Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10243 | 1 Joomla | 1 Joomla\! | 2020-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype. | |||||
| CVE-2019-19209 | 1 Dolibarr | 1 Dolibarr | 2020-03-18 | 5.0 MEDIUM | 7.5 HIGH |
| Dolibarr ERP/CRM before 10.0.3 allows SQL Injection. | |||||
| CVE-2020-5257 | 1 Thoughtbot | 1 Administrate | 2020-03-18 | 5.5 MEDIUM | 8.1 HIGH |
| In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the `direction` parameter and bypass ActiveRecord SQL protections. Whilst this does have a high-impact, to exploit this you need access to the Administrate dashboards, which we would expect to be behind authentication. This is patched in wersion 0.13.0. | |||||
| CVE-2020-8786 | 1 Salesagility | 1 Suitecrm | 2020-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 4 of 4). | |||||
| CVE-2020-8784 | 1 Salesagility | 1 Suitecrm | 2020-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 2 of 4). | |||||
| CVE-2020-8785 | 1 Salesagility | 1 Suitecrm | 2020-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 3 of 4). | |||||
| CVE-2020-8783 | 1 Salesagility | 1 Suitecrm | 2020-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of 4). | |||||
| CVE-2020-10218 | 1 Sapplica | 1 Sentrifugo | 2020-03-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function. | |||||
| CVE-2018-14502 | 1 Kibokolabs | 1 Chained Quiz | 2020-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters. | |||||
| CVE-2020-10184 | 1 Yubico | 1 Yubikey One Time Password Validation Server | 2020-03-12 | 5.0 MEDIUM | 7.5 HIGH |
| The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service; the issue does NOT affect YubiCloud. | |||||
| CVE-2020-10220 | 1 Rconfig | 1 Rconfig | 2020-03-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter. | |||||
| CVE-2018-6363 | 1 Taskrabbit Clone Project | 1 Taskrabbit Clone | 2020-03-11 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Task Rabbit Clone 1.0 via the single_blog.php id parameter. | |||||
| CVE-2020-0060 | 1 Google | 1 Android | 2020-03-11 | 2.1 LOW | 4.4 MEDIUM |
| In query of SmsProvider.java and MmsSmsProvider.java, there is a possible permission bypass due to SQL injection. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143229845 | |||||
| CVE-2017-17625 | 1 On Demand Marketplace Script Project | 1 On Demand Marketplace Script | 2020-03-10 | 7.5 HIGH | 9.8 CRITICAL |
| Professional Service Script 1.0 has SQL Injection via the service-list city parameter. | |||||
| CVE-2020-10190 | 1 Munkireport Project | 1 Munkireport | 2020-03-10 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in MunkiReport before 5.3.0. An authenticated user could achieve SQL Injection in app/models/tablequery.php by crafting a special payload on the /datatables/data endpoint. | |||||
| CVE-2015-7340 | 1 Gwesystems | 1 Jevents | 2020-03-10 | 6.5 MEDIUM | 7.2 HIGH |
| JEvents Joomla Component before 3.4.0 RC6 has SQL Injection via evid in a Manage Events action. | |||||
| CVE-2015-7338 | 1 Acyba | 1 Acymailing | 2020-03-10 | 6.5 MEDIUM | 7.2 HIGH |
| SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocation_longitude request to index.php. | |||||
| CVE-2014-1634 | 1 Magento | 1 Advanced Newsletter | 2020-03-10 | 10.0 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO. | |||||
| CVE-2015-7342 | 1 Joobi | 1 Jnews | 2020-03-10 | 6.5 MEDIUM | 7.2 HIGH |
| JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field. | |||||
| CVE-2019-17647 | 1 Centreon | 1 Centreon | 2020-03-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Centreon before 2.8.30, 18.10.8, 19.04.5, and 19.10.2. SQL Injection exists via the include/monitoring/status/Hosts/xml/hostXML.php instance parameter. | |||||