Filtered by CWE-89

Search

Switch to Advanced Search (Beta)
Total 17373 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-19165 1 Phpshe 1 Phpshe 2024-11-21 9.8 Critical
PHPSHE 1.7 has SQL injection via the admin.php?mod=user&userlevel_id=1 userlevel_id[] parameter.
CVE-2020-19114 1 Projectworlds 1 Online Book Store Project In Php 2024-11-21 9.8 Critical
SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.
CVE-2020-19112 1 Projectworlds 1 Online Book Store Project In Php 2024-11-21 9.8 Critical
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code.
CVE-2020-19110 1 Projectworlds 1 Online Book Store Project In Php 2024-11-21 9.8 Critical
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code.
CVE-2020-19109 1 Projectworlds 1 Online Book Store Project In Php 2024-11-21 9.8 Critical
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, which could let a remote malicious user execute arbitrary code.
CVE-2020-19108 1 Projectworlds 1 Online Book Store Project In Php 2024-11-21 9.8 Critical
SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary code.
CVE-2020-19107 1 Projectworlds 1 Online Book Store Project In Php 2024-11-21 9.8 Critical
SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.
CVE-2020-18913 1 Ecisp 1 Espcms-p8 2024-11-21 7.5 High
EARCLINK ESPCMS-P8 was discovered to contain a SQL injection vulnerability in the espcms_web/Search.php component via the attr_array parameter. This vulnerability allows attackers to access sensitive database information.
CVE-2020-18877 1 Wuzhicms 1 Wuzhicms 2024-11-21 7.5 High
SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'.
CVE-2020-18746 1 Aitecms 1 Aitecms 2024-11-21 7.2 High
SQL Injection in AiteCMS v1.0 allows remote attackers to execute arbitrary code via the component "aitecms/login/diy_list.php".
CVE-2020-18717 1 Zzzcms 1 Zzzphp 2024-11-21 9.8 Critical
SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzz_template.php.
CVE-2020-18716 1 Rockoa 1 Rockoa 2024-11-21 9.8 Critical
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php.
CVE-2020-18714 1 Rockoa 1 Rockoa 2024-11-21 9.8 Critical
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordModel.php's getdata function.
CVE-2020-18713 1 Rockoa 1 Rockoa 2024-11-21 9.8 Critical
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php
CVE-2020-18667 1 Webport 1 Webport 2024-11-21 9.8 Critical
SQL Injection vulnerability in WebPort <=1.19.1 via the new connection, parameter name in type-conn.
CVE-2020-18662 1 Sir 1 Gnuboard 2024-11-21 9.8 Critical
SQL Injection vulnerability in gnuboard5 <=v5.3.2.8 via the table_prefix parameter in install_db.php.
CVE-2020-18544 1 Wms Project 1 Wms 2024-11-21 9.8 Critical
SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary code via the "username" parameter in the component "chkuser.php".
CVE-2020-18477 1 Hucart 1 Hucart 2024-11-21 8.8 High
SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enquiry field found in the Message con_content field.
CVE-2020-18476 1 Hucart 1 Hucart 2024-11-21 8.8 High
SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic information field found in the avatar usd_image field.
CVE-2020-18263 1 Php-cms Project 1 Php-cms 2024-11-21 7.5 High
PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability in the component search.php via the search parameter. This vulnerability allows attackers to access sensitive database information.