Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8134 | 1 Magento | 1 Magento | 2019-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with marketing privileges can execute arbitrary SQL queries in the database when accessing email template variables. | |||||
| CVE-2019-8143 | 1 Magento | 1 Magento | 2019-11-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with access to email templates can send malicious SQL queries and obtain access to sensitive information stored in the database. | |||||
| CVE-2019-18784 | 1 Salesagility | 1 Suitecrm | 2019-11-06 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection. | |||||
| CVE-2019-18464 | 1 Ipswitch | 1 Moveit Transfer | 2019-11-06 | 7.5 HIGH | 9.8 CRITICAL |
| In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3), multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database or may be able to alter the database. | |||||
| CVE-2019-6658 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2019-11-05 | 4.0 MEDIUM | 4.3 MEDIUM |
| On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a vulnerability in the AFM configuration utility may allow any authenticated BIG-IP user to run an SQL injection attack. | |||||
| CVE-2019-18663 | 1 Isl | 1 Arp-guard | 2019-11-05 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in a /login/forgot1 POST request in ARP-GUARD 4.0.0-5 allows unauthenticated remote attackers to execute arbitrary SQL commands via the user_id parameter. | |||||
| CVE-2018-16659 | 1 Rausoft | 1 Id.prove | 2019-11-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xp_cmdshell for the further privilege elevation. | |||||
| CVE-2010-3662 | 1 Typo3 | 1 Typo3 | 2019-11-05 | 6.5 MEDIUM | 8.8 HIGH |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend. | |||||
| CVE-2013-2738 | 1 Readymedia Project | 1 Readymedia | 2019-11-04 | 7.5 HIGH | 9.8 CRITICAL |
| minidlna has SQL Injection that may allow retrieval of arbitrary files | |||||
| CVE-2009-4899 | 1 Pixelpost | 1 Pixelpost | 2019-11-01 | 7.5 HIGH | 9.8 CRITICAL |
| pixelpost 1.7.1 has SQL injection | |||||
| CVE-2019-10762 | 1 Medoo | 1 Medoo | 2019-11-01 | 7.5 HIGH | 9.8 CRITICAL |
| columnQuote in medoo before 1.7.5 allows remote attackers to perform a SQL Injection due to improper escaping. | |||||
| CVE-2019-10748 | 1 Sequelizejs | 1 Sequelize | 2019-10-30 | 7.5 HIGH | 9.8 CRITICAL |
| Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects. | |||||
| CVE-2019-10749 | 1 Sequelizejs | 1 Sequelize | 2019-10-30 | 7.5 HIGH | 9.8 CRITICAL |
| sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect. | |||||
| CVE-2015-0270 | 1 Zend | 1 Framework | 2019-10-30 | 7.5 HIGH | 9.8 CRITICAL |
| Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter. | |||||
| CVE-2019-12516 | 1 Slickquiz Project | 1 Slickquiz | 2019-10-29 | 6.5 MEDIUM | 8.8 HIGH |
| The slickquiz plugin through 1.3.7.1 for WordPress allows SQL Injection by Subscriber users, as demonstrated by a /wp-admin/admin.php?page=slickquiz-scores&id= or /wp-admin/admin.php?page=slickquiz-edit&id= or /wp-admin/admin.php?page=slickquiz-preview&id= URI. | |||||
| CVE-2019-18387 | 1 Hotel And Lodge Management System Project | 1 Hotel And Lodge Management System | 2019-10-28 | 7.5 HIGH | 9.8 CRITICAL |
| Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details. | |||||
| CVE-2015-9496 | 1 Freshmail | 1 Freshmail-newsletter | 2019-10-24 | 6.5 MEDIUM | 8.8 HIGH |
| The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring. | |||||
| CVE-2019-17119 | 1 Wikidsystems | 1 Two Factor Authentication Enterprise Server | 2019-10-22 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter. | |||||
| CVE-2019-16917 | 1 Wikidsystems | 1 Two Factor Authentication Enterprise Server | 2019-10-22 | 6.5 MEDIUM | 8.8 HIGH |
| WiKID Enterprise 2FA (two factor authentication) Enterprise Server through 4.2.0-b2047 is vulnerable to SQL injection through the searchDevices.jsp endpoint. The uid and domain parameters are used, unsanitized, in a SQL query constructed in the buildSearchWhereClause function. | |||||
| CVE-2014-2311 | 1 Modx | 1 Modx Revolution | 2019-10-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modx.class.php in MODX Revolution 2.0.0 before 2.2.13 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||