Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9449 | 1 Efficientscripts | 1 Microblog Poster | 2019-09-26 | 6.5 MEDIUM | 7.2 HIGH |
| The microblog-poster plugin before 1.6.2 for WordPress has SQL Injection via the wp-admin/options-general.php?page=microblogposter.php account_id parameter. | |||||
| CVE-2015-9448 | 1 Pressified | 1 Sendpress | 2019-09-26 | 6.5 MEDIUM | 8.8 HIGH |
| The sendpress plugin before 1.2 for WordPress has SQL Injection via the wp-admin/admin.php?page=sp-queue listid parameter. | |||||
| CVE-2018-5989 | 1 Chillcreations | 1 Ccnewsletter | 2019-09-26 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099. | |||||
| CVE-2019-16194 | 1 Centreon | 1 Centreon | 2019-09-25 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php. | |||||
| CVE-2019-16696 | 1 Phpipam | 1 Phpipam | 2019-09-23 | 7.5 HIGH | 9.8 CRITICAL |
| phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used. | |||||
| CVE-2019-16694 | 1 Phpipam | 1 Phpipam | 2019-09-23 | 7.5 HIGH | 9.8 CRITICAL |
| phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used. | |||||
| CVE-2019-16695 | 1 Phpipam | 1 Phpipam | 2019-09-23 | 7.5 HIGH | 9.8 CRITICAL |
| phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used. | |||||
| CVE-2019-16693 | 1 Phpipam | 1 Phpipam | 2019-09-23 | 7.5 HIGH | 9.8 CRITICAL |
| phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used. | |||||
| CVE-2015-9400 | 1 Typomedia | 1 Wordpress Meta Robots | 2019-09-20 | 6.5 MEDIUM | 8.8 HIGH |
| The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection. | |||||
| CVE-2015-9399 | 1 Trivetechnology | 1 Wp-stats-dashboard | 2019-09-20 | 6.5 MEDIUM | 7.2 HIGH |
| The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection. | |||||
| CVE-2019-16644 | 1 Tuzicms | 1 Tuzicms | 2019-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring. | |||||
| CVE-2015-9395 | 1 Usersultra | 1 Users Ultra Membership | 2019-09-20 | 6.5 MEDIUM | 8.8 HIGH |
| The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action. | |||||
| CVE-2015-9398 | 1 Webmaster-source | 1 Gocodes | 2019-09-20 | 6.5 MEDIUM | 8.8 HIGH |
| The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection. | |||||
| CVE-2019-16642 | 1 Yejiao | 1 Tuzicms | 2019-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| App\Mobile\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Mobile/Zhuanti/group?id= substring. | |||||
| CVE-2016-11000 | 1 Smackcoders | 1 Ultimate Exporter | 2019-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter. | |||||
| CVE-2019-15301 | 1 Terrasoft | 1 Bpm Online Crm System Sdk | 2019-09-19 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm'online CRM-System SDK 7.13 allows attackers to execute arbitrary SQL commands via the value parameter. | |||||
| CVE-2019-14254 | 1 Publisure | 1 Publisure | 2019-09-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the secure portal in Publisure 2.1.2. Because SQL queries are not well sanitized, there are multiple SQL injections in userAccFunctions.php functions. Using this, an attacker can access passwords and/or grant access to the user account "user" in order to become "Administrator" (for example). | |||||
| CVE-2019-16264 | 1 Egpp | 1 Sistema Integrado De Gestion Academica | 2019-09-17 | 7.5 HIGH | 9.8 CRITICAL |
| In Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado de Gestion Academica (GESAC) v1, the username parameter of the authentication form is vulnerable to SQL injection, allowing attackers to access the database. | |||||
| CVE-2018-15873 | 1 Sapplica | 1 Sentrifugo | 2019-09-16 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection issue was discovered in Sentrifugo 3.2 via the deptid parameter. | |||||
| CVE-2016-10949 | 1 Relevanssi | 1 Relevanssi | 2019-09-16 | 6.8 MEDIUM | 8.8 HIGH |
| The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization. | |||||