Search
Total
2383 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18757 | 1 Open Faculty Evaluation System Project | 1 Open Faculty Evaluation System | 2019-06-20 | 7.5 HIGH | 9.8 CRITICAL |
| Open Faculty Evaluation System 5.6 for PHP 5.6 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18758. | |||||
| CVE-2018-17393 | 1 Healthnode Hospital Management System Project | 1 Healthnode Hospital Management System | 2019-06-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in HealthNode Hospital Management System 1.0 via the id parameter to dashboard/Patient/info.php or dashboard/Patient/patientdetails.php. | |||||
| CVE-2018-17398 | 1 Arenam | 1 Amgallery | 2019-06-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the AMGallery 1.2.3 component for Joomla! via the filter_category_id parameter. | |||||
| CVE-2018-17399 | 1 Jimtawl Project | 1 Jimtawl | 2019-06-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Jimtawl 2.2.7 component for Joomla! via the id parameter. | |||||
| CVE-2018-17840 | 1 Education Website Project | 1 Education Website | 2019-06-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection exists in Scriptzee Education Website 1.0 via the college_list.html subject, city, or country parameter. | |||||
| CVE-2018-17841 | 1 Flippa Marketplace Clone Project | 1 Flippa Marketplace Clone | 2019-06-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection exists in Scriptzee Flippa Marketplace Clone 1.0 via the site-search sortBy or sortDir parameter. | |||||
| CVE-2018-20469 | 1 Sahipro | 1 Sahi Pro | 2019-06-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to h2 SQL injection. This can be exploited to inject SQL queries and run standard h2 system functions. | |||||
| CVE-2019-11768 | 1 Phpmyadmin | 1 Phpmyadmin | 2019-06-14 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature. | |||||
| CVE-2019-12149 | 1 Silverstripe | 2 Registry, Restfulserver | 2019-06-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in silverstripe/restfulserver module 1.0.x before 1.0.9, 2.0.x before 2.0.4, and 2.1.x before 2.1.2 and silverstripe/registry module 2.1.x before 2.1.1 and 2.2.x before 2.2.1 allows attackers to execute arbitrary SQL commands. | |||||
| CVE-2018-11801 | 1 Apache | 1 Fineract | 2019-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on a m_center data related table. | |||||
| CVE-2018-11800 | 1 Apache | 1 Fineract | 2019-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table. | |||||
| CVE-2018-20091 | 1 Cloudera | 1 Data Science Workbench | 2019-06-10 | 6.5 MEDIUM | 9.9 CRITICAL |
| An SQL injection vulnerability was found in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. This would allow any authenticated user to run arbitrary queries against CDSW's internal database. The database contains user contact information, encrypted CDSW passwords (in the case of local authentication), API keys, and stored Kerberos keytabs. | |||||
| CVE-2019-12599 | 1 Salesagility | 1 Suitecrm | 2019-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows SQL Injection. | |||||
| CVE-2019-12600 | 1 Salesagility | 1 Suitecrm | 2019-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 2 of 3). | |||||
| CVE-2019-12601 | 1 Salesagility | 1 Suitecrm | 2019-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 3 of 3). | |||||
| CVE-2019-12598 | 1 Salesagility | 1 Suitecrm | 2019-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 1 of 3). | |||||
| CVE-2019-12196 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2019-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine NetFlow Analyzer 12.3 allows attackers to execute arbitrary SQL commands via the DeviceID parameter. | |||||
| CVE-2017-14851 | 1 Orpak | 1 Siteomat | 2019-06-04 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in all Orpak SiteOmat versions prior to 2017-09-25. The vulnerability is in the login page, where the authentication validation process contains an insecure SELECT query. The attack allows for authentication bypass. | |||||
| CVE-2019-10123 | 1 Ais | 2 Esel-server, Logistic Software | 2019-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in Advanced InfoData Systems (AIS) ESEL-Server 67 (which is the backend for the AIS logistics mobile app) allows an anonymous attacker to execute arbitrary code in the context of the user of the MSSQL database. The default user for the database is the 'sa' user. | |||||
| CVE-2018-17843 | 1 Mlmsoftwarez | 10 Add Clicking Mlm Software, Autopool Mlm Software, Bidding Mlm Software and 7 more | 2019-05-29 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection exists in ADD Clicking MLM Software 1.0, Binary MLM Software 1.0, Level MLM Software 1.0, Singleleg MLM Software 1.0, Autopool MLM Software 1.0, Investment MLM Software 1.0, Bidding MLM Software 1.0, Moneyorder MLM Software 1.0, Repurchase MLM Software 1.0, and Gift MLM Software 1.0 via the member/readmsg.php msg_id parameter, the member/tree.php pid parameter, or the member/downline.php m_id parameter. | |||||
| CVE-2016-8898 | 1 Exponentcms | 1 Exponent Cms | 2019-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php. | |||||
| CVE-2016-8897 | 1 Exponentcms | 1 Exponent Cms | 2019-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php. | |||||
| CVE-2018-7841 | 1 Schneider-electric | 1 U.motion Builder | 2019-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered. | |||||
