Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-17197 | 1 Open-emr | 1 Openemr | 2019-10-08 | 7.5 HIGH | 9.8 CRITICAL |
| OpenEMR through 5.0.2 has SQL Injection in the Lifestyle demographic filter criteria in library/clinical_rules.php that affects library/patient.inc. | |||||
| CVE-2019-17049 | 1 Netgear | 2 Srx5308, Srx5308 Firmware | 2019-10-04 | 5.0 MEDIUM | 7.5 HIGH |
| NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account. | |||||
| CVE-2019-16996 | 1 Metinfo | 1 Metinfo | 2019-10-04 | 6.5 MEDIUM | 7.2 HIGH |
| In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter. | |||||
| CVE-2019-16997 | 1 Metinfo | 1 Metinfo | 2019-10-04 | 6.5 MEDIUM | 7.2 HIGH |
| In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter. | |||||
| CVE-2019-13957 | 1 Umbraco | 1 Umbraco | 2019-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter. | |||||
| CVE-2019-16744 | 1 Ebrigade | 1 Ebrigade | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| eBrigade before 5.0 has evenements.php cid SQL Injection. | |||||
| CVE-2019-16745 | 1 Ebrigade | 1 Ebrigade | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| eBrigade before 5.0 has evenement_choice.php chxCal SQL Injection. | |||||
| CVE-2018-17092 | 1 I4a | 1 Donlinkage | 2019-10-02 | 5.5 MEDIUM | 5.4 MEDIUM |
| An issue was discovered in DonLinkage 6.6.8. SQL injection in /pages/proxy/php.php and /pages/proxy/add.php can be exploited via specially crafted input, allowing an attacker to obtain information from a database. The vulnerability can only be triggered by an authorized user. | |||||
| CVE-2018-8733 | 1 Nagios | 1 Nagios Xi | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to make configuration changes and leverage an authenticated SQL injection vulnerability. | |||||
| CVE-2018-3783 | 1 Flintcms | 1 Flintcms | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| A privilege escalation detected in flintcms versions <= 1.1.9 allows account takeover due to blind MongoDB injection in password reset. | |||||
| CVE-2017-1002012 | 1 Anblik | 1 Image-gallery-with-slideshow | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, In image-gallery-with-slideshow/admin_setting.php the following snippet of code does not sanitize input via the gid variable before passing it into an SQL statement. | |||||
| CVE-2017-1002005 | 1 Dtracker Project | 1 Dtracker | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query. | |||||
| CVE-2017-15379 | 1 Softwarepublico | 1 E-sic | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password. | |||||
| CVE-2017-3549 | 1 Oracle | 1 Scripting | 2019-10-02 | 7.5 HIGH | 9.1 CRITICAL |
| Vulnerability in the Oracle Scripting component of Oracle E-Business Suite (subcomponent: Scripting Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Scripting accessible data as well as unauthorized access to critical data or complete access to all Oracle Scripting accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). | |||||
| CVE-2017-1002004 | 1 Dtracker Project | 1 Dtracker | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query. | |||||
| CVE-2019-16999 | 1 Idcos | 1 Cloudboot | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI. | |||||
| CVE-2019-16743 | 1 Ebrigade | 1 Ebrigade | 2019-10-02 | 6.5 MEDIUM | 8.8 HIGH |
| eBrigade before 5.0 has evenement_ical.php evenement SQL Injection. | |||||
| CVE-2019-16692 | 1 Phpipam | 1 Phpipam | 2019-10-01 | 7.5 HIGH | 9.8 CRITICAL |
| phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used. | |||||
| CVE-2015-9446 | 1 Unitegallery | 1 Unite Gallery Lite | 2019-09-26 | 6.5 MEDIUM | 8.8 HIGH |
| The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php. | |||||
| CVE-2018-17232 | 1 Slack Archivebot Project | 1 Slack Archivebot | 2019-09-26 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in archivebot.py in docmarionum1 Slack ArchiveBot (aka slack-archive-bot) before 2018-09-19 allows remote attackers to execute arbitrary SQL commands via the text parameter to cursor.execute(). | |||||