» 2021 » 2월

CVE-2020-35619

Posted on 2021년 2월 16일2021년 2월 16일 by admin

CVE-2020-35619

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.

Source: CVE-2020-35619

CVE-2020-35617

Posted on 2021년 2월 16일2021년 2월 16일 by admin

CVE-2020-35617

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.

Source: CVE-2020-35617

CVE-2021-3239

Posted on 2021년 2월 16일2021년 2월 16일 by admin

CVE-2021-3239

E-Learning System 1.0 suffers from an unauthenticated SQL injection vulnerability, which allows remote attackers to execute arbitrary code on the hosting web server and gain a reverse shell.

Source: CVE-2021-3239

CVE-2021-26201

Posted on 2021년 2월 16일2021년 2월 16일 by admin

CVE-2021-26201

The Login Panel of CASAP Automated Enrollment System 1.0 is vulnerable to SQL injection authentication bypass. An attacker can obtain access to the admin panel by injecting a SQL query in the username field of the login page.

Source: CVE-2021-26201

CVE-2020-29140

Posted on 2021년 2월 16일2021년 2월 16일 by admin

CVE-2020-29140

A SQL injection vulnerability in interface/reports/immunization_report.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter.

Source: CVE-2020-29140

CVE-2020-29143

Posted on 2021년 2월 16일2021년 2월 16일 by admin

CVE-2020-29143

A SQL injection vulnerability in interface/reports/non_reported.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter.

Source: CVE-2020-29143

CVE-2020-35734

Posted on 2021년 2월 16일2021년 2월 16일 by admin

CVE-2020-35734

** UNSUPPORTED WHEN ASSIGNED ** Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user’s data (username, displayed name, etc.). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Source: CVE-2020-35734

CVE-2021-26822

Posted on 2021년 2월 16일2021년 2월 16일 by admin

CVE-2021-26822

Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in ‘searchteacher’ POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthenticated attacker to leak sensitive information and perform code execution attacks.

Source: CVE-2021-26822

CVE-2020-35500

Posted on 2021년 2월 16일2021년 2월 16일 by admin

CVE-2020-35500

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Source: CVE-2020-35500

CVE-2021-26200

Posted on 2021년 2월 16일2021년 2월 16일 by admin

CVE-2021-26200

The user area for Library System 1.0 is vulnerable to SQL injection where a user can bypass the authentication and login as the admin user.

Source: CVE-2021-26200