Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15104 | 1 Zohocorp | 1 Manageengine Applications Manager | 2019-08-26 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Zoho ManageEngine OpManager through 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature. | |||||
| CVE-2019-15535 | 1 Hostosm | 1 Tasking Manager | 2019-08-26 | 7.5 HIGH | 9.8 CRITICAL |
| Tasking Manager before 3.4.0 allows SQL Injection via custom SQL. | |||||
| CVE-2019-15105 | 1 Zohocorp | 1 Manageengine Applications Manager | 2019-08-26 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Zoho ManageEngine Application Manager through 14.2. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature. | |||||
| CVE-2014-10387 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2019-08-26 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection. | |||||
| CVE-2019-15534 | 1 Raml-module-builder Project | 1 Raml-module-builder | 2019-08-26 | 7.5 HIGH | 9.8 CRITICAL |
| Raml-Module-Builder 26.4.0 allows SQL Injection in PostgresClient.update. | |||||
| CVE-2017-18573 | 1 Simplerealtytheme | 1 Simple Login Log | 2019-08-26 | 7.5 HIGH | 9.8 CRITICAL |
| The simple-login-log plugin before 1.1.2 for WordPress has SQL injection. | |||||
| CVE-2017-18571 | 1 Search Everything Project | 1 Search Everything | 2019-08-26 | 7.5 HIGH | 9.8 CRITICAL |
| The search-everything plugin before 8.1.7 for WordPress has SQL injection related to WordPress 4.7.x, a different vulnerability than CVE-2014-2316. | |||||
| CVE-2016-10921 | 1 Ays-pro | 1 Photo Gallery | 2019-08-26 | 7.5 HIGH | 9.8 CRITICAL |
| The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL injection. | |||||
| CVE-2016-10916 | 1 Codepeople | 1 Appointment Booking Calendar | 2019-08-26 | 7.5 HIGH | 9.8 CRITICAL |
| The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319. | |||||
| CVE-2015-9335 | 1 Bestwebsoft | 1 Limit Attempts | 2019-08-26 | 7.5 HIGH | 9.8 CRITICAL |
| The limit-attempts plugin before 1.1.1 for WordPress has SQL injection during IP address handling. | |||||
| CVE-2016-10917 | 1 Search Everything Project | 1 Search Everything | 2019-08-26 | 7.5 HIGH | 9.8 CRITICAL |
| The search-everything plugin before 8.1.6 for WordPress has SQL injection related to empty search strings, a different vulnerability than CVE-2014-2316. | |||||
| CVE-2017-18570 | 1 Cformsii Project | 1 Cformsii | 2019-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| The cforms2 plugin before 14.13 for WordPress has SQL injection in the tracking DB GUI via Delete Entries or Download Entries. | |||||
| CVE-2014-10379 | 1 Duplicate Post Project | 1 Duplicate Post | 2019-08-22 | 7.5 HIGH | 9.8 CRITICAL |
| The duplicate-post plugin before 2.6 for WordPress has SQL injection. | |||||
| CVE-2015-9330 | 1 Soflyy | 1 Wp All Import | 2019-08-22 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection. | |||||
| CVE-2019-13578 | 1 Impress | 1 Givewp | 2019-08-22 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php. | |||||
| CVE-2019-1010034 | 1 Deepsoft | 1 Weblibrarian | 2019-08-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Deepwoods Software WebLibrarian 3.5.2 and earlier is affected by: SQL Injection. The impact is: Exposing the entire database. The component is: Function "AllBarCodes" (defined at database_code.php line 1018) is vulnerable to a boolean-based blind sql injection. This function call can be triggered by any user logged-in with at least Volunteer role or manage_circulation capabilities. PoC : /wordpress/wp-admin/admin.php?page=weblib-circulation-desk&orderby=title&order=DESC. | |||||
| CVE-2015-9325 | 1 Bestwebsoft | 1 Visitors Online | 2019-08-21 | 7.5 HIGH | 9.8 CRITICAL |
| The visitors-online plugin before 0.4 for WordPress has SQL injection. | |||||
| CVE-2016-10904 | 1 Olimometer Project | 1 Olimometer | 2019-08-21 | 7.5 HIGH | 9.8 CRITICAL |
| The olimometer plugin before 2.57 for WordPress has SQL injection. | |||||
| CVE-2015-9326 | 1 Wpbusinessintelligence | 1 Wp Business Intelligence | 2019-08-21 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-business-intelligence-lite plugin before 1.6.3 for WordPress has SQL injection. | |||||
| CVE-2016-10909 | 1 Codepeople | 1 Booking Calendar Contact Form | 2019-08-21 | 7.5 HIGH | 9.8 CRITICAL |
| The booking-calendar-contact-form plugin before 1.0.24 for WordPress has SQL injection. | |||||
| CVE-2014-10376 | 1 Themeist | 1 I Recommend This | 2019-08-21 | 7.5 HIGH | 9.8 CRITICAL |
| The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection. | |||||
| CVE-2019-15025 | 1 Ninjaforms | 1 Ninjaforms | 2019-08-20 | 7.5 HIGH | 9.8 CRITICAL |
| The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page. | |||||
| CVE-2015-9310 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2019-08-19 | 7.5 HIGH | 9.8 CRITICAL |
| The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues. | |||||
| CVE-2016-10888 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2019-08-19 | 7.5 HIGH | 9.8 CRITICAL |
| The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues. | |||||
| CVE-2016-10887 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2019-08-19 | 7.5 HIGH | 9.8 CRITICAL |
| The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPress has multiple SQL injection issues. | |||||
| CVE-2015-9316 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2019-08-19 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request via the poll_id parameter. | |||||
| CVE-2017-18515 | 1 Veronalabs | 1 Wp Statistics | 2019-08-16 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-statistics plugin before 12.0.8 for WordPress has SQL injection. | |||||
| CVE-2017-18548 | 1 Datainterlock | 1 Note Press | 2019-08-16 | 7.5 HIGH | 9.8 CRITICAL |
| The note-press plugin before 0.1.2 for WordPress has SQL injection. | |||||
| CVE-2016-10889 | 1 Imagely | 1 Nextgen Gallery | 2019-08-16 | 7.5 HIGH | 9.8 CRITICAL |
| The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name. | |||||
| CVE-2015-9313 | 1 Newstatpress Project | 1 Newstatpress | 2019-08-16 | 7.5 HIGH | 9.8 CRITICAL |
| The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element. | |||||
| CVE-2015-9315 | 1 Newstatpress Project | 1 Newstatpress | 2019-08-16 | 7.5 HIGH | 9.8 CRITICAL |
| The newstatpress plugin before 1.0.1 for WordPress has SQL injection. | |||||
| CVE-2019-14966 | 1 Frappe | 1 Frappe | 2019-08-16 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. There exists an authenticated SQL injection. | |||||
| CVE-2019-13462 | 1 Lansweeper | 1 Lansweeper | 2019-08-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. | |||||
| CVE-2019-14968 | 1 Txjia | 1 Imcat | 2019-08-15 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action. | |||||
| CVE-2019-14754 | 1 Open-school | 1 Open-school | 2019-08-14 | 7.5 HIGH | 9.8 CRITICAL |
| Open-School 3.0, and Community Edition 2.3, allows SQL Injection via the index.php?r=students/students/document id parameter. | |||||
| CVE-2019-14801 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2019-08-14 | 7.5 HIGH | 9.8 CRITICAL |
| The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows email subscription SQL injection. | |||||
| CVE-2019-14702 | 1 Microdigital | 6 Mdc-n2190v, Mdc-n2190v Firmware, Mdc-n4090 and 3 more | 2019-08-13 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. SQL injection vulnerabilities exist in 13 forms that are reachable through HTTPD. An attacker can, for example, create an admin account. | |||||
| CVE-2019-1010259 | 1 Saltstack | 2 Salt 2018, Salt 2019 | 2019-08-13 | 7.5 HIGH | 9.8 CRITICAL |
| SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for Salt. The attack vector is: specially crafted password string. The fixed version is: 2018.3.4. | |||||
| CVE-2019-14313 | 1 10web | 1 Photo Gallery | 2019-08-13 | 10.0 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php. | |||||
| CVE-2019-13572 | 1 Adenion | 1 Blog2social | 2019-08-13 | 7.5 HIGH | 9.8 CRITICAL |
| The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection. | |||||
| CVE-2019-14529 | 1 Open-emr | 1 Openemr | 2019-08-13 | 7.5 HIGH | 9.8 CRITICAL |
| OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php. | |||||
| CVE-2016-10839 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 5.5 MEDIUM | 8.1 HIGH |
| cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usernames (SEC-71). | |||||
| CVE-2019-14695 | 1 Sygnoos | 1 Popup Builder | 2019-08-13 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in the Sygnoos Popup Builder plugin before 3.45 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via com/libs/Table.php because Subscribers Table ordering is mishandled. | |||||
| CVE-2017-18406 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| cPanel before 67.9999.103 allows SQL injection during eximstats processing (SEC-276). | |||||
| CVE-2019-12279 | 1 Nagios | 1 Nagios Xi | 2019-08-09 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form). NOTE: The vendor disputes this issues as not being a vulnerability because the issue does not seem to be a legitimate SQL Injection. The POC does not show any valid injection that can be done with the variable provided, and while the username value being passed does get used in a SQL query, it is passed through SQL escaping functions when creating the call. The vendor tried re-creating the issue with no luck. | |||||
| CVE-2019-14348 | 1 Beardev | 1 Joomsport | 2019-08-09 | 7.5 HIGH | 9.8 CRITICAL |
| The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via the joomsport_season/new-yorkers/?action=playerlist sid parameter. | |||||
| CVE-2014-3483 | 1 Rubyonrails | 1 Rails | 2019-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting. | |||||
| CVE-2012-2695 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2019-08-08 | 7.5 HIGH | N/A |
| The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661. | |||||
| CVE-2011-2930 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2019-08-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the quote_table_name method in the ActiveRecord adapters in activerecord/lib/active_record/connection_adapters/ in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name. | |||||
| CVE-2012-6496 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2019-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain find_by_ method calls. | |||||