Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-7867 | 1 Zohocorp | 3 Manageengine It360, Manageengine Opmanager, Manageengine Social It Plus | 2019-07-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the probeName parameter. | |||||
| CVE-2014-7868 | 1 Zohocorp | 3 Manageengine It360, Manageengine Opmanager, Manageengine Social It Plus | 2019-07-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) OPM_BVNAME parameter in a Delete operation to the APMBVHandler servlet or (2) query parameter in a compare operation to the DataComparisonServlet servlet. | |||||
| CVE-2018-1252 | 1 Rsa | 1 Web Threat Detection | 2019-07-15 | 6.5 MEDIUM | 8.8 HIGH |
| RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications. An authenticated malicious user with low privileges could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain unauthorized access to the tool's monitoring and user information by supplying specially crafted input data to the affected application. | |||||
| CVE-2019-13027 | 1 Realization | 1 Concerto Critical Chain Planner | 2019-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| Realization Concerto Critical Chain Planner (aka CCPM) 5.10.8071 has SQL Injection in at least in the taskupdt/taskdetails.aspx webpage via the projectname parameter. | |||||
| CVE-2019-13489 | 1 Trape Project | 1 Trape | 2019-07-14 | 7.5 HIGH | 9.8 CRITICAL |
| Trape through 2019-05-08 has SQL injection via the data[2] variable in core/db.py, as demonstrated by the /bs t parameter. | |||||
| CVE-2019-13507 | 1 Hidea | 1 Az Admin | 2019-07-14 | 7.5 HIGH | 9.8 CRITICAL |
| hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection. | |||||
| CVE-2019-12723 | 1 Teclib-edition | 1 Fields | 2019-07-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user. | |||||
| CVE-2019-10653 | 1 Hsycms | 1 Hsycms | 2019-07-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Hsycms V1.1. There is a SQL injection vulnerability via a /news/*.html page. | |||||
| CVE-2019-11512 | 1 Contao | 1 Contao | 2019-07-10 | 7.5 HIGH | 9.8 CRITICAL |
| Contao 4.x allows SQL Injection. Fixed in Contao 4.4.39 and Contao 4.7.5. | |||||
| CVE-2019-13275 | 1 Veronalabs | 1 Wp Statistics | 2019-07-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the VeronaLabs wp-statistics plugin before 12.6.7 for WordPress. The v1/hit endpoint of the API, when the non-default "use cache plugin" setting is enabled, is vulnerable to unauthenticated blind SQL Injection. | |||||
| CVE-2019-12850 | 1 Jetbrains | 1 Youtrack | 2019-07-10 | 7.5 HIGH | 9.8 CRITICAL |
| A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168. | |||||
| CVE-2019-13292 | 1 Weberp | 1 Weberp | 2019-07-10 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks. | |||||
| CVE-2019-13375 | 2 Dlink, Microsoft | 2 Central Wifimanager, Windows | 2019-07-09 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. The vulnerability does not need any authentication. | |||||
| CVE-2019-13373 | 2 Dlink, Microsoft | 2 Central Wifimanager, Windows | 2019-07-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL. | |||||
| CVE-2015-5599 | 1 Powerplay Gallery Project | 1 Powerplay Gallery | 2019-07-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) albumid or (2) name parameter. | |||||
| CVE-2017-12977 | 1 10web | 1 Photo Gallery | 2019-07-08 | 6.5 MEDIUM | 7.2 HIGH |
| The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It is exploitable by administrators via the tag_id parameter. | |||||
| CVE-2015-1055 | 1 10web | 1 Photo Gallery | 2019-07-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the order_by parameter in a GalleryBox action to wp-admin/admin-ajax.php. | |||||
| CVE-2015-1393 | 1 10web | 1 Photo Gallery | 2019-07-08 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create gallery request in the galleries_bwg page to wp-admin/admin.php. | |||||
| CVE-2017-18346 | 1 Web-gooroo | 1 Cms Web-gooroo | 2019-07-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in /wbg/core/_includes/authorization.inc.php in CMS Web-Gooroo through 2013-01-19 allows remote attackers to execute arbitrary SQL commands via the wbg_login parameter. | |||||
| CVE-2018-12250 | 1 Elitecms | 1 Elite Cms | 2019-07-05 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in Elite CMS Pro 2.01. In /admin/add_sidebar.php, the ?page= parameter is vulnerable to SQL injection. | |||||