Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11620 | 1 Doorgets | 1 Doorgets Cms | 2019-05-01 | 4.0 MEDIUM | 4.9 MEDIUM |
| doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. A remote background administrator privilege user (or a user with permission to manage modulecategory) could exploit the vulnerability to obtain database sensitive information via modulecategory_add_titre. | |||||
| CVE-2019-11621 | 1 Doorgets | 1 Doorgets Cms | 2019-05-01 | 4.0 MEDIUM | 4.9 MEDIUM |
| doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=network. A remote background administrator privilege user (or a user with permission to manage network configuration) could exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2019-11622 | 1 Doorgets | 1 Doorgets Cms | 2019-05-01 | 4.0 MEDIUM | 4.9 MEDIUM |
| doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. A remote background administrator privilege user (or a user with permission to manage modulecategory) could exploit the vulnerability to obtain database sensitive information via modulecategory_edit_titre. | |||||
| CVE-2019-11623 | 1 Doorgets | 1 Doorgets Cms | 2019-05-01 | 4.0 MEDIUM | 4.9 MEDIUM |
| doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=siteweb. A remote background administrator privilege user (or a user with permission to manage configuration siteweb) could exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2019-11625 | 1 Doorgets | 1 Doorgets Cms | 2019-05-01 | 4.0 MEDIUM | 4.9 MEDIUM |
| doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/emailingRequest.php. A remote background administrator privilege user (or a user with permission to manage emailing) could exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2019-11613 | 1 Doorgets | 1 Doorgets Cms | 2019-05-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/contactView.php. A remote normal registered user could exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2019-11619 | 1 Doorgets | 1 Doorgets Cms | 2019-05-01 | 4.0 MEDIUM | 4.9 MEDIUM |
| doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=analytics. A remote background administrator privilege user (or a user with permission to manage configuration analytics) could exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2019-11567 | 1 Aikcms | 1 Aikcms | 2019-04-29 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in AikCms v2.0. There is a SQL Injection vulnerability via $_GET['del'], as demonstrated by an admin/page/system/nav.php?del= URI. | |||||
| CVE-2019-11518 | 1 Sem-cms | 1 Semcms | 2019-04-27 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in SEMCMS 3.8. SEMCMS_Inquiry.php allows AID[] SQL Injection because the class.phpmailer.php inject_check_sql protection mechanism is incomplete. | |||||
| CVE-2018-18286 | 1 Mitel | 1 Cmg Suite | 2019-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the changepwd interface. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts. | |||||
| CVE-2018-18285 | 1 Mitel | 1 Cmg Suite | 2019-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the login interface. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts. | |||||
| CVE-2019-11469 | 1 Zohocorp | 1 Manageengine Applications Manager | 2019-04-26 | 10.0 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the "Execute Program Action(s)" feature. | |||||
| CVE-2017-16558 | 1 Contao | 1 Contao Cms | 2019-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module. | |||||
| CVE-2017-17612 | 1 Hot Scripts Clone Project | 1 Hot Scripts Clone | 2019-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter. | |||||
| CVE-2019-9184 | 1 J2store | 1 J2store | 2019-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the product_option[] parameter. | |||||
| CVE-2019-9053 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-04-24 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter. | |||||
| CVE-2019-11362 | 1 Rocboss | 1 Rocboss | 2019-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL injection via the Post:doReward score paramter, as demonstrated by the /do/reward/3 URI. | |||||
| CVE-2019-11451 | 1 Whatsns | 1 Whatsns | 2019-04-22 | 6.5 MEDIUM | 7.2 HIGH |
| whatsns 4.0 allows index.php?inform/add.html qid SQL injection. | |||||
| CVE-2019-11452 | 1 Whatsns | 1 Whatsns | 2019-04-22 | 6.5 MEDIUM | 7.2 HIGH |
| whatsns 4.0 allows index.php?admin_category/remove.html cid[] SQL injection. | |||||
| CVE-2019-11450 | 1 Whatsns | 1 Whatsns | 2019-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| whatsns 4.0 allows index.php?question/ajaxadd.html title SQL injection. | |||||
| CVE-2011-4734 | 3 Microsoft, Parallels, Redhat | 3 Windows, Parallels Plesk Panel, Enterprise Linux | 2019-04-22 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by file-manager/ and certain other files. | |||||
| CVE-2011-4725 | 3 Microsoft, Parallels, Redhat | 3 Windows, Parallels Plesk Panel, Enterprise Linux | 2019-04-22 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by login_up.php3 and certain other files. | |||||
