Search
Total
1733 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11559 | 1 Zohocorp | 1 Manageengine Opmanager | 2019-05-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiKey' parameter of "/api/json/admin/getmailserversettings" and "/api/json/dashboard/gotoverviewlist" is vulnerable to a Blind SQL Injection attack. | |||||
| CVE-2019-11880 | 1 Commsy | 1 Commsy | 2019-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| CommSy through 8.6.5 has SQL Injection via the cid parameter. This is fixed in 9.2. | |||||
| CVE-2019-12251 | 1 Ucms Project | 1 Ucms | 2019-05-21 | 6.5 MEDIUM | 8.8 HIGH |
| sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadmin_ceditpost cvalue parameter. | |||||
| CVE-2019-5934 | 1 Cybozu | 1 Garoon | 2019-05-20 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application 'logging'. | |||||
| CVE-2018-17048 | 1 Fangfa | 1 Fdcms | 2019-05-17 | 5.0 MEDIUM | 7.5 HIGH |
| admin/Lib/Action/FpluginAction.class.php in FDCMS (aka Fangfa Content Manage System) 4.2 allows SQL Injection. | |||||
| CVE-2018-16137 | 1 Ipbrick | 1 Ipbrick Os | 2019-05-15 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in the Web Management Console in IPBRICK OS 6.3. There are multiple SQL injections. | |||||
| CVE-2018-7765 | 1 Schneider-electric | 1 U.motion Builder | 2019-05-14 | 6.8 MEDIUM | 8.8 HIGH |
| The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the object_id input parameter. | |||||
| CVE-2019-11600 | 1 Openproject | 1 Openproject | 2019-05-14 | 6.8 MEDIUM | 8.1 HIGH |
| A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access. | |||||
| CVE-2017-12760 | 1 Ynetinteractive | 1 Mobiketa | 2019-05-10 | 6.5 MEDIUM | 8.8 HIGH |
| Ynet Interactive - http://demo.ynetinteractive.com/mobiketa/ Mobiketa 4.0 is affected by: SQL Injection. The impact is: Code execution (remote). | |||||
| CVE-2017-12761 | 1 Webfile Explorer Project | 1 Webfile Explorer | 2019-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by: SQL Injection. The impact is: Arbitrary File Download (remote). The component is: $file = $_GET['id'] in download.php. The attack vector is: http://speicher.example.com/envato/codecanyon/demo/web-file-explorer/download.php?id=WebExplorer/../config.php. | |||||
| CVE-2018-20556 | 1 Booking Calendar Project | 1 Booking Calendar | 2019-05-09 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the booking_id parameter. | |||||
| CVE-2018-14874 | 1 Polarisft | 1 Intellect Core Banking | 2019-05-03 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. Input passed through the code parameter in three pages as collaterals/colexe3t.jsp and /references/refsuppu.jsp and /references/refbranu.jsp is mishandled before being used in SQL queries, allowing SQL injection with an authenticated session. | |||||
| CVE-2019-11614 | 1 Doorgets | 1 Doorgets Cms | 2019-05-01 | 5.0 MEDIUM | 7.5 HIGH |
| doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/commentView.php. A remote unauthorized attacker could exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2019-11567 | 1 Aikcms | 1 Aikcms | 2019-04-29 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in AikCms v2.0. There is a SQL Injection vulnerability via $_GET['del'], as demonstrated by an admin/page/system/nav.php?del= URI. | |||||
| CVE-2019-11518 | 1 Sem-cms | 1 Semcms | 2019-04-27 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in SEMCMS 3.8. SEMCMS_Inquiry.php allows AID[] SQL Injection because the class.phpmailer.php inject_check_sql protection mechanism is incomplete. | |||||
| CVE-2019-9053 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-04-24 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter. | |||||
| CVE-2019-11451 | 1 Whatsns | 1 Whatsns | 2019-04-22 | 6.5 MEDIUM | 7.2 HIGH |
| whatsns 4.0 allows index.php?inform/add.html qid SQL injection. | |||||
| CVE-2019-11452 | 1 Whatsns | 1 Whatsns | 2019-04-22 | 6.5 MEDIUM | 7.2 HIGH |
| whatsns 4.0 allows index.php?admin_category/remove.html cid[] SQL injection. | |||||
| CVE-2016-3072 | 2 Katello, Redhat | 3 Katello, Enterprise Linux, Satellite | 2019-04-22 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter. | |||||
| CVE-2019-3792 | 1 Pivotal Software | 1 Concourse | 2019-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data. | |||||
| CVE-2019-10663 | 1 Grandstream | 2 Ucm6204, Ucm6204 Firmware | 2019-04-01 | 6.5 MEDIUM | 8.8 HIGH |
| Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI. | |||||
| CVE-2018-20678 | 1 Librenms | 1 Librenms | 2019-03-28 | 6.5 MEDIUM | 8.8 HIGH |
| LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search. | |||||
| CVE-2018-6330 | 1 Laravel | 1 Framework | 2019-03-28 | 6.5 MEDIUM | 8.8 HIGH |
| Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters. | |||||
| CVE-2019-6491 | 1 Risi | 1 Gestao De Horarios | 2019-03-25 | 6.5 MEDIUM | 8.8 HIGH |
| RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection. | |||||
| CVE-2017-5609 | 1 S9y | 1 Serendipity | 2019-03-19 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2017-6578 | 1 Mail-masta Project | 1 Mail-masta | 2019-03-19 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: subscriber_email. | |||||
| CVE-2017-6574 | 1 Mail-masta Project | 1 Mail-masta | 2019-03-19 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: filter_list. | |||||
| CVE-2017-6577 | 1 Mail-masta Project | 1 Mail-masta | 2019-03-19 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: list_id. | |||||
| CVE-2017-6576 | 1 Mail-masta Project | 1 Mail-masta | 2019-03-19 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/campaign-delete.php with the GET Parameter: id. | |||||
| CVE-2017-6575 | 1 Mail-masta Project | 1 Mail-masta | 2019-03-19 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: member_id. | |||||
| CVE-2017-6573 | 1 Mail-masta Project | 1 Mail-masta | 2019-03-19 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit-list.php with the GET Parameter: id. | |||||
| CVE-2017-6572 | 1 Mail-masta Project | 1 Mail-masta | 2019-03-19 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/add_member.php with the GET Parameter: filter_list. | |||||
| CVE-2017-6571 | 1 Mail-masta Project | 1 Mail-masta | 2019-03-19 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign.php with the GET Parameter: id. | |||||
| CVE-2017-6570 | 1 Mail-masta Project | 1 Mail-masta | 2019-03-19 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign-list.php with the GET Parameter: id. | |||||
| CVE-2017-5346 | 1 Genixcms | 1 Genixcms | 2019-03-15 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in inc/lib/Control/Backend/posts.control.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to gxadmin/index.php. | |||||
| CVE-2015-4592 | 1 Eclinicalworks | 1 Population Health | 2019-03-14 | 6.5 MEDIUM | 8.8 HIGH |
| eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input. | |||||
| CVE-2017-6097 | 1 Mail-masta Project | 1 Mail-masta | 2019-03-13 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign/count_of_send.php (Requires authentication to Wordpress admin) with the POST Parameter: camp_id. | |||||
| CVE-2017-6088 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2019-03-13 | 9.0 HIGH | 7.2 HIGH |
| Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter to module/monitoring_ged/ged_functions.php or the (5) type parameter to monitoring_ged/ajax.php. | |||||
| CVE-2017-6098 | 1 Mail-masta Project | 1 Mail-masta | 2019-03-13 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign_save.php (Requires authentication to Wordpress admin) with the POST Parameter: list_id. | |||||
| CVE-2017-6096 | 1 Mail-masta Project | 1 Mail-masta | 2019-03-13 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to Wordpress admin) with the GET Parameter: filter_list. | |||||
| CVE-2019-9693 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-03-12 | 6.5 MEDIUM | 8.8 HIGH |
| In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id), _AdjustNameSeq (parameter shownumber), _Updatepicture (parameter picture_id), and _Deletepicture (parameter picture_id). | |||||
| CVE-2015-7569 | 1 Yeager | 1 Yeager Cms | 2019-03-11 | 7.5 HIGH | 8.8 HIGH |
| SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter. | |||||
| CVE-2018-17420 | 1 Zrlog | 1 Zrlog | 2019-03-08 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywords parameter. | |||||
| CVE-2018-17416 | 1 Zzcms | 1 Zzcms | 2019-03-08 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid parameter. | |||||
| CVE-2018-17415 | 1 Zzcms | 1 Zzcms | 2019-03-08 | 6.5 MEDIUM | 8.8 HIGH |
| zzcms V8.3 has a SQL injection in /user/zs_elite.php via the id parameter. | |||||
| CVE-2018-17414 | 1 Zzcms | 1 Zzcms | 2019-03-08 | 6.5 MEDIUM | 8.8 HIGH |
| zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass parameter. | |||||
| CVE-2019-9615 | 1 Ofcms Project | 1 Ofcms | 2019-03-07 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in OFCMS before 1.1.3. It allows admin/system/generate/create?sql= SQL injection, related to SystemGenerateController.java. | |||||
| CVE-2018-7802 | 1 Schneider-electric | 2 Evlink Parking, Evlink Parking Firmware | 2019-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could give access to the web interface with full privileges. | |||||
| CVE-2019-8421 | 1 Bagesoft | 1 Bagecms | 2019-02-20 | 6.5 MEDIUM | 7.2 HIGH |
| upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter. | |||||
| CVE-2019-8422 | 1 Pbootcms | 1 Pbootcms | 2019-02-19 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php. | |||||