| CVE-2018-17181 | 1 Open-emr | 1 Openemr | 2019-05-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in OpenEMR before 5.0.1 Patch 7. SQL Injection exists in the SaveAudit function in /portal/lib/paylib.php and the portalAudit function in /portal/lib/appsql.class.php. | |||||
| CVE-2018-17179 | 1 Open-emr | 1 Openemr | 2019-05-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL Injection in the make_task function in /interface/forms/eye_mag/php/taskman_functions.php via /interface/forms/eye_mag/taskman.php. | |||||
| CVE-2019-8923 | 1 Apachefriends | 1 Xampp | 2019-05-16 | 7.5 HIGH | 9.8 CRITICAL |
| XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf.php jahr parameter. NOTE: This product is discontinued. | |||||
| CVE-2018-18800 | 1 Tubigan | 1 Welcome To Our Resort | 2019-05-15 | 7.5 HIGH | 9.8 CRITICAL |
| The Tubigan "Welcome to our Resort" 1.0 software allows SQL Injection via index.php?p=accomodation&q=[SQL], index.php?p=rooms&q=[SQL], or admin/login.php. | |||||
| CVE-2018-12295 | 1 Seagate | 1 Nas Os | 2019-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3.15.1 allows attackers to execute arbitrary SQL commands via the dirId URL parameter. | |||||
| CVE-2017-12759 | 1 Ynetinteractive | 1 Soa School Management | 2019-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| Ynet Interactive - http://demo.ynetinteractive.com/soa/ SOA School Management 3.0 is affected by: SQL Injection. The impact is: Code execution (remote). | |||||
| CVE-2017-12757 | 1 Ambittechnologies | 12 Itech B2b Script, Itech Business Networking Script, Itech Caregiver Script and 9 more | 2019-05-10 | 7.5 HIGH | 9.8 CRITICAL |
| Certain Ambit Technologies Pvt. Ltd products are affected by: SQL Injection. This affects iTech B2B Script 4.42i and Tech Business Networking Script 8.26i and Tech Caregiver Script 2.71i and Tech Classifieds Script 7.41i and Tech Dating Script 3.40i and Tech Freelancer Script 5.27i and Tech Image Sharing Script 4.13i and Tech Job Script 9.27i and Tech Movie Script 7.51i and Tech Multi Vendor Script 6.63i and Tech Social Networking Script 3.08i and Tech Travel Script 9.49. The impact is: Code execution (remote). | |||||
| CVE-2017-12758 | 1 Joomlaextensions | 1 Component Appointment | 2019-05-09 | 7.5 HIGH | 9.8 CRITICAL |
| https://www.joomlaextensions.co.in/ Joomla! Component Appointment 1.1 is affected by: SQL Injection. The impact is: Code execution (remote). The component is: com_appointment component. | |||||
| CVE-2019-11448 | 1 Zohocorp | 1 Manageengine Applications Manager | 2019-05-06 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text to a .vbs file. | |||||
| CVE-2019-11678 | 1 Zohocorp | 1 Manageengine Firewall Analyzer | 2019-05-03 | 7.5 HIGH | 9.8 CRITICAL |
| The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection. | |||||
| CVE-2019-10664 | 1 Domoticz | 1 Domoticz | 2019-05-03 | 7.5 HIGH | 9.8 CRITICAL |
| Domoticz before 4.10578 allows SQL Injection via the idx parameter in CWebServer::GetFloorplanImage in WebServer.cpp. | |||||
| CVE-2018-18286 | 1 Mitel | 1 Cmg Suite | 2019-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the changepwd interface. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts. | |||||
| CVE-2018-18285 | 1 Mitel | 1 Cmg Suite | 2019-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the login interface. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts. | |||||
| CVE-2019-11469 | 1 Zohocorp | 1 Manageengine Applications Manager | 2019-04-26 | 10.0 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the "Execute Program Action(s)" feature. | |||||
| CVE-2017-16558 | 1 Contao | 1 Contao Cms | 2019-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module. | |||||
| CVE-2017-17612 | 1 Hot Scripts Clone Project | 1 Hot Scripts Clone | 2019-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter. | |||||
| CVE-2019-9184 | 1 J2store | 1 J2store | 2019-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the product_option[] parameter. | |||||
| CVE-2019-11362 | 1 Rocboss | 1 Rocboss | 2019-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL injection via the Post:doReward score paramter, as demonstrated by the /do/reward/3 URI. | |||||
| CVE-2019-11450 | 1 Whatsns | 1 Whatsns | 2019-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| whatsns 4.0 allows index.php?question/ajaxadd.html title SQL injection. | |||||
| CVE-2019-6506 | 1 Salesagility | 1 Suitecrm | 2019-04-17 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL Injection. | |||||
| CVE-2017-8917 | 1 Joomla | 1 Joomla\! | 2019-04-16 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2018-18018 | 1 Tribulant | 1 Slideshow Gallery | 2019-04-16 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter. | |||||
| CVE-2019-9165 | 1 Nagios | 1 Nagios Xi | 2019-04-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id. | |||||
| CVE-2019-9204 | 1 Nagios | 1 Incident Manager | 2019-04-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands. | |||||
| CVE-2019-8979 | 1 Kohanaframework | 1 Kohana | 2019-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Kohana through 3.3.6 has SQL Injection when the order_by() parameter can be controlled. | |||||
| CVE-2019-5715 | 1 Silverstripe | 1 Silverstripe | 2019-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject. | |||||
| CVE-2019-10707 | 1 Mkcms Project | 1 Mkcms | 2019-04-03 | 7.5 HIGH | 9.8 CRITICAL |
| MKCMS V5.0 has SQL injection via the bplay.php play parameter. | |||||