Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17612 | 1 Hot Scripts Clone Project | 1 Hot Scripts Clone | 2019-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter. | |||||
| CVE-2019-9184 | 1 J2store | 1 J2store | 2019-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the product_option[] parameter. | |||||
| CVE-2019-9053 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-04-24 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter. | |||||
| CVE-2019-11362 | 1 Rocboss | 1 Rocboss | 2019-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL injection via the Post:doReward score paramter, as demonstrated by the /do/reward/3 URI. | |||||
| CVE-2019-11452 | 1 Whatsns | 1 Whatsns | 2019-04-22 | 6.5 MEDIUM | 7.2 HIGH |
| whatsns 4.0 allows index.php?admin_category/remove.html cid[] SQL injection. | |||||
| CVE-2019-11451 | 1 Whatsns | 1 Whatsns | 2019-04-22 | 6.5 MEDIUM | 7.2 HIGH |
| whatsns 4.0 allows index.php?inform/add.html qid SQL injection. | |||||
| CVE-2019-11450 | 1 Whatsns | 1 Whatsns | 2019-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| whatsns 4.0 allows index.php?question/ajaxadd.html title SQL injection. | |||||
| CVE-2011-4734 | 3 Microsoft, Parallels, Redhat | 3 Windows, Parallels Plesk Panel, Enterprise Linux | 2019-04-22 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by file-manager/ and certain other files. | |||||
| CVE-2011-4725 | 3 Microsoft, Parallels, Redhat | 3 Windows, Parallels Plesk Panel, Enterprise Linux | 2019-04-22 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by login_up.php3 and certain other files. | |||||
| CVE-2019-6506 | 1 Salesagility | 1 Suitecrm | 2019-04-17 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL Injection. | |||||
| CVE-2017-8917 | 1 Joomla | 1 Joomla\! | 2019-04-16 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2018-18018 | 1 Tribulant | 1 Slideshow Gallery | 2019