Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15659 | 1 Genetechsolutions | 1 Pie Register | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE-2018-10969. | |||||
| CVE-2015-9352 | 1 Wp-polls Project | 1 Wp-polls | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-polls plugin before 2.72 for WordPress has SQL injection. | |||||
| CVE-2019-15646 | 1 Rsvpmaker Project | 1 Rsvpmaker | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| The rsvpmaker plugin before 6.2 for WordPress has SQL injection. | |||||
| CVE-2018-21004 | 1 Rsvpmaker Project | 1 Rsvpmaker | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection. | |||||
| CVE-2019-15537 | 1 Cesnet | 1 Proxystatistics | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php. | |||||
| CVE-2019-15565 | 1 Webimpacto | 1 Icommktconnector | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| The ICOMMKT connector before 1.0.7 for PrestaShop allows SQL injection in icommktconnector.php. | |||||
| CVE-2019-15567 | 1 Openforis | 1 Arena | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| OpenForis Arena before 2019-05-07 allows SQL injection in the sorting feature. | |||||
| CVE-2018-21003 | 1 Themekraft | 1 Buddyforms | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| The buddyforms plugin before 2.2.8 for WordPress has SQL injection. | |||||
| CVE-2019-15556 | 1 Social Network Project | 1 Social Network | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| Pvanloon1983 social_network before 2019-07-03 allows SQL injection in includes/form_handlers/register_handler.php. | |||||
| CVE-2019-15561 | 1 Flashlingo Project | 1 Flashlingo | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| FlashLingo before 2019-06-12 allows SQL injection, related to flashlingo.js and db.js. | |||||
| CVE-2019-14234 | 3 Debian, Djangoproject, Fedoraproject | 3 Debian Linux, Django, Fedora | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function. | |||||
| CVE-2019-15566 | 1 Alfresco | 1 Alfresco | 2019-08-27 | 7.5 HIGH | 9.8 CRITICAL |
| The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java. | |||||
| CVE-2019-15564 | 1 Compassionuk | 1 Compassion Switzerland | 2019-08-27 | 7.5 HIGH | 9.8 CRITICAL |
| The Compassion Switzerland addons 10.01.4 for Odoo allow SQL injection in models/partner_compassion.py. | |||||
| CVE-2019-10687 | 1 Kbpublisher | 1 Kbpublisher | 2019-08-27 | 7.5 HIGH | 9.8 CRITICAL |
| KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entry_id[0] parameter, the admin/index.php?module=log id parameter, or an index.php?View=print&id[]= request. | |||||
| CVE-2019-14937 | 1 Vanderbilt | 1 Redcap | 2019-08-27 | 6.0 MEDIUM | 7.5 HIGH |
| REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data. | |||||
| CVE-2019-14430 | 1 Youphptube | 1 Youphptube | 2019-08-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows SQL Injection. | |||||
| CVE-2019-15104 | 1 Zohocorp | 1 Manageengine Applications Manager | 2019-08-26 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Zoho ManageEngine OpManager through 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature. | |||||
| CVE-2019-15535 | 1 Hostosm | 1 Tasking Manager | 2019-08-26 | 7.5 HIGH | 9.8 CRITICAL |
| Tasking Manager before 3.4.0 allows SQL Injection via custom SQL. | |||||
| CVE-2019-15105 | 1 Zohocorp | 1 Manageengine Applications Manager | 2019-08-26 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Zoho ManageEngine Application Manager through 14.2. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature. | |||||
| CVE-2014-10387 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2019-08-26 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection. | |||||