Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-17527 | 1 Joomsky | 1 Js Jobs | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
dataForDepandantField in models/custormfields.php in the JS JOBS FREE extension before 1.2.7 for Joomla! allows SQL Injection via the index.php?option=com_jsjobs&task=customfields.getfieldtitlebyfieldandfieldfo child parameter.
|
|||||
| CVE-2019-17429 | 1 Adhouma Cms Project | 1 Adhouma Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Adhouma CMS through 2019-10-09 has SQL Injection via the post.php p_id parameter.
|
|||||
| CVE-2019-17419 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=user&c=admin_user&a=doGetUserInfo id parameter.
|
|||||
| CVE-2019-17418 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter, a different issue than CVE-2019-16997.
|
|||||
| CVE-2019-17370 | 1 Otcms | 1 Otcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFile_deal.php blocks "into outfile" in a SELECT statement, but does not block the "into/**/outfile" manipulation. Therefore, the attacker can create a .php file.
|
|||||
| CVE-2019-17357 | 1 Cacti | 1 Cacti | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery.
|
|||||
| CVE-2019-17319 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Emails module by a Regular user.
|
|||||
| CVE-2019-17318 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by a Regular user.
|
|||||
| CVE-2019-17298 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Administration module by a Developer user.
|
|||||
| CVE-2019-17297 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Quotes module by a Regular user.
|
|||||
| CVE-2019-17296 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Contacts module by a Regular user.
|
|||||
| CVE-2019-17295 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the history function by a Regular user.
|
|||||
| CVE-2019-17294 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the export function by a Regular user.
|
|||||
| CVE-2019-17293 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Project module by a Regular user.
|
|||||
| CVE-2019-17292 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by an Admin user.
|
|||||
| CVE-2019-17271 | 1 Vbulletin | 1 Vbulletin | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter.
|
|||||
| CVE-2019-17197 | 1 Open-emr | 1 Openemr | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
OpenEMR through 5.0.2 has SQL Injection in the Lifestyle demographic filter criteria in library/clinical_rules.php that affects library/patient.inc.
|
|||||
| CVE-2019-17128 | 1 Netreo | 1 Omnicenter | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Netreo OmniCenter through 12.1.1 allows unauthenticated SQL Injection (Boolean Based Blind) in the redirect parameters and parameter name of the login page through a GET request. The injection allows an attacker to read sensitive information from the database used by the application.
|
|||||
| CVE-2019-17119 | 1 Wikidsystems | 1 Two Factor Authentication Enterprise Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter.
|
|||||
| CVE-2019-17117 | 1 Wikidsystems | 1 2fa Enterprise Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows an authenticated user to execute arbitrary SQL commands via the processPref.jsp key parameter.
|
|||||
| CVE-2019-17072 | 1 Awplife | 1 Contact Form Widget | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The new-contact-form-widget (aka Contact Form Widget - Contact Query, Form Maker) plugin 1.0.9 for WordPress has SQL Injection via all-query-page.php.
|
|||||
| CVE-2019-17049 | 1 Netgear | 2 Srx5308, Srx5308 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account.
|
|||||
| CVE-2019-16999 | 1 Idcos | 1 Cloudboot | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI.
|
|||||
| CVE-2019-16997 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter.
|
|||||
| CVE-2019-16996 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter.
|
|||||
| CVE-2019-16980 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
In FusionPBX up to v4.5.7, the file app\call_broadcast\call_broadcast_edit.php uses an unsanitized "id" variable coming from the URL in an unparameterized SQL query, leading to SQL injection.
|
|||||
| CVE-2019-16917 | 1 Wikidsystems | 1 Two Factor Authentication Enterprise Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
WiKID Enterprise 2FA (two factor authentication) Enterprise Server through 4.2.0-b2047 is vulnerable to SQL injection through the searchDevices.jsp endpoint. The uid and domain parameters are used, unsanitized, in a SQL query constructed in the buildSearchWhereClause function.
|
|||||
| CVE-2019-16894 | 1 Inoideas | 1 Inoerp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
download.php in inoERP 4.15 allows SQL injection through insecure deserialization.
|
|||||
| CVE-2019-16745 | 1 Ebrigade | 1 Ebrigade | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
eBrigade before 5.0 has evenement_choice.php chxCal SQL Injection.
|
|||||
| CVE-2019-16744 | 1 Ebrigade | 1 Ebrigade | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
eBrigade before 5.0 has evenements.php cid SQL Injection.
|
|||||
| CVE-2019-16743 | 1 Ebrigade | 1 Ebrigade | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
eBrigade before 5.0 has evenement_ical.php evenement SQL Injection.
|
|||||
| CVE-2019-16696 | 1 Phpipam | 1 Phpipam | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used.
|
|||||
| CVE-2019-16695 | 1 Phpipam | 1 Phpipam | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used.
|
|||||
| CVE-2019-16694 | 1 Phpipam | 1 Phpipam | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used.
|
|||||
| CVE-2019-16692 | 1 Phpipam | 1 Phpipam | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used.
|
|||||
| CVE-2019-16682 | 1 Url Redirect Project | 1 Url Redirect | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
|
The url_redirect (aka URL redirect) extension through 1.2.1 for TYPO3 fails to properly sanitize user input and is susceptible to SQL Injection.
|
|||||
| CVE-2019-16644 | 1 Tuzicms | 1 Tuzicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring.
|
|||||
| CVE-2019-16642 | 1 Yejiao | 1 Tuzicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
App\Mobile\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Mobile/Zhuanti/group?id= substring.
|
|||||
| CVE-2019-16404 | 1 Open-emr | 1 Openemr | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter.
|
|||||
| CVE-2019-16383 | 1 Ipswitch | 1 Moveit Transfer | 2024-11-21 | 7.5 HIGH | 9.4 CRITICAL |
|
MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1 allows an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, or may be able to alter the database via the REST API, aka SQL Injection.
|
|||||