Search
Total
2383 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-6719 | 1 Sharebar Project | 1 Sharebar | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| The sharebar plugin before 1.2.2 for WordPress has SQL injection. | |||||
| CVE-2019-15568 | 1 Idseq | 1 Idseq-web | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| idseq-web before 2019-07-01 in Infectious Disease Sequencing Platform IDseq allows SQL injection via tax_levels. | |||||
| CVE-2019-15659 | 1 Genetechsolutions | 1 Pie Register | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE-2018-10969. | |||||
| CVE-2015-9352 | 1 Wp-polls Project | 1 Wp-polls | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-polls plugin before 2.72 for WordPress has SQL injection. | |||||
| CVE-2019-15646 | 1 Rsvpmaker Project | 1 Rsvpmaker | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| The rsvpmaker plugin before 6.2 for WordPress has SQL injection. | |||||
| CVE-2018-21004 | 1 Rsvpmaker Project | 1 Rsvpmaker | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection. | |||||
| CVE-2019-15537 | 1 Cesnet | 1 Proxystatistics | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php. | |||||
| CVE-2019-15565 | 1 Webimpacto | 1 Icommktconnector | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| The ICOMMKT connector before 1.0.7 for PrestaShop allows SQL injection in icommktconnector.php. | |||||
| CVE-2019-15567 | 1 Openforis | 1 Arena | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| OpenForis Arena before 2019-05-07 allows SQL injection in the sorting feature. | |||||
| CVE-2018-21003 | 1 Themekraft | 1 Buddyforms | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| The buddyforms plugin before 2.2.8 for WordPress has SQL injection. | |||||
| CVE-2019-15556 | 1 Social Network Project | 1 Social Network | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| Pvanloon1983 social_network before 2019-07-03 allows SQL injection in includes/form_handlers/register_handler.php. | |||||
| CVE-2019-15561 | 1 Flashlingo Project | 1 Flashlingo | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| FlashLingo before 2019-06-12 allows SQL injection, related to flashlingo.js and db.js. | |||||
| CVE-2019-14234 | 3 Debian, Djangoproject, Fedoraproject | 3 Debian Linux, Django, Fedora | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function. | |||||
| CVE-2019-15566 | 1 Alfresco | 1 Alfresco | 2019-08-27 | 7.5 HIGH | 9.8 CRITICAL |
| The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java. | |||||
| CVE-2019-15564 | 1 Compassionuk | 1 Compassion Switzerland | 2019-08-27 | 7.5 HIGH | 9.8 CRITICAL |
| The Compassion Switzerland addons 10.01.4 for Odoo allow SQL injection in models/partner_compassion.py. | |||||
| CVE-2019-10687 | 1 Kbpublisher | 1 Kbpublisher | 2019-08-27 | 7.5 HIGH | 9.8 CRITICAL |
| KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entry_id[0] parameter, the admin/index.php?module=log id parameter, or an index.php?View=print&id[]= request. | |||||
| CVE-2019-15535 | 1 Hostosm | 1 Tasking Manager | 2019-08-26 | 7.5 HIGH | 9.8 CRITICAL |
| Tasking Manager before 3.4.0 allows SQL Injection via custom SQL. | |||||
| CVE-2014-10387 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2019-08-26 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection. | |||||
| CVE-2019-15534 | 1 Raml-module-builder Project | 1 Raml-module-builder | 2019-08-26 | 7.5 HIGH | 9.8 CRITICAL |
| Raml-Module-Builder 26.4.0 allows SQL Injection in PostgresClient.update. | |||||
| CVE-2017-18573 | 1 Simplerealtytheme | 1 Simple Login Log | 2019-08-26 | 7.5 HIGH | 9.8 CRITICAL |
| The simple-login-log plugin before 1.1.2 for WordPress has SQL injection. | |||||
| CVE-2017-18571 | 1 Search Everything Project | 1 Search Everything | 2019-08-26 | 7.5 HIGH | 9.8 CRITICAL |
| The search-everything plugin before 8.1.7 for WordPress has SQL injection related to WordPress 4.7.x, a different vulnerability than CVE-2014-2316. | |||||
| CVE-2016-10921 | 1 Ays-pro | 1 Photo Gallery | 2019-08-26 | 7.5 HIGH | 9.8 CRITICAL |
| The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL injection. | |||||
| CVE-2016-10916 | 1 Codepeople | 1 Appointment Booking Calendar | 2019-08-26 | 7.5 HIGH | 9.8 CRITICAL |
| The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319. | |||||
| CVE-2015-9335 | 1 Bestwebsoft | 1 Limit Attempts | 2019-08-26 | 7.5 HIGH | 9.8 CRITICAL |
| The limit-attempts plugin before 1.1.1 for WordPress has SQL injection during IP address handling. | |||||
| CVE-2016-10917 | 1 Search Everything Project | 1 Search Everything | 2019-08-26 | 7.5 HIGH | 9.8 CRITICAL |
| The search-everything plugin before 8.1.6 for WordPress has SQL injection related to empty search strings, a different vulnerability than CVE-2014-2316. | |||||
| CVE-2017-18570 | 1 Cformsii Project | 1 Cformsii | 2019-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| The cforms2 plugin before 14.13 for WordPress has SQL injection in the tracking DB GUI via Delete Entries or Download Entries. | |||||
| CVE-2014-10379 | 1 Duplicate Post Project | 1 Duplicate Post | 2019-08-22 | 7.5 HIGH | 9.8 CRITICAL |
| The duplicate-post plugin before 2.6 for WordPress has SQL injection. | |||||
| CVE-2015-9330 | 1 Soflyy | 1 Wp All Import | 2019-08-22 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection. | |||||
| CVE-2019-13578 | 1 Impress | 1 Givewp | 2019-08-22 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php. | |||||
| CVE-2015-9325 | 1 Bestwebsoft | 1 Visitors Online | 2019-08-21 | 7.5 HIGH | 9.8 CRITICAL |
| The visitors-online plugin before 0.4 for WordPress has SQL injection. | |||||
| CVE-2016-10904 | 1 Olimometer Project | 1 Olimometer | 2019-08-21 | 7.5 HIGH | 9.8 CRITICAL |
| The olimometer plugin before 2.57 for WordPress has SQL injection. | |||||
| CVE-2015-9326 | 1 Wpbusinessintelligence | 1 Wp Business Intelligence | 2019-08-21 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-business-intelligence-lite plugin before 1.6.3 for WordPress has SQL injection. | |||||
| CVE-2016-10909 | 1 Codepeople | 1 Booking Calendar Contact Form | 2019-08-21 | 7.5 HIGH | 9.8 CRITICAL |
| The booking-calendar-contact-form plugin before 1.0.24 for WordPress has SQL injection. | |||||
| CVE-2014-10376 | 1 Themeist | 1 I Recommend This | 2019-08-21 | 7.5 HIGH | 9.8 CRITICAL |
| The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection. | |||||
| CVE-2019-15025 | 1 Ninjaforms | 1 Ninjaforms | 2019-08-20 | 7.5 HIGH | 9.8 CRITICAL |
| The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page. | |||||
| CVE-2015-9310 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2019-08-19 | 7.5 HIGH | 9.8 CRITICAL |
| The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues. | |||||
| CVE-2016-10888 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2019-08-19 | 7.5 HIGH | 9.8 CRITICAL |
| The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues. | |||||
| CVE-2016-10887 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2019-08-19 | 7.5 HIGH | 9.8 CRITICAL |
| The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPress has multiple SQL injection issues. | |||||
| CVE-2015-9316 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2019-08-19 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request via the poll_id parameter. | |||||
| CVE-2017-18515 | 1 Veronalabs | 1 Wp Statistics | 2019-08-16 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-statistics plugin before 12.0.8 for WordPress has SQL injection. | |||||
| CVE-2017-18548 | 1 Datainterlock | 1 Note Press | 2019-08-16 | 7.5 HIGH | 9.8 CRITICAL |
| The note-press plugin before 0.1.2 for WordPress has SQL injection. | |||||
| CVE-2016-10889 | 1 Imagely | 1 Nextgen Gallery | 2019-08-16 | 7.5 HIGH | 9.8 CRITICAL |
| The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name. | |||||
| CVE-2015-9313 | 1 Newstatpress Project | 1 Newstatpress | 2019-08-16 | 7.5 HIGH | 9.8 CRITICAL |
| The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element. | |||||
| CVE-2015-9315 | 1 Newstatpress Project | 1 Newstatpress | 2019-08-16 | 7.5 HIGH | 9.8 CRITICAL |
| The newstatpress plugin before 1.0.1 for WordPress has SQL injection. | |||||
| CVE-2019-13462 | 1 Lansweeper | 1 Lansweeper | 2019-08-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. | |||||
| CVE-2019-14968 | 1 Txjia | 1 Imcat | 2019-08-15 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action. | |||||
| CVE-2019-14754 | 1 Open-school | 1 Open-school | 2019-08-14 | 7.5 HIGH | 9.8 CRITICAL |
| Open-School 3.0, and Community Edition 2.3, allows SQL Injection via the index.php?r=students/students/document id parameter. | |||||
| CVE-2019-14801 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2019-08-14 | 7.5 HIGH | 9.8 CRITICAL |
| The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows email subscription SQL injection. | |||||
| CVE-2019-14702 | 1 Microdigital | 6 Mdc-n2190v, Mdc-n2190v Firmware, Mdc-n4090 and 3 more | 2019-08-13 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. SQL injection vulnerabilities exist in 13 forms that are reachable through HTTPD. An attacker can, for example, create an admin account. | |||||
| CVE-2019-1010259 | 1 Saltstack | 2 Salt 2018, Salt 2019 | 2019-08-13 | 7.5 HIGH | 9.8 CRITICAL |
| SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for Salt. The attack vector is: specially crafted password string. The fixed version is: 2018.3.4. | |||||