Search
Total
15 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26625 | 1 Gilacms | 1 Gila Cms | 2024-01-09 | N/A | 3.8 LOW |
| A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal. | |||||
| CVE-2020-26624 | 1 Gilacms | 1 Gila Cms | 2024-01-09 | N/A | 3.8 LOW |
| A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal. | |||||
| CVE-2020-26623 | 1 Gilacms | 1 Gila Cms | 2024-01-09 | N/A | 3.8 LOW |
| SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal. | |||||
| CVE-2023-37361 | 1 Vanderbilt | 1 Redcap | 2023-07-31 | N/A | 2.7 LOW |
| REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization. | |||||
| CVE-2022-1690 | 1 Datainterlock | 1 Note Press | 2022-06-15 | 4.0 MEDIUM | 2.7 LOW |
| The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection | |||||
| CVE-2022-1689 | 1 Datainterlock | 1 Note Press | 2022-06-15 | 4.0 MEDIUM | 2.7 LOW |
| The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection | |||||
| CVE-2022-1688 | 1 Datainterlock | 1 Note Press | 2022-06-15 | 4.0 MEDIUM | 2.7 LOW |
| The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections | |||||
| CVE-2022-1687 | 1 Logo Slider Project | 1 Logo Slider | 2022-06-15 | 4.0 MEDIUM | 2.7 LOW |
| The Logo Slider WordPress plugin through 1.4.8 does not sanitise and escape the lsp_slider_id parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection | |||||
| CVE-2022-1686 | 1 Five Minute Webshop Project | 1 Five Minute Webshop | 2022-06-15 | 4.0 MEDIUM | 2.7 LOW |
| The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection | |||||
| CVE-2022-1684 | 1 Webpsilon | 1 Cube Slider | 2022-06-15 | 4.0 MEDIUM | 2.7 LOW |
| The Cube Slider WordPress plugin through 1.2 does not sanitise and escape the idslider parameter before using it in various SQL queries, leading to SQL Injections exploitable by high privileged users such as admin | |||||
| CVE-2021-25109 | 1 Futuriowp | 1 Futurio Extra | 2022-02-22 | 4.0 MEDIUM | 2.7 LOW |
| The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting (XSS) against logged in admins by making send open a malicious link. | |||||
| CVE-2016-3046 | 1 Ibm | 5 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile, Security Access Manager For Mobile Appliance and 2 more | 2020-10-27 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Access Manager for Web is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements which could allow the attacker to view information in the back-end database. | |||||
| CVE-2020-4345 | 1 Ibm | 1 I | 2020-05-18 | 1.9 LOW | 3.3 LOW |
| IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a specific set of circumstances may allow a local user to obtain sensitive information that they should not have access to. IBM X-Force ID: 178318. | |||||
| CVE-2019-15622 | 1 Nextcloud | 1 Nextcloud | 2020-02-12 | 2.1 LOW | 2.4 LOW |
| Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries. | |||||
| CVE-2018-6382 | 1 Mantisbt | 1 Mantisbt | 2019-03-04 | 2.1 LOW | 3.3 LOW |
| ** DISPUTED ** MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. NOTE: the vendor disputes the significance of this report because server.php is intended to execute arbitrary SQL statements on behalf of authenticated users from 127.0.0.1, and the issue does not have an authentication bypass. | |||||