Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by CWE-89
Total 9311 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-9344 1 Perafox 1 Link Log 2019-09-04 7.5 HIGH 9.8 CRITICAL
The link-log plugin before 2.1 for WordPress has SQL injection.
CVE-2019-15569 1 Gov 1 Ccd-data-store-api 2019-09-03 7.5 HIGH 9.8 CRITICAL
HM Courts & Tribunals ccd-data-store-api before 2019-06-10 allows SQL injection, related to SearchQueryFactoryOperation.java and SortDirection.java.
CVE-2019-15555 1 Wellness Project 1 Wellness 2019-09-03 7.5 HIGH 9.8 CRITICAL
FredReinink Wellness-app before 2019-06-19 allows SQL injection, related to dietTrack.php, exerciseGenerator.php, fitnessTrack.php, and server.php.
CVE-2019-15557 1 Xm-online 1 Xm\^online 2 User Account And Authentication Server 2019-09-03 7.5 HIGH 9.8 CRITICAL
XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key.
CVE-2019-11363 1 Prophecyinternational 1 Snare Central 2019-09-03 6.5 MEDIUM 7.2 HIGH
A SQL injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to execute arbitrary SQL commands via the AgentConsole/UserGroupQuery.php ShowUser parameter.
CVE-2019-15560 1 Reviews Module Project 1 Reviews Module 2019-09-03 7.5 HIGH 9.8 CRITICAL
The Reviews Module before 2019-06-14 for OpenSource Table allows SQL injection in database/index.js.
CVE-2019-15571 1 Clonos Project 1 Clonos 2019-09-03 7.5 HIGH 9.8 CRITICAL
The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php.
CVE-2019-15572 1 Cipsoft 1 Gesior-aac 2019-09-03 7.5 HIGH 9.8 CRITICAL
Gesior-AAC before 2019-05-01 allows ServiceCategoryID SQL injection in shop.php.
CVE-2019-15573 1 Cipsoft 1 Gesior-aac 2019-09-03 7.5 HIGH 9.8 CRITICAL
Gesior-AAC before 2019-05-01 allows SQL injection in tankyou.php.
CVE-2019-15574 1 Cipsoft 1 Gesior-aac 2019-09-03 7.5 HIGH 9.8 CRITICAL
Gesior-AAC before 2019-05-01 allows serviceID SQL injection in accountmanagement.php.
CVE-2019-15558 1 Xm-online 1 Xm\^online 2 - Common Utils And Endpoints 2019-08-30 7.5 HIGH 9.8 CRITICAL
XM^online 2 Common Utils and Endpoints 0.2.1 allows SQL injection, related to Constants.java, DropSchemaResolver.java, and SchemaChangeResolver.java.
CVE-2019-15533 1 Xayr 1 Xenfcoresharp 2019-08-30 7.5 HIGH 9.8 CRITICAL
XENFCoreSharp before 2019-07-16 allows SQL injection in web/verify.php.
CVE-2019-15658 1 Connect-pg-simple Project 1 Connect-pg-simple 2019-08-30 7.5 HIGH 7.3 HIGH
connect-pg-simple before 6.0.1 allows SQL injection if tableName or schemaName is untrusted data.
CVE-2019-15559 1 Hawn Project 1 Hawn 2019-08-29 7.5 HIGH 9.8 CRITICAL
DianoxDragon Hawn before 2019-07-10 allows SQL injection.
CVE-2019-15563 1 Ohdsi 1 Webapi 2019-08-29 7.5 HIGH 9.8 CRITICAL
Observational Health Data Sciences and Informatics (OHDSI) WebAPI before 2.7.2 allows SQL injection in FeatureExtractionService.java.
CVE-2019-15570 1 Bedita 1 Bedita 2019-08-29 7.5 HIGH 9.8 CRITICAL
BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters.
CVE-2019-15536 1 Youracclaim 1 Acclaim 2019-08-29 7.5 HIGH 9.8 CRITICAL
The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via delete_records.
CVE-2015-9334 1 Email-newsletter Project 1 Email-newsletter 2019-08-29 7.5 HIGH 9.8 CRITICAL
The email-newsletter plugin through 20.15 for WordPress has SQL injection.
CVE-2012-6719 1 Sharebar Project 1 Sharebar 2019-08-28 7.5 HIGH 9.8 CRITICAL
The sharebar plugin before 1.2.2 for WordPress has SQL injection.
CVE-2019-15568 1 Idseq 1 Idseq-web 2019-08-28 7.5 HIGH 9.8 CRITICAL
idseq-web before 2019-07-01 in Infectious Disease Sequencing Platform IDseq allows SQL injection via tax_levels.