Vulnerabilities > Spotweb Project > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-26 | CVE-2021-3286 | SQL Injection vulnerability in Spotweb Project Spotweb 1.4.9 SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. | 9.8 |
| 2020-12-17 | CVE-2020-35545 | SQL Injection vulnerability in Spotweb Project Spotweb 1.4.9 Time-based SQL injection exists in Spotweb 1.4.9 via the query string. | 9.8 |