Search Results (36869 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-40595 1 Online Leave Management System Project 1 Online Leave Management System 2024-11-21 9.8 Critical
SQL injection vulnerability in Sourcecodester Online Leave Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /leave_system/classes/Login.php.
CVE-2021-40592 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition ('infinite loop') vulnerability in ISOBMFF reader filter, isoffin_read.c. Function isoffin_process() can result in DoS by infinite loop. To exploit, the victim must open a specially crafted mp4 file.
CVE-2021-40578 1 Online Enrollment Management System Project 1 Online Enrollment Management System 2024-11-21 7.2 High
Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, that allows attackers to obtain sensitive information and execute arbitrary SQL commands via IDNO parameter.
CVE-2021-40543 1 Os4ed 1 Opensis 2024-11-21 9.8 Critical
Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters $_GET['usrid'] and $_GET['prof_id'] in the PasswordCheck.php file.
CVE-2021-40504 1 Sap 1 Netweaver Application Server Abap 2024-11-21 4.9 Medium
A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport authorizations, which exceed expected display only permissions.
CVE-2021-40502 1 Sap 1 Commerce 2024-11-21 8.8 High
SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Authenticated attackers will be able to access and edit data from b2b units they do not belong to.
CVE-2021-40501 1 Sap 1 Abap Platform Kernel 2024-11-21 8.1 High
SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify data beyond the vulnerable system. However, the attacker can neither significantly reduce the performance of the system nor stop the system.
CVE-2021-40493 1 Zohocorp 1 Manageengine Opmanager 2024-11-21 9.8 Critical
Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.
CVE-2021-40456 1 Microsoft 5 Windows Server, Windows Server 2004, Windows Server 2019 and 2 more 2024-11-21 5.3 Medium
Windows AD FS Security Feature Bypass Vulnerability
CVE-2021-40379 1 Comprotech 8 Ip570, Ip570 Firmware, Ip60 and 5 more 2024-11-21 7.5 High
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. rstp://.../medias2 does not require authorization.
CVE-2021-40378 1 Comprotech 8 Ip570, Ip570 Firmware, Ip60 and 5 more 2024-11-21 8.1 High
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. /cgi-bin/support/killps.cgi deletes all data from the device.
CVE-2021-40353 1 Os4ed 1 Opensis 2024-11-21 9.8 Critical
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the index.php USERNAME parameter. NOTE: this issue may exist because of an incomplete fix for CVE-2020-6637.
CVE-2021-40317 1 Piwigo 1 Piwigo 2024-11-21 8.8 High
Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter.
CVE-2021-40313 1 Piwigo 1 Piwigo 2024-11-21 8.8 High
Piwigo v11.5 was discovered to contain a SQL injection vulnerability via the parameter pwg_token in /admin/batch_manager_global.php.
CVE-2021-40309 1 Os4ed 1 Opensis 2024-11-21 8.8 High
A SQL injection vulnerability exists in the Take Attendance functionality of OS4Ed's OpenSIS 8.0. allows an attacker to inject their own SQL query. The cp_id_miss_attn parameter from TakeAttendance.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request as a user with access to "Take Attendance" functionality to trigger this vulnerability.
CVE-2021-40282 1 Zzcms 1 Zzcms 2024-11-21 8.8 High
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php. when registering ordinary users.
CVE-2021-40281 1 Zzcms 1 Zzcms 2024-11-21 8.8 High
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary users.
CVE-2021-40280 1 Zzcms 1 Zzcms 2024-11-21 7.2 High
An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/dl_sendmail.php.
CVE-2021-40279 1 Zzcms 1 Zzcms 2024-11-21 7.2 High
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/bad.php.
CVE-2021-40247 1 Oretnom23 1 Budget And Expense Tracker System 2024-11-21 9.8 Critical
SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field.