CVE-2017-20197

MEDIUM Year: 2017
CVSS v3 Score
7.3
High
CVSS v2 Score
7.5
High
Weakness Type
CWE-74
View all →

Vulnerability Description

A vulnerability was found in propanetank Roommate-Bill-Tracking up to 288437f658fc9ee7d4b92a9da12557024d8bc55c. It has been declared as critical. This vulnerability affects unknown code of the file /includes/login.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The name of the patch is b32bb1b940f82d38fb9310cd66ebe349e20a1d0a. It is recommended to apply a patch to fix this issue.

Related Vulnerabilities

CVE-2015-8800

HIGH
CVSS:7.3(High)

Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical Sy...

CWE-742015

CVE-2018-20914

HIGH
CVSS:7.3(High)

In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368).

CWE-742018

CVE-2020-15255

HIGH
CVSS:7.3(High)

In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software (for example...

CWE-742020

CVE-2021-0553

HIGH
CVSS:7.3(High)

In onBindViewHolder of AppSwitchPreference.java, there is a possible bypass of device admin setttings due to unclear UI. This could lead to local escalation of privilege with User execution privileges...

CWE-742021

CVE-2021-27614

HIGH
CVSS:7.3(High)

SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One on SAP HANA, allows an attacker to inject code that can be executed by the application....

CWE-742021

CVE-2021-33195

HIGH
CVSS:7.3(High)

Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does no...

CWE-742021