Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15534 | 1 Raml-module-builder Project | 1 Raml-module-builder | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Raml-Module-Builder 26.4.0 allows SQL Injection in PostgresClient.update.
|
|||||
| CVE-2019-15533 | 1 Xayr | 1 Xenfcoresharp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
XENFCoreSharp before 2019-07-16 allows SQL injection in web/verify.php.
|
|||||
| CVE-2019-15301 | 1 Terrasoft | 1 Bpm Online Crm System Sdk | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm'online CRM-System SDK 7.13 allows attackers to execute arbitrary SQL commands via the value parameter.
|
|||||
| CVE-2019-15300 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query.
|
|||||
| CVE-2019-15105 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
An issue was discovered in Zoho ManageEngine Application Manager through 14.2. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature.
|
|||||
| CVE-2019-15104 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
An issue was discovered in Zoho ManageEngine OpManager through 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature.
|
|||||
| CVE-2019-15025 | 1 Ninjaforms | 1 Ninjaforms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page.
|
|||||
| CVE-2019-15016 | 1 Zingbox | 1 Inspector | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database.
|
|||||
| CVE-2019-14968 | 1 Txjia | 1 Imcat | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action.
|
|||||
| CVE-2019-14966 | 1 Frappe | 1 Frappe | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. There exists an authenticated SQL injection.
|
|||||
| CVE-2019-14937 | 1 Vanderbilt | 1 Redcap | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
|
REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data.
|
|||||
| CVE-2019-14900 | 3 Hibernate, Quarkus, Redhat | 11 Hibernate Orm, Quarkus, Build Of Quarkus and 8 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
|
|||||
| CVE-2019-14801 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows email subscription SQL injection.
|
|||||
| CVE-2019-14754 | 1 Open-school | 1 Open-school | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Open-School 3.0, and Community Edition 2.3, allows SQL Injection via the index.php?r=students/students/document id parameter.
|
|||||
| CVE-2019-14702 | 1 Microdigital | 6 Mdc-n2190v, Mdc-n2190v Firmware, Mdc-n4090 and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. SQL injection vulnerabilities exist in 13 forms that are reachable through HTTPD. An attacker can, for example, create an admin account.
|
|||||
| CVE-2019-14695 | 1 Sygnoos | 1 Popup Builder | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL injection vulnerability exists in the Sygnoos Popup Builder plugin before 3.45 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via com/libs/Table.php because Subscribers Table ordering is mishandled.
|
|||||
| CVE-2019-14529 | 1 Open-emr | 1 Openemr | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php.
|
|||||
| CVE-2019-14430 | 1 Youphptube | 1 Youphptube | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows SQL Injection.
|
|||||
| CVE-2019-14348 | 1 Beardev | 1 Joomsport | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via the joomsport_season/new-yorkers/?action=playerlist sid parameter.
|
|||||
| CVE-2019-14314 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.11 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via modules/nextgen_gallery_display/package.module.nextgen_gallery_display.php.
|
|||||
| CVE-2019-14313 | 1 10web | 1 Photo Gallery | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php.
|
|||||
| CVE-2019-14266 | 1 Opensns | 1 Opensns | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
OpenSNS v6.1.0 allows SQL Injection via the index.php?s=/ucenter/Config/ uid parameter because of the getNeedQueryData function in Application/Common/Model/UserModel.class.php.
|
|||||
| CVE-2019-14254 | 1 Publisure | 1 Publisure | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in the secure portal in Publisure 2.1.2. Because SQL queries are not well sanitized, there are multiple SQL injections in userAccFunctions.php functions. Using this, an attacker can access passwords and/or grant access to the user account "user" in order to become "Administrator" (for example).
|
|||||
| CVE-2019-14234 | 3 Debian, Djangoproject, Fedoraproject | 3 Debian Linux, Django, Fedora | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwa ...
Show More |
|||||
| CVE-2019-14231 | 1 Onionbuzz | 1 Onionbuzz | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin before 1.2.2 for WordPress. One could exploit the points parameter in the ob_get_results ajax nopriv handler due to there being no sanitization prior to use in a SQL query in getResultByPointsTrivia. This allows an unauthenticated/unprivileged user to perform a SQL injection attack capable of remote code execution and information disclosure.
|
|||||
| CVE-2019-14230 | 1 Onionbuzz | 1 Onionbuzz | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin before 1.2.7 for WordPress. One could exploit the id parameter in the set_count ajax nopriv handler due to there being no sanitization prior to use in a SQL query in saveQuestionVote. This allows an unauthenticated/unprivileged user to perform a SQL injection attack capable of remote code execution and information disclosure.
|
|||||
| CVE-2019-13978 | 1 Ovidentia | 1 Ovidentia | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request.
|
|||||
| CVE-2019-13969 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1 request.
|
|||||
| CVE-2019-13957 | 1 Umbraco | 1 Umbraco | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter.
|
|||||
| CVE-2019-13578 | 1 Givewp | 1 Givewp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php.
|
|||||
| CVE-2019-13575 | 1 Wpeverest | 1 Everest Forms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/evf-entry-functions.php
|
|||||
| CVE-2019-13573 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A SQL injection vulnerability exists in the FolioVision FV Flowplayer Video Player plugin before 7.3.19.727 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.
|
|||||
| CVE-2019-13572 | 1 Adenion | 1 Blog2social | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection.
|
|||||
| CVE-2019-13571 | 1 Vsourz | 1 Advanced Cf7 Db | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.
|
|||||
| CVE-2019-13570 | 1 Ajdg | 1 Adrotate | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
The AJdG AdRotate plugin before 5.3 for WordPress allows SQL Injection.
|
|||||
| CVE-2019-13569 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.
|
|||||
| CVE-2019-13507 | 1 Hidea | 1 Az Admin | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection.
|
|||||
| CVE-2019-13489 | 1 Trape Project | 1 Trape | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Trape through 2019-05-08 has SQL injection via the data[2] variable in core/db.py, as demonstrated by the /bs t parameter.
|
|||||
| CVE-2019-13462 | 1 Lansweeper | 1 Lansweeper | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
Lansweeper before 7.1.117.4 allows unauthenticated SQL injection.
|
|||||
| CVE-2019-13447 | 1 Sertek | 1 Xpare | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could access the backend database via SQL injection.
|
|||||