Search
Total
2383 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10550 | 1 Sequelizejs | 1 Sequelize | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS If user input goes into the `limit` or `order` parameters, a malicious user can put in their own SQL statements. This affects sequelize 3.16.0 and earlier. | |||||
| CVE-2015-9450 | 1 Sizmic | 1 Plugmatter Optin Feature Box | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_cc pmfb_tid parameter. | |||||
| CVE-2015-9452 | 1 Nex-forms - Ultimate Form Builder Project | 1 Nex-forms - Ultimate Form Builder | 2019-10-08 | 7.5 HIGH | 9.8 CRITICAL |
| The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter. | |||||
| CVE-2015-9451 | 1 Sizmic | 1 Plugmatter Optin Feature Box | 2019-10-08 | 7.5 HIGH | 9.8 CRITICAL |
| The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_mailchimp pmfb_tid parameter. | |||||
| CVE-2019-17197 | 1 Open-emr | 1 Openemr | 2019-10-08 | 7.5 HIGH | 9.8 CRITICAL |
| OpenEMR through 5.0.2 has SQL Injection in the Lifestyle demographic filter criteria in library/clinical_rules.php that affects library/patient.inc. | |||||
| CVE-2019-13957 | 1 Umbraco | 1 Umbraco | 2019-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter. | |||||
| CVE-2017-15379 | 1 Softwarepublico | 1 E-sic | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password. | |||||
| CVE-2018-3783 | 1 Flintcms | 1 Flintcms | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| A privilege escalation detected in flintcms versions <= 1.1.9 allows account takeover due to blind MongoDB injection in password reset. | |||||
| CVE-2018-8733 | 1 Nagios | 1 Nagios Xi | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to make configuration changes and leverage an authenticated SQL injection vulnerability. | |||||
| CVE-2017-1002012 | 1 Anblik | 1 Image-gallery-with-slideshow | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, In image-gallery-with-slideshow/admin_setting.php the following snippet of code does not sanitize input via the gid variable before passing it into an SQL statement. | |||||
| CVE-2017-3549 | 1 Oracle | 1 Scripting | 2019-10-03 | 7.5 HIGH | 9.1 CRITICAL |
| Vulnerability in the Oracle Scripting component of Oracle E-Business Suite (subcomponent: Scripting Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Scripting accessible data as well as unauthorized access to critical data or complete access to all Oracle Scripting accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). | |||||
| CVE-2019-16999 | 1 Idcos | 1 Cloudboot | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI. | |||||
| CVE-2019-16692 | 1 Phpipam | 1 Phpipam | 2019-10-01 | 7.5 HIGH | 9.8 CRITICAL |
| phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used. | |||||
| CVE-2015-9333 | 1 Cformsii Project | 1 Cformsii | 2019-09-30 | 7.5 HIGH | 9.8 CRITICAL |
| The cforms2 plugin before 14.6.10 for WordPress has SQL injection. | |||||
| CVE-2018-17232 | 1 Slack Archivebot Project | 1 Slack Archivebot | 2019-09-26 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in archivebot.py in docmarionum1 Slack ArchiveBot (aka slack-archive-bot) before 2018-09-19 allows remote attackers to execute arbitrary SQL commands via the text parameter to cursor.execute(). | |||||
| CVE-2018-5989 | 1 Chillcreations | 1 Ccnewsletter | 2019-09-26 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099. | |||||
| CVE-2019-16194 | 1 Centreon | 1 Centreon | 2019-09-25 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php. | |||||
| CVE-2019-16696 | 1 Phpipam | 1 Phpipam | 2019-09-23 | 7.5 HIGH | 9.8 CRITICAL |
| phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used. | |||||
| CVE-2019-16695 | 1 Phpipam | 1 Phpipam | 2019-09-23 | 7.5 HIGH | 9.8 CRITICAL |
| phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used. | |||||
| CVE-2019-16694 | 1 Phpipam | 1 Phpipam | 2019-09-23 | 7.5 HIGH | 9.8 CRITICAL |
| phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used. | |||||
| CVE-2019-16693 | 1 Phpipam | 1 Phpipam | 2019-09-23 | 7.5 HIGH | 9.8 CRITICAL |
| phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used. | |||||
| CVE-2019-16644 | 1 Tuzicms | 1 Tuzicms | 2019-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring. | |||||
| CVE-2019-16642 | 1 Yejiao | 1 Tuzicms | 2019-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| App\Mobile\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Mobile/Zhuanti/group?id= substring. | |||||
| CVE-2016-11000 | 1 Smackcoders | 1 Ultimate Exporter | 2019-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter. | |||||
| CVE-2019-15301 | 1 Terrasoft | 1 Bpm Online Crm System Sdk | 2019-09-19 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm'online CRM-System SDK 7.13 allows attackers to execute arbitrary SQL commands via the value parameter. | |||||
| CVE-2019-14254 | 1 Publisure | 1 Publisure | 2019-09-19 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the secure portal in Publisure 2.1.2. Because SQL queries are not well sanitized, there are multiple SQL injections in userAccFunctions.php functions. Using this, an attacker can access passwords and/or grant access to the user account "user" in order to become "Administrator" (for example). | |||||
| CVE-2019-16264 | 1 Egpp | 1 Sistema Integrado De Gestion Academica | 2019-09-17 | 7.5 HIGH | 9.8 CRITICAL |
| In Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado de Gestion Academica (GESAC) v1, the username parameter of the authentication form is vulnerable to SQL injection, allowing attackers to access the database. | |||||
| CVE-2018-15873 | 1 Sapplica | 1 Sentrifugo | 2019-09-16 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection issue was discovered in Sentrifugo 3.2 via the deptid parameter. | |||||
| CVE-2019-16309 | 1 Flamecms Project | 1 Flamecms | 2019-09-16 | 7.5 HIGH | 9.8 CRITICAL |
| FlameCMS 3.3.5 has SQL injection in account/login.php via accountName. | |||||
| CVE-2016-10942 | 1 Podlove | 1 Podlove Podcast Publisher | 2019-09-13 | 7.5 HIGH | 9.8 CRITICAL |
| The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF. | |||||
| CVE-2019-16119 | 1 10web | 1 Photo Gallery | 2019-09-10 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter. | |||||
| CVE-2019-16125 | 1 Jobberbase | 1 Jobberbase | 2019-09-09 | 7.5 HIGH | 9.8 CRITICAL |
| In Jobberbase 2.0, the parameter category is not sanitized in public/page_subscribe.php, leading to /subscribe SQL injection. | |||||
| CVE-2015-9301 | 1 W3eden | 1 Live Forms | 2019-09-09 | 7.5 HIGH | 9.8 CRITICAL |
| The liveforms plugin before 3.2.0 for WordPress has SQL injection. | |||||
| CVE-2019-15872 | 1 Wpbrigade | 1 Loginpress | 2019-09-05 | 7.5 HIGH | 9.8 CRITICAL |
| The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings. | |||||
| CVE-2015-9344 | 1 Perafox | 1 Link Log | 2019-09-04 | 7.5 HIGH | 9.8 CRITICAL |
| The link-log plugin before 2.1 for WordPress has SQL injection. | |||||
| CVE-2019-15569 | 1 Gov | 1 Ccd-data-store-api | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| HM Courts & Tribunals ccd-data-store-api before 2019-06-10 allows SQL injection, related to SearchQueryFactoryOperation.java and SortDirection.java. | |||||
| CVE-2019-15555 | 1 Wellness Project | 1 Wellness | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| FredReinink Wellness-app before 2019-06-19 allows SQL injection, related to dietTrack.php, exerciseGenerator.php, fitnessTrack.php, and server.php. | |||||
| CVE-2019-15557 | 1 Xm-online | 1 Xm\^online 2 User Account And Authentication Server | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key. | |||||
| CVE-2019-15560 | 1 Reviews Module Project | 1 Reviews Module | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| The Reviews Module before 2019-06-14 for OpenSource Table allows SQL injection in database/index.js. | |||||
| CVE-2019-15571 | 1 Clonos Project | 1 Clonos | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php. | |||||
| CVE-2019-15572 | 1 Cipsoft | 1 Gesior-aac | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| Gesior-AAC before 2019-05-01 allows ServiceCategoryID SQL injection in shop.php. | |||||
| CVE-2019-15573 | 1 Cipsoft | 1 Gesior-aac | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| Gesior-AAC before 2019-05-01 allows SQL injection in tankyou.php. | |||||
| CVE-2019-15574 | 1 Cipsoft | 1 Gesior-aac | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| Gesior-AAC before 2019-05-01 allows serviceID SQL injection in accountmanagement.php. | |||||
| CVE-2019-15558 | 1 Xm-online | 1 Xm\^online 2 - Common Utils And Endpoints | 2019-08-30 | 7.5 HIGH | 9.8 CRITICAL |
| XM^online 2 Common Utils and Endpoints 0.2.1 allows SQL injection, related to Constants.java, DropSchemaResolver.java, and SchemaChangeResolver.java. | |||||
| CVE-2019-15533 | 1 Xayr | 1 Xenfcoresharp | 2019-08-30 | 7.5 HIGH | 9.8 CRITICAL |
| XENFCoreSharp before 2019-07-16 allows SQL injection in web/verify.php. | |||||
| CVE-2019-15559 | 1 Hawn Project | 1 Hawn | 2019-08-29 | 7.5 HIGH | 9.8 CRITICAL |
| DianoxDragon Hawn before 2019-07-10 allows SQL injection. | |||||
| CVE-2019-15563 | 1 Ohdsi | 1 Webapi | 2019-08-29 | 7.5 HIGH | 9.8 CRITICAL |
| Observational Health Data Sciences and Informatics (OHDSI) WebAPI before 2.7.2 allows SQL injection in FeatureExtractionService.java. | |||||
| CVE-2019-15570 | 1 Bedita | 1 Bedita | 2019-08-29 | 7.5 HIGH | 9.8 CRITICAL |
| BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters. | |||||
| CVE-2019-15536 | 1 Youracclaim | 1 Acclaim | 2019-08-29 | 7.5 HIGH | 9.8 CRITICAL |
| The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via delete_records. | |||||
| CVE-2015-9334 | 1 Email-newsletter Project | 1 Email-newsletter | 2019-08-29 | 7.5 HIGH | 9.8 CRITICAL |
| The email-newsletter plugin through 20.15 for WordPress has SQL injection. | |||||