Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2021-02-23 CVE-2021-26686 SQL Injection vulnerability in Arubanetworks Clearpass Policy Manager
A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1.
network
low complexity
arubanetworks CWE-89
5.5
2021-02-19 CVE-2020-24617 SQL Injection vulnerability in Mailtrain
Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns.js via /campaigns/clicked/ajax because variable column names are not properly escaped.
network
mailtrain CWE-89
6.0
2021-02-18 CVE-2021-27124 SQL Injection vulnerability in Doctor Appointment System Project Doctor Appointment System 1.0
SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack.
network
low complexity
doctor-appointment-system-project CWE-89
4.0
2021-02-17 CVE-2021-25779 SQL Injection vulnerability in Baby Care System Project Baby Care System 1.0
Baby Care System v1.0 is vulnerable to SQL injection via the 'id' parameter on the contentsectionpage.php page.
network
low complexity
baby-care-system-project CWE-89
7.5
2021-02-17 CVE-2020-36003 SQL Injection vulnerability in Online Book Store Project Online Book Store 1.0
The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases.
network
low complexity
online-book-store-project CWE-89
5.0
2021-02-17 CVE-2020-36002 SQL Injection vulnerability in Seat-Reservation-System Project Seat-Reservation-System 1.0
Seat-Reservation-System 1.0 has a SQL injection vulnerability in index.php in the id and file parameters where attackers can obtain sensitive database information.
network
low complexity
seat-reservation-system-project CWE-89
5.0
2021-02-17 CVE-2021-22854 SQL Injection vulnerability in HR Portal Project HR Portal 7.3.2020.1013
The HR Portal of Soar Cloud System fails to filter specific parameters.
network
low complexity
hr-portal-project CWE-89
5.0
2021-02-17 CVE-2021-22856 SQL Injection vulnerability in Changjia Property Management System Project Changjia Property Management System 1.00
The CGE property management system contains SQL Injection vulnerabilities.
5.0
2021-02-16 CVE-2021-27101 SQL Injection vulnerability in Accellion FTA 912370
Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html.
network
low complexity
accellion CWE-89
7.5
2021-02-16 CVE-2020-24841 SQL Injection vulnerability in SDG Pnpscada 2.200816204020
PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in /browse.jsp.
network
low complexity
sdg CWE-89
7.5