Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12570 | 1 Xpertsol | 1 Server Status By Hostname\/ip | 2019-12-02 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability in the Xpert Solution "Server Status by Hostname/IP" plugin 4.6 for WordPress allows an authenticated user to execute arbitrary SQL commands via GET parameters. | |||||
| CVE-2019-19207 | 1 Rconfig | 1 Rconfig | 2019-11-26 | 6.5 MEDIUM | 8.8 HIGH |
| rConfig 3.9.2 allows devices.php?searchColumn= SQL injection. | |||||
| CVE-2019-18890 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2019-11-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query. | |||||
| CVE-2019-10766 | 1 Pixie Project | 1 Pixie | 2019-11-20 | 7.5 HIGH | 9.8 CRITICAL |
| Pixie versions 1.0.x before 1.0.3, and 2.0.x before 2.0.2 allow SQL Injection in the limit() function due to improper sanitization. | |||||
| CVE-2019-3661 | 1 Mcafee | 1 Advanced Threat Defense | 2019-11-15 | 6.5 MEDIUM | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads. | |||||
| CVE-2019-0393 | 1 Sap | 1 Quality Management | 2019-11-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| An SQL Injection vulnerability in SAP Quality Management (corrected in S4CORE versions 1.0, 1.01, 1.02, 1.03) allows an attacker to carry out targeted database queries that can read individual fields of historical inspection results. | |||||
| CVE-2019-2196 | 1 Google | 1 Android | 2019-11-15 | 4.9 MEDIUM | 5.5 MEDIUM |
| In Download Provider, there is possible SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-135269143 | |||||
| CVE-2019-2198 | 1 Google | 1 Android | 2019-11-15 | 4.9 MEDIUM | 5.5 MEDIUM |
| In Download Provider, there is a possible SQL injection vulnerability. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-135270103 | |||||
| CVE-2019-12720 | 1 Auo | 1 Sunveillance Monitoring System \& Data Recorder | 2019-11-15 | 5.0 MEDIUM | 7.5 HIGH |
| AUO SunVeillance Monitoring System before v1.1.9e is vulnerable to mvc_send_mail.aspx (MailAdd parameter) SQL Injection. An Attacker can carry a SQL Injection payload to the server, allowing the attacker to read privileged data. This also affects the picture_manage_mvc.aspx plant_no parameter, the swapdl_mvc.aspx plant_no parameter, and the account_management.aspx Text_Postal_Code and Text_Dis_Code parameters. | |||||
| CVE-2019-2211 | 1 Google | 1 Android | 2019-11-14 | 7.8 HIGH | 7.5 HIGH |
| In createProjectionMapForQuery of TvProvider.java, there is possible SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-135269669 | |||||
| CVE-2019-18646 | 1 Untangle | 1 Ng Firewall | 2019-11-14 | 6.5 MEDIUM | 7.2 HIGH |
| The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user. | |||||
| CVE-2011-2936 | 1 Elgg | 1 Elgg | 2019-11-12 | 7.5 HIGH | 9.8 CRITICAL |
| Elgg through 1.7.10 has a SQL injection vulnerability | |||||
| CVE-2019-10852 | 1 Computrols | 1 Computrols Building Automation Software | 2019-11-12 | 6.5 MEDIUM | 8.8 HIGH |
| Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=start_pulling&id= substring. | |||||
| CVE-2019-12385 | 1 Ampache | 1 Ampache | 2019-11-11 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Ampache through 3.9.1. The search engine is affected by a SQL Injection, so any user able to perform lib/class/search.class.php searches (even guest users) can dump any data contained in the database (sessions, hashed passwords, etc.). This may lead to a full compromise of admin accounts, when combined with the weak password generator algorithm used in the lostpassword functionality. | |||||
| CVE-2019-13079 | 1 Quest | 1 Kace Systems Management Appliance | 2019-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /adminui/history_log.php. The affected parameter is TYPE_NAME. | |||||
| CVE-2019-13078 | 1 Quest | 1 Kace Systems Management Appliance | 2019-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /common/user_profile.php. The affected parameter is sort_column. | |||||
| CVE-2019-13076 | 1 Quest | 1 Kace Systems Management Appliance | 2019-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /userui/ticket_list.php, and affected parameters are order[0][column] and order[0][dir]. | |||||
| CVE-2019-12918 | 1 Quest | 1 Kace Systems Management Appliance | 2019-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. The affected file is software_library.php and affected parameters are order[0][column] and order[0][dir]. | |||||
| CVE-2019-8127 | 1 Magento | 1 Magento | 2019-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to an account with Newsletter Template editing permission could exfiltrate the Admin login data, and reset their password, effectively performing a privilege escalation. | |||||
| CVE-2019-8130 | 1 Magento | 1 Magento | 2019-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with store manipulation privileges can execute arbitrary SQL queries by getting access to the database connection through group instance in email templates. | |||||