Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16309 | 1 Flamecms Project | 1 Flamecms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
FlameCMS 3.3.5 has SQL injection in account/login.php via accountName.
|
|||||
| CVE-2019-16264 | 1 Egpp | 1 Sistema Integrado De Gestion Academica | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado de Gestion Academica (GESAC) v1, the username parameter of the authentication form is vulnerable to SQL injection, allowing attackers to access the database.
|
|||||
| CVE-2019-16194 | 1 Centreon | 1 Centreon | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php.
|
|||||
| CVE-2019-16125 | 1 Jobberbase | 1 Jobberbase | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In Jobberbase 2.0, the parameter category is not sanitized in public/page_subscribe.php, leading to /subscribe SQL injection.
|
|||||
| CVE-2019-16119 | 1 10web | 1 Photo Gallery | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.
|
|||||
| CVE-2019-16065 | 1 Netsas | 1 Enigma Network Management Solution | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
A remote SQL injection web vulnerability was discovered in the Enigma NMS 65.0.0 and prior web application that allows an attacker to execute SQL commands to expose and compromise the web server, expose database tables and values, and potentially execute system-based commands as the mysql user. This affects the search_pattern value of the manage_hosts_short.cgi script.
|
|||||
| CVE-2019-16012 | 1 Cisco | 12 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 9 more | 2024-11-21 | 8.5 HIGH | 8.1 HIGH |
|
A vulnerability in the web UI of Cisco SD-WAN Solution vManage software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web UI improperly validates SQL values. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on, or return values from, the underlying datab ...
Show More |
|||||
| CVE-2019-15995 | 1 Cisco | 1 Dna Spaces\ | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
A vulnerability in the web UI of Cisco DNA Spaces: Connector could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by entering malicious SQL statements in an affected field in the web UI. A successful exploit could allow the attacker to remove the SQL database, which would require the reinstallation of the Connector VM.
|
|||||
| CVE-2019-15985 | 1 Cisco | 1 Data Center Network Manager | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in ...
Show More |
|||||
| CVE-2019-15984 | 1 Cisco | 1 Data Center Network Manager | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in ...
Show More |
|||||
| CVE-2019-15972 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates SQL values. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to modify values on o ...
Show More |
|||||
| CVE-2019-15933 | 1 Intesync | 1 Solismed | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Intesync Solismed 3.3sp has SQL Injection.
|
|||||
| CVE-2019-15872 | 1 Wpbrigade | 1 Loginpress | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings.
|
|||||
| CVE-2019-15659 | 1 Genetechsolutions | 1 Pie Register | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE-2018-10969.
|
|||||
| CVE-2019-15658 | 1 Connect-pg-simple Project | 1 Connect-pg-simple | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
|
connect-pg-simple before 6.0.1 allows SQL injection if tableName or schemaName is untrusted data.
|
|||||
| CVE-2019-15646 | 1 Carrcommunications | 1 Rsvpmaker | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The rsvpmaker plugin before 6.2 for WordPress has SQL injection.
|
|||||
| CVE-2019-15622 | 1 Nextcloud | 1 Nextcloud | 2024-11-21 | 2.1 LOW | 2.4 LOW |
|
Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries.
|
|||||
| CVE-2019-15574 | 1 Cipsoft | 1 Gesior-aac | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Gesior-AAC before 2019-05-01 allows serviceID SQL injection in accountmanagement.php.
|
|||||
| CVE-2019-15573 | 1 Cipsoft | 1 Gesior-aac | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Gesior-AAC before 2019-05-01 allows SQL injection in tankyou.php.
|
|||||
| CVE-2019-15572 | 1 Cipsoft | 1 Gesior-aac | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Gesior-AAC before 2019-05-01 allows ServiceCategoryID SQL injection in shop.php.
|
|||||
| CVE-2019-15571 | 1 Clonos Project | 1 Clonos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php.
|
|||||
| CVE-2019-15570 | 1 Bedita | 1 Bedita | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters.
|
|||||
| CVE-2019-15569 | 1 Gov | 1 Ccd-data-store-api | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
HM Courts & Tribunals ccd-data-store-api before 2019-06-10 allows SQL injection, related to SearchQueryFactoryOperation.java and SortDirection.java.
|
|||||
| CVE-2019-15568 | 1 Idseq | 1 Idseq-web | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
idseq-web before 2019-07-01 in Infectious Disease Sequencing Platform IDseq allows SQL injection via tax_levels.
|
|||||
| CVE-2019-15567 | 1 Openforis | 1 Arena | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
OpenForis Arena before 2019-05-07 allows SQL injection in the sorting feature.
|
|||||
| CVE-2019-15566 | 1 Alfresco | 1 Alfresco | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java.
|
|||||
| CVE-2019-15565 | 1 Webimpacto | 1 Icommktconnector | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The ICOMMKT connector before 1.0.7 for PrestaShop allows SQL injection in icommktconnector.php.
|
|||||
| CVE-2019-15564 | 1 Compassionuk | 1 Compassion Switzerland | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The Compassion Switzerland addons 10.01.4 for Odoo allow SQL injection in models/partner_compassion.py.
|
|||||
| CVE-2019-15563 | 1 Ohdsi | 1 Webapi | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Observational Health Data Sciences and Informatics (OHDSI) WebAPI before 2.7.2 allows SQL injection in FeatureExtractionService.java.
|
|||||
| CVE-2019-15562 | 1 Gorm | 1 Gorm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
GORM before 1.9.10 allows SQL injection via incomplete parentheses. NOTE: Misusing Gorm by passing untrusted user input where Gorm expects trusted SQL fragments is a vulnerability in the application, not in Gorm
|
|||||
| CVE-2019-15561 | 1 Flashlingo Project | 1 Flashlingo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
FlashLingo before 2019-06-12 allows SQL injection, related to flashlingo.js and db.js.
|
|||||
| CVE-2019-15560 | 1 Reviews Module Project | 1 Reviews Module | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The Reviews Module before 2019-06-14 for OpenSource Table allows SQL injection in database/index.js.
|
|||||
| CVE-2019-15559 | 1 Hawn Project | 1 Hawn | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
DianoxDragon Hawn before 2019-07-10 allows SQL injection.
|
|||||
| CVE-2019-15558 | 1 Xm-online | 1 Xm\^online 2 - Common Utils And Endpoints | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
XM^online 2 Common Utils and Endpoints 0.2.1 allows SQL injection, related to Constants.java, DropSchemaResolver.java, and SchemaChangeResolver.java.
|
|||||
| CVE-2019-15557 | 1 Xm-online | 1 Xm\^online 2 User Account And Authentication Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key.
|
|||||
| CVE-2019-15556 | 1 Social Network Project | 1 Social Network | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Pvanloon1983 social_network before 2019-07-03 allows SQL injection in includes/form_handlers/register_handler.php.
|
|||||
| CVE-2019-15555 | 1 Wellness Project | 1 Wellness | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
FredReinink Wellness-app before 2019-06-19 allows SQL injection, related to dietTrack.php, exerciseGenerator.php, fitnessTrack.php, and server.php.
|
|||||
| CVE-2019-15537 | 1 Cesnet | 1 Proxystatistics | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php.
|
|||||
| CVE-2019-15536 | 1 Youracclaim | 1 Acclaim | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via delete_records.
|
|||||
| CVE-2019-15535 | 1 Hostosm | 1 Tasking Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Tasking Manager before 3.4.0 allows SQL Injection via custom SQL.
|
|||||