|
210981
|
8.8 |
HIGH
Network
|
drupal
|
drupal
|
Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefull…
|
CWE-77
Command Injection
|
CVE-2020-13664
|
2024-11-21 14:01 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210982
|
6.1 |
MEDIUM
Network
|
drupal
|
drupal
|
Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack. This issue affects: Drupal Drupal Core 7.x versions prior to 7.73; 8.…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13666
|
2024-11-21 14:01 |
2021-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210983
|
8.8 |
HIGH
Network
|
open-emr
phpgacl_project
|
openemr
phpgacl
|
SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin/edit_gro…
|
CWE-89
SQL Injection
|
CVE-2020-13568
|
2024-11-21 14:01 |
2021-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210984
|
8.8 |
HIGH
Network
|
open-emr
phpgacl_project
|
openemr
phpgacl
|
SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability In admin/edit_gr…
|
CWE-89
SQL Injection
|
CVE-2020-13566
|
2024-11-21 14:01 |
2021-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210985
|
8.8 |
HIGH
Network
|
rukovoditel
|
rukovoditel
|
An exploitable SQL injection vulnerability exists in "global_lists/choices" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attack…
|
CWE-89
SQL Injection
|
CVE-2020-13592
|
2024-11-21 14:01 |
2021-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210986
|
8.8 |
HIGH
Network
|
rukovoditel
|
rukovoditel
|
An exploitable SQL injection vulnerability exists in the "access_rules/rules_form" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An…
|
CWE-89
SQL Injection
|
CVE-2020-13591
|
2024-11-21 14:01 |
2021-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210987
|
8.8 |
HIGH
Network
|
rukovoditel
|
rukovoditel
|
An exploitable SQL injection vulnerability exists in the "forms_fields_rules/rules" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. A…
|
CWE-89
SQL Injection
|
CVE-2020-13587
|
2024-11-21 14:01 |
2021-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210988
|
7.8 |
HIGH
Local
|
dreamreport
|
dream_report
|
A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers (CLSID), installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges w…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-13534
|
2024-11-21 14:01 |
2021-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210989
|
7.8 |
HIGH
Local
|
dreamreport
|
dream_report
|
A privilege escalation vulnerability exists in Dream Report 5 R20-2. IIn the default configuration, the following registry keys, which reference binaries with weak permissions, can be abused by attac…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-13533
|
2024-11-21 14:01 |
2021-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210990
|
7.8 |
HIGH
Local
|
dreamreport
|
dream_report
|
A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges …
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-13532
|
2024-11-21 14:01 |
2021-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
