Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10939 | 1 Xtremelocator | 1 Xtremelocator | 2019-09-13 | 6.5 MEDIUM | 7.2 HIGH |
| The xtremelocator plugin 1.5 for WordPress has SQL injection via the id parameter. | |||||
| CVE-2016-10947 | 1 Post Indexer Project | 1 Post Indexer | 2019-09-13 | 6.5 MEDIUM | 7.2 HIGH |
| The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin. | |||||
| CVE-2019-5991 | 1 Cybozu | 1 Garoon | 2019-09-13 | 6.5 MEDIUM | 7.6 HIGH |
| SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2019-5996 | 1 Panasonic | 1 Video Insight Vms | 2019-09-13 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the Video Insight VMS 7.3.2.5 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-18597 | 1 Jtrt Responsive Tables Project | 1 Jtrt Responsive Tables | 2019-09-10 | 6.5 MEDIUM | 8.8 HIGH |
| The jtrt-responsive-tables plugin before 4.1.2 for WordPress has SQL Injection via the admin/class-jtrt-responsive-tables-admin.php tableId parameter. | |||||
| CVE-2017-18602 | 1 Ibps Online Exam Project | 1 Ibps Online Exam | 2019-09-10 | 6.5 MEDIUM | 8.8 HIGH |
| The examapp plugin 1.0 for WordPress has SQL injection via the wp-admin/admin.php?page=examapp_UserResult id parameter. | |||||
| CVE-2019-10671 | 1 Librenms | 1 Librenms | 2019-09-10 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in LibreNMS through 1.47. It does not parameterize all user supplied input within database queries, resulting in SQL injection. An authenticated attacker can subvert these database queries to extract or manipulate data, as demonstrated by the graph.php sort parameter. | |||||
| CVE-2019-12465 | 1 Librenms | 1 Librenms | 2019-09-10 | 5.5 MEDIUM | 8.1 HIGH |
| An issue was discovered in LibreNMS 1.50.1. A SQL injection flaw was identified in the ajax_rulesuggest.php file where the term parameter is used insecurely in a database query for showing columns of a table, as demonstrated by an ajax_rulesuggest.php?debug=1&term= request. | |||||
| CVE-2019-16119 | 1 10web | 1 Photo Gallery | 2019-09-10 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter. | |||||
| CVE-2015-9353 | 1 Tri | 1 Gigpress | 2019-09-09 | 6.5 MEDIUM | 7.2 HIGH |
| The gigpress plugin before 2.3.11 for WordPress has SQL injection in the admin area, a different vulnerability than CVE-2015-4066. | |||||
| CVE-2019-16125 | 1 Jobberbase | 1 Jobberbase | 2019-09-09 | 7.5 HIGH | 9.8 CRITICAL |
| In Jobberbase 2.0, the parameter category is not sanitized in public/page_subscribe.php, leading to /subscribe SQL injection. | |||||
| CVE-2015-9301 | 1 W3eden | 1 Live Forms | 2019-09-09 | 7.5 HIGH | 9.8 CRITICAL |
| The liveforms plugin before 3.2.0 for WordPress has SQL injection. | |||||
| CVE-2019-13191 | 1 Mapsolutions | 1 Intramaps | 2019-09-05 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL injection vulnerability in IntraMaps MapControl 8 allows attackers to execute arbitrary SQL commands via the /ApplicationEngine/Search/Refine/Set page. | |||||
| CVE-2019-15872 | 1 Wpbrigade | 1 Loginpress | 2019-09-05 | 7.5 HIGH | 9.8 CRITICAL |
| The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings. | |||||
| CVE-2015-9344 | 1 Perafox | 1 Link Log | 2019-09-04 | 7.5 HIGH | 9.8 CRITICAL |
| The link-log plugin before 2.1 for WordPress has SQL injection. | |||||
| CVE-2019-15569 | 1 Gov | 1 Ccd-data-store-api | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| HM Courts & Tribunals ccd-data-store-api before 2019-06-10 allows SQL injection, related to SearchQueryFactoryOperation.java and SortDirection.java. | |||||
| CVE-2019-15555 | 1 Wellness Project | 1 Wellness | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| FredReinink Wellness-app before 2019-06-19 allows SQL injection, related to dietTrack.php, exerciseGenerator.php, fitnessTrack.php, and server.php. | |||||
| CVE-2019-15557 | 1 Xm-online | 1 Xm\^online 2 User Account And Authentication Server | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key. | |||||
| CVE-2019-11363 | 1 Prophecyinternational | 1 Snare Central | 2019-09-03 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to execute arbitrary SQL commands via the AgentConsole/UserGroupQuery.php ShowUser parameter. | |||||
| CVE-2019-15560 | 1 Reviews Module Project | 1 Reviews Module | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| The Reviews Module before 2019-06-14 for OpenSource Table allows SQL injection in database/index.js. | |||||
| CVE-2019-15571 | 1 Clonos Project | 1 Clonos | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php. | |||||
| CVE-2019-15572 | 1 Cipsoft | 1 Gesior-aac | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| Gesior-AAC before 2019-05-01 allows ServiceCategoryID SQL injection in shop.php. | |||||
| CVE-2019-15573 | 1 Cipsoft | 1 Gesior-aac | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| Gesior-AAC before 2019-05-01 allows SQL injection in tankyou.php. | |||||
| CVE-2019-15574 | 1 Cipsoft | 1 Gesior-aac | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| Gesior-AAC before 2019-05-01 allows serviceID SQL injection in accountmanagement.php. | |||||
| CVE-2019-15558 | 1 Xm-online | 1 Xm\^online 2 - Common Utils And Endpoints | 2019-08-30 | 7.5 HIGH | 9.8 CRITICAL |
| XM^online 2 Common Utils and Endpoints 0.2.1 allows SQL injection, related to Constants.java, DropSchemaResolver.java, and SchemaChangeResolver.java. | |||||
| CVE-2019-15533 | 1 Xayr | 1 Xenfcoresharp | 2019-08-30 | 7.5 HIGH | 9.8 CRITICAL |
| XENFCoreSharp before 2019-07-16 allows SQL injection in web/verify.php. | |||||
| CVE-2019-15658 | 1 Connect-pg-simple Project | 1 Connect-pg-simple | 2019-08-30 | 7.5 HIGH | 7.3 HIGH |
| connect-pg-simple before 6.0.1 allows SQL injection if tableName or schemaName is untrusted data. | |||||
| CVE-2019-15559 | 1 Hawn Project | 1 Hawn | 2019-08-29 | 7.5 HIGH | 9.8 CRITICAL |
| DianoxDragon Hawn before 2019-07-10 allows SQL injection. | |||||
| CVE-2019-15563 | 1 Ohdsi | 1 Webapi | 2019-08-29 | 7.5 HIGH | 9.8 CRITICAL |
| Observational Health Data Sciences and Informatics (OHDSI) WebAPI before 2.7.2 allows SQL injection in FeatureExtractionService.java. | |||||
| CVE-2019-15570 | 1 Bedita | 1 Bedita | 2019-08-29 | 7.5 HIGH | 9.8 CRITICAL |
| BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters. | |||||
| CVE-2019-15536 | 1 Youracclaim | 1 Acclaim | 2019-08-29 | 7.5 HIGH | 9.8 CRITICAL |
| The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via delete_records. | |||||
| CVE-2015-9334 | 1 Email-newsletter Project | 1 Email-newsletter | 2019-08-29 | 7.5 HIGH | 9.8 CRITICAL |
| The email-newsletter plugin through 20.15 for WordPress has SQL injection. | |||||
| CVE-2012-6719 | 1 Sharebar Project | 1 Sharebar | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| The sharebar plugin before 1.2.2 for WordPress has SQL injection. | |||||
| CVE-2019-15568 | 1 Idseq | 1 Idseq-web | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| idseq-web before 2019-07-01 in Infectious Disease Sequencing Platform IDseq allows SQL injection via tax_levels. | |||||
| CVE-2019-15659 | 1 Genetechsolutions | 1 Pie Register | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE-2018-10969. | |||||
| CVE-2015-9352 | 1 Wp-polls Project | 1 Wp-polls | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-polls plugin before 2.72 for WordPress has SQL injection. | |||||
| CVE-2019-15646 | 1 Rsvpmaker Project | 1 Rsvpmaker | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| The rsvpmaker plugin before 6.2 for WordPress has SQL injection. | |||||
| CVE-2018-21004 | 1 Rsvpmaker Project | 1 Rsvpmaker | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection. | |||||
| CVE-2019-15537 | 1 Cesnet | 1 Proxystatistics | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php. | |||||
| CVE-2019-15565 | 1 Webimpacto | 1 Icommktconnector | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| The ICOMMKT connector before 1.0.7 for PrestaShop allows SQL injection in icommktconnector.php. | |||||
| CVE-2019-15567 | 1 Openforis | 1 Arena | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| OpenForis Arena before 2019-05-07 allows SQL injection in the sorting feature. | |||||
| CVE-2018-21003 | 1 Themekraft | 1 Buddyforms | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| The buddyforms plugin before 2.2.8 for WordPress has SQL injection. | |||||
| CVE-2019-15556 | 1 Social Network Project | 1 Social Network | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| Pvanloon1983 social_network before 2019-07-03 allows SQL injection in includes/form_handlers/register_handler.php. | |||||
| CVE-2019-15561 | 1 Flashlingo Project | 1 Flashlingo | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| FlashLingo before 2019-06-12 allows SQL injection, related to flashlingo.js and db.js. | |||||
| CVE-2019-14234 | 3 Debian, Djangoproject, Fedoraproject | 3 Debian Linux, Django, Fedora | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function. | |||||
| CVE-2019-15566 | 1 Alfresco | 1 Alfresco | 2019-08-27 | 7.5 HIGH | 9.8 CRITICAL |
| The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java. | |||||
| CVE-2019-15564 | 1 Compassionuk | 1 Compassion Switzerland | 2019-08-27 | 7.5 HIGH | 9.8 CRITICAL |
| The Compassion Switzerland addons 10.01.4 for Odoo allow SQL injection in models/partner_compassion.py. | |||||
| CVE-2019-10687 | 1 Kbpublisher | 1 Kbpublisher | 2019-08-27 | 7.5 HIGH | 9.8 CRITICAL |
| KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entry_id[0] parameter, the admin/index.php?module=log id parameter, or an index.php?View=print&id[]= request. | |||||
| CVE-2019-14937 | 1 Vanderbilt | 1 Redcap | 2019-08-27 | 6.0 MEDIUM | 7.5 HIGH |
| REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data. | |||||
| CVE-2019-14430 | 1 Youphptube | 1 Youphptube | 2019-08-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows SQL Injection. | |||||