Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5646 | 1 Simple Machines | 1 Simple Machines Forum | 2019-12-17 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in Sources/Search.php in Simple Machines Forum (SMF) 1.1.3, when MySQL 5 is used, allows remote attackers to execute arbitrary SQL commands via the userspec parameter in a search2 action to index.php. | |||||
| CVE-2019-14314 | 1 Imagely | 1 Nextgen Gallery | 2019-12-16 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.11 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via modules/nextgen_gallery_display/package.module.nextgen_gallery_display.php. | |||||
| CVE-2013-5743 | 1 Zabbix | 1 Zabbix | 2019-12-16 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7. | |||||
| CVE-2014-7257 | 1 Dbd\ | 1 \ | 2019-12-16 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in DBD::PgPP 0.05 and earlier | |||||
| CVE-2019-15933 | 1 Intesync | 1 Solismed | 2019-12-13 | 7.5 HIGH | 9.8 CRITICAL |
| Intesync Solismed 3.3sp has SQL Injection. | |||||
| CVE-2017-14848 | 1 Dasinfomedia | 1 Wphrm Human Resource Management System | 2019-12-11 | 6.5 MEDIUM | 8.8 HIGH |
| WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter. | |||||
| CVE-2019-19245 | 1 Napc | 1 Xinet Elegant 6 Asset Library | 2019-12-11 | 7.5 HIGH | 9.8 CRITICAL |
| NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication SQL Injection via the /elegant6/login LoginForm[username] field when double quotes are used. | |||||
| CVE-2015-3424 | 1 Accentis | 1 Content Resource Management System | 2019-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to execute arbitrary SQL commands via the SIDX parameter. | |||||
| CVE-2018-6393 | 1 Sangoma | 1 Freepbx | 2019-12-10 | 6.5 MEDIUM | 7.2 HIGH |
| ** DISPUTED ** FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... [or] run shell scripts ... once ... logged in to the administration interface; there is no need to try to find input validation errors." | |||||
| CVE-2011-1939 | 3 Debian, Php, Zend | 3 Debian Linux, Php, Zend Framework | 2019-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6. | |||||
| CVE-2019-15995 | 1 Cisco | 1 Dna Spaces\ | 2019-12-09 | 5.5 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web UI of Cisco DNA Spaces: Connector could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by entering malicious SQL statements in an affected field in the web UI. A successful exploit could allow the attacker to remove the SQL database, which would require the reinstallation of the Connector VM. | |||||
| CVE-2019-4387 | 1 Ibm | 1 Sterling B2b Integrator | 2019-12-09 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 162715. | |||||
| CVE-2019-15300 | 1 Centreon | 1 Centreon Web | 2019-12-09 | 6.5 MEDIUM | 8.8 HIGH |
| A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query. | |||||
| CVE-2019-15972 | 1 Cisco | 1 Unified Communications Manager | 2019-12-09 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates SQL values. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database. | |||||
| CVE-2011-3584 | 1 Guidestar | 1 Wec Discussion Forum | 2019-12-05 | 7.5 HIGH | 9.8 CRITICAL |
| The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input. | |||||
| CVE-2011-3583 | 1 Typo3 | 1 Typo3 | 2019-12-05 | 7.5 HIGH | 9.8 CRITICAL |
| It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input. | |||||
| CVE-2019-18662 | 1 Youphptube | 1 Youphptube | 2019-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in YouPHPTube through 7.7. User input passed through the live_stream_code POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized (in getFromChat in plugin/LiveChat/Objects/LiveChatObj.php) before being used to construct a SQL query. This can be exploited by malicious users to, e.g., read sensitive data from the database through in-band SQL Injection attacks. Successful exploitation of this vulnerability requires the Live Chat plugin to be enabled. | |||||
| CVE-2019-19016 | 1 Titanhq | 1 Webtitan | 2019-12-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in TitanHQ WebTitan before 5.18. Some functions, such as /history-x.php, of the administration interface are vulnerable to SQL Injection through the results parameter. This could be used by an attacker to extract sensitive information from the appliance database. | |||||
| CVE-2019-19250 | 1 Opentrade Project | 1 Opentrade | 2019-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| OpenTrade before 2019-11-23 allows SQL injection, related to server/modules/api/v1.js and server/utils.js. | |||||
| CVE-2019-19113 | 1 Newbee-mall Project | 1 Newbee-mall | 2019-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?goodsCategoryId=&keyword= SQL Injection. | |||||