Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11512 | 1 Contao | 1 Contao | 2019-07-10 | 7.5 HIGH | 9.8 CRITICAL |
| Contao 4.x allows SQL Injection. Fixed in Contao 4.4.39 and Contao 4.7.5. | |||||
| CVE-2019-13275 | 1 Veronalabs | 1 Wp Statistics | 2019-07-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the VeronaLabs wp-statistics plugin before 12.6.7 for WordPress. The v1/hit endpoint of the API, when the non-default "use cache plugin" setting is enabled, is vulnerable to unauthenticated blind SQL Injection. | |||||
| CVE-2019-12850 | 1 Jetbrains | 1 Youtrack | 2019-07-10 | 7.5 HIGH | 9.8 CRITICAL |
| A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168. | |||||
| CVE-2019-13292 | 1 Weberp | 1 Weberp | 2019-07-10 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks. | |||||
| CVE-2019-13375 | 2 Dlink, Microsoft | 2 Central Wifimanager, Windows | 2019-07-09 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. The vulnerability does not need any authentication. | |||||
| CVE-2019-13373 | 2 Dlink, Microsoft | 2 Central Wifimanager, Windows | 2019-07-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL. | |||||
| CVE-2015-5599 | 1 Powerplay Gallery Project | 1 Powerplay Gallery | 2019-07-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) albumid or (2) name parameter. | |||||
| CVE-2017-12977 | 1 10web | 1 Photo Gallery | 2019-07-08 | 6.5 MEDIUM | 7.2 HIGH |
| The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It is exploitable by administrators via the tag_id parameter. | |||||
| CVE-2015-1055 | 1 10web | 1 Photo Gallery | 2019-07-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the order_by parameter in a GalleryBox action to wp-admin/admin-ajax.php. | |||||
| CVE-2015-1393 | 1 10web | 1 Photo Gallery | 2019-07-08 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create gallery request in the galleries_bwg page to wp-admin/admin.php. | |||||
| CVE-2017-18346 | 1 Web-gooroo | 1 Cms Web-gooroo | 2019-07-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in /wbg/core/_includes/authorization.inc.php in CMS Web-Gooroo through 2013-01-19 allows remote attackers to execute arbitrary SQL commands via the wbg_login parameter. | |||||
| CVE-2018-12250 | 1 Elitecms | 1 Elite Cms | 2019-07-05 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in Elite CMS Pro 2.01. In /admin/add_sidebar.php, the ?page= parameter is vulnerable to SQL injection. | |||||
| CVE-2019-9846 | 1 Rockoa | 1 Rockoa | 2019-07-05 | 4.0 MEDIUM | 8.8 HIGH |
| RockOA 1.8.7 allows remote attackers to obtain sensitive information because the webmain/webmainAction.php publictreestore method constructs a SQL WHERE clause unsafely by using the pidfields and idfields parameters, aka background SQL injection. | |||||
| CVE-2019-13086 | 1 Cszcms | 1 Csz Cms | 2019-07-03 | 7.5 HIGH | 9.8 CRITICAL |
| core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrf_csz parameter. | |||||
| CVE-2017-17871 | 1 Jextn | 1 Jextn Question And Answer | 2019-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| The "JEXTN Question And Answer" extension 3.1.0 for Joomla! has SQL Injection via the an parameter in a view=tags action, or the ques-srch parameter. | |||||
| CVE-2008-7226 | 2 Php-nuke, Phpnuke | 2 Recipe Module, Php-nuke | 2019-07-01 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Recipes module 1.3, 1.4, and possibly other versions for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the recipeid parameter. | |||||
| CVE-2008-6865 | 2 Php-nuke, Phpnuke | 2 Sections Module, Php-nuke | 2019-07-01 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules.php in the Sectionsnew module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action. | |||||
| CVE-2008-4804 | 2 Nukedgallery, Phpnuke | 2 Gallery, Php-nuke | 2019-07-01 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Gallery module 1.3 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the aid parameter in a showalbum action to index.php. NOTE: some of these details are obtained from third party information. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect. | |||||
| CVE-2008-1308 | 2 Phpnuke, Sudirman Angriawan | 2 Php-nuke, Nukec30 | 2019-07-01 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Sudirman Angriawan NukeC30 3.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action to modules.php. | |||||
| CVE-2008-1314 | 2 Johannes Hass, Phpnuke | 2 Gaestebuch Module, Php-nuke | 2019-07-01 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Johannes Hass gaestebuch 2.2 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to modules.php. | |||||
| CVE-2010-5083 | 1 Phpnuke | 2 Php-nuke, Web Links Module | 2019-07-01 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php. | |||||
| CVE-2019-9087 | 1 Digitaldruid | 1 Hoteldruid | 2019-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php numtariffa1 parameter. | |||||
| CVE-2019-9086 | 1 Digitaldruid | 1 Hoteldruid | 2019-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle.php anno parameter. | |||||
| CVE-2019-12939 | 1 Livezilla | 1 Livezilla | 2019-06-26 | 7.5 HIGH | 9.8 CRITICAL |
| LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the p_ext_rse parameter. | |||||
| CVE-2019-12960 | 1 Livezilla | 1 Livezilla | 2019-06-25 | 7.5 HIGH | 9.8 CRITICAL |
| LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php via the parameter p_dt_s_d. | |||||
| CVE-2018-15892 | 1 Freepbx | 1 Disa | 2019-06-24 | 6.0 MEDIUM | 4.3 MEDIUM |
| FreePBX 13 and 14 has SQL Injection in the DISA module via the hangup variable on the /admin/config.php?display=disa&view=form page. | |||||
| CVE-2015-6811 | 1 Cyberoam | 2 Cr500ing-xp, Cyberoamos | 2019-06-24 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.xml. | |||||
| CVE-2012-5853 | 1 Ajax Search Project | 1 Ajax Search | 2019-06-24 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin before 1.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the srch_txt parameter in a "the_search_text" action to wp-admin/admin-ajax.php. | |||||
| CVE-2018-15868 | 1 Chronoscan | 1 Chronoscan | 2019-06-24 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in ChronoScan version 1.5.4.3 and earlier allows an unauthenticated attacker to execute arbitrary SQL commands via the wcr_machineid cookie. | |||||
| CVE-2018-16116 | 1 Sophos | 2 Sfos, Xg Firewall | 2019-06-24 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in AccountStatus.jsp in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary SQL commands via the "username" GET parameter. | |||||
| CVE-2018-16251 | 1 Creatiwity | 1 Witycms | 2019-06-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A "search for user discovery" injection issue exists in Creatiwity wityCMS 0.6.2 via the "Utilisateur" menu. No input parameters are filtered, e.g., the /admin/user/users Nickname, email, firstname, lastname, and groupe parameters. | |||||
| CVE-2018-17386 | 1 Thephpfactory | 1 Micro Deal Factory | 2019-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Micro Deal Factory 2.4.0 component for Joomla! via the id parameter, or the PATH_INFO to mydeals/ or listdeals/. | |||||
| CVE-2018-17388 | 1 Ranksol | 1 Twilio Web To Fax Machine System | 2019-06-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Twilio WEB To Fax Machine System 1.0 via the email or password parameter to login_check.php, or the id parameter to add_email.php or edit_content.php. | |||||
| CVE-2018-17374 | 1 Thephpfactory | 1 Auction Factory | 2019-06-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Auction Factory 4.5.5 component for Joomla! via the filter_order_Dir or filter_order parameter. | |||||
| CVE-2018-17381 | 1 Thephpfactory | 1 Dutch Auction Factory | 2019-06-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Dutch Auction Factory 2.0.2 component for Joomla! via the filter_order_Dir or filter_order parameter. | |||||
| CVE-2018-18758 | 1 Open Faculty Evaluation System Project | 1 Open Faculty Evaluation System | 2019-06-20 | 7.5 HIGH | 9.8 CRITICAL |
| Open Faculty Evaluation System 7 for PHP 7 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18757. | |||||
| CVE-2018-18757 | 1 Open Faculty Evaluation System Project | 1 Open Faculty Evaluation System | 2019-06-20 | 7.5 HIGH | 9.8 CRITICAL |
| Open Faculty Evaluation System 5.6 for PHP 5.6 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18758. | |||||
| CVE-2018-17393 | 1 Healthnode Hospital Management System Project | 1 Healthnode Hospital Management System | 2019-06-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in HealthNode Hospital Management System 1.0 via the id parameter to dashboard/Patient/info.php or dashboard/Patient/patientdetails.php. | |||||
| CVE-2018-17398 | 1 Arenam | 1 Amgallery | 2019-06-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the AMGallery 1.2.3 component for Joomla! via the filter_category_id parameter. | |||||
| CVE-2018-17399 | 1 Jimtawl Project | 1 Jimtawl | 2019-06-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Jimtawl 2.2.7 component for Joomla! via the id parameter. | |||||
| CVE-2018-17840 | 1 Education Website Project | 1 Education Website | 2019-06-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection exists in Scriptzee Education Website 1.0 via the college_list.html subject, city, or country parameter. | |||||
| CVE-2018-17841 | 1 Flippa Marketplace Clone Project | 1 Flippa Marketplace Clone | 2019-06-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection exists in Scriptzee Flippa Marketplace Clone 1.0 via the site-search sortBy or sortDir parameter. | |||||
| CVE-2018-20505 | 3 Apple, Microsoft, Sqlite | 7 Icloud, Iphone Os, Itunes and 4 more | 2019-06-19 | 5.0 MEDIUM | 7.5 HIGH |
| SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). | |||||
| CVE-2018-20469 | 1 Sahipro | 1 Sahi Pro | 2019-06-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to h2 SQL injection. This can be exploited to inject SQL queries and run standard h2 system functions. | |||||
| CVE-2019-12872 | 1 Dotcms | 1 Dotcms | 2019-06-18 | 6.5 MEDIUM | 7.2 HIGH |
| dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via view_unpushed_bundles.jsp. | |||||
| CVE-2019-11768 | 1 Phpmyadmin | 1 Phpmyadmin | 2019-06-14 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature. | |||||
| CVE-2019-12149 | 1 Silverstripe | 2 Registry, Restfulserver | 2019-06-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in silverstripe/restfulserver module 1.0.x before 1.0.9, 2.0.x before 2.0.4, and 2.1.x before 2.1.2 and silverstripe/registry module 2.1.x before 2.1.1 and 2.2.x before 2.2.1 allows attackers to execute arbitrary SQL commands. | |||||
| CVE-2018-11801 | 1 Apache | 1 Fineract | 2019-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on a m_center data related table. | |||||
| CVE-2018-11800 | 1 Apache | 1 Fineract | 2019-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table. | |||||
| CVE-2018-20091 | 1 Cloudera | 1 Data Science Workbench | 2019-06-10 | 6.5 MEDIUM | 9.9 CRITICAL |
| An SQL injection vulnerability was found in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. This would allow any authenticated user to run arbitrary queries against CDSW's internal database. The database contains user contact information, encrypted CDSW passwords (in the case of local authentication), API keys, and stored Kerberos keytabs. | |||||