerability in license_update.php in Mumara Classic through 2.93 allows a remote unauthenticated attacker to execute arbitrary SQL commands via the license parameter.
CVE-2021-43172 1 Nlnetlabs 1 Routinator 2024-11-21 7.5 High
NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. In RPKI, a CA can choose the RRDP repository it wishes to publish its data in. By continuously generating a new child CA that only consists of another CA using a different RRDP repository, a malicious CA can create a chain of CAs of de-facto infinite length. Routinator prior to version 0.10.2 did not contain a limit on the length of such a chain and will therefore continue to process this chain forever. As a result, the validation run will never finish, leading to Routinator continuing to serve the old data set or, if in the initial validation run directly after starting, never serve any data at all.
CVE-2021-43155 1 Projectworlds 1 Online Book Store Project In Php 2024-11-21 9.8 Critical
Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injection via the "bookisbn" parameter in cart.php.
CVE-2021-43130 1 Customer Relationship Management System Project 1 Customer Relationship Management System 2024-11-21 9.8 Critical
An SQL Injection vulnerability exists in Sourcecodester Customer Relationship Management System (CRM) 1.0 via the username parameter in customer/login.php.
CVE-2021-43109 1 Puneethreddyhc Online-shopping-system Project 1 Puneethreddyhc Online-shopping-system 2024-11-21 7.5 High
An SQL Injection vulnerability exits in PuneethReddyHC online-shopping-system as of 11/01/2021 via the p parameter in product.php.
CVE-2021-43094 1 Openmrs 2 Openmrs, Reference Application 2024-11-21 9.8 Critical
An SQL Injection vulnerability exists in OpenMRS Reference Application Standalone Edition <=2.11 and Platform Standalone Edition <=2.4.0 via GET requests on arbitrary parameters in patient.page.
CVE-2021-43091 1 Yeswiki 1 Yeswiki 2024-11-21 7.5 High
An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form.
CVE-2021-43077 1 Fortinet 1 Fortiwlm 2024-11-21 8.8 High
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the AP monitor handlers.