| CVE-2016-3072 | 2 Katello, Redhat | 3 Katello, Enterprise Linux, Satellite | 2019-04-22 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter. | |||||
| CVE-2019-6506 | 1 Salesagility | 1 Suitecrm | 2019-04-17 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL Injection. | |||||
| CVE-2017-8917 | 1 Joomla | 1 Joomla\! | 2019-04-16 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2018-18018 | 1 Tribulant | 1 Slideshow Gallery | 2019-04-16 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter. | |||||
| CVE-2019-9204 | 1 Nagios | 1 Incident Manager | 2019-04-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands. | |||||
| CVE-2019-9165 | 1 Nagios | 1 Nagios Xi | 2019-04-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id. | |||||
| CVE-2019-8979 | 1 Kohanaframework | 1 Kohana | 2019-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Kohana through 3.3.6 has SQL Injection when the order_by() parameter can be controlled. | |||||
| CVE-2019-5715 | 1 Silverstripe | 1 Silverstripe | 2019-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject. | |||||
| CVE-2019-3792 | 1 Pivotal Software | 1 Concourse | 2019-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data. | |||||
| CVE-2019-10707 | 1 Mkcms Project | 1 Mkcms | 2019-04-03 | 7.5 HIGH | 9.8 CRITICAL |
| MKCMS V5.0 has SQL injection via the bplay.php play parameter. | |||||
| CVE-2019-10708 | 1 S-cms | 1 S-cms | 2019-04-03 | 7.5 HIGH | 9.8 CRITICAL |
| S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter. | |||||
| CVE-2019-9759 | 1 Tongda2000 | 1 Office Anywhere | 2019-04-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in TONGDA Office Anywhere 10.18.190121. There is a SQL Injection vulnerability via the general/approve_center/list/input_form/work_handle.php run_id parameter. | |||||
| CVE-2019-10663 | 1 Grandstream | 2 Ucm6204, Ucm6204 Firmware | 2019-04-01 | 6.5 MEDIUM | 8.8 HIGH |
| Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI. | |||||
| CVE-2019-10262 | 1 Bluecms Project | 1 Bluecms | 2019-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection issue was discovered in BlueCMS 1.6. The variable $ad_id is spliced directly in uploads/admin/ad.php in the admin folder, and is not wrapped in single quotes, resulting in injection around the escape of magic quotes. | |||||
| CVE-2018-0225 | 1 Cisco | 1 Appdynamics App Iq | 2019-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| The Enterprise Console in Cisco AppDynamics App iQ Platform before 4.4.3.10598 (HF4) allows SQL injection, aka the Security Advisory 2089 issue. | |||||
| CVE-2018-20678 | 1 Librenms | 1 Librenms | 2019-03-28 | 6.5 MEDIUM | 8.8 HIGH |
| LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search. | |||||
| CVE-2018-6330 | 1 Laravel | 1 Framework | 2019-03-28 | 6.5 MEDIUM | 8.8 HIGH |
| Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters. | |||||
| CVE-2018-18798 | 1 School Attendance Monitoring System Project | 1 School Attendance Monitoring System | 2019-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| Attendance Monitoring System 1.0 has SQL Injection via the 'id' parameter to student/index.php?view=view, event/index.php?view=view, and user/index.php?view=view. | |||||
| CVE-2019-10232 | 1 Teclib-edition | 1 Gestionnaire Libre De Parc Informatique | 2019-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php. | |||||
| CVE-2019-6491 | 1 Risi | 1 Gestao De Horarios | 2019-03-25 | 6.5 MEDIUM | 8.8 HIGH |
| RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection. | |||||
| CVE-2019-9083 | 1 Sqlitemanager | 1 Sqlitemanager | 2019-03-25 | 7.5 HIGH | 9.8 CRITICAL |
| SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanager/main.php dbsel parameter. NOTE: This product is discontinued. | |||||
| CVE-2019-5722 | 1 Portier | 1 Portier | 2019-03-22 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Due to a lack of user input validation in parameter handling, it has various SQL injections, including on the login form, and on the search form for a key ring number. | |||||
| CVE-2018-19510 | 1 Ens | 1 Webgalamb | 2019-03-21 | 7.5 HIGH | 9.8 CRITICAL |
| subscriber.php in Webgalamb through 7.0 is vulnerable to SQL injection via the Client-IP HTTP request header. | |||||
| CVE-2017-17721 | 1 Zuuse | 1 Beims Contractorweb .net | 2019-03-21 | 7.5 HIGH | 9.8 CRITICAL |
| CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter. | |||||
| CVE-2017-5609 | 1 S9y | 1 Serendipity | 2019-03-19 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2017-6578 | 1 Mail-masta Project | 1 Mail-masta | 2019-03-19 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: subscriber_email. | |||||
| CVE-2017-6577 | 1 Mail-masta Project | 1 Mail-masta | 2019-03-19 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: list_id. | |||||
| CVE-2017-6574 | 1 Mail-masta Project | 1 Mail-masta | 2019-03-19 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: filter_list. | |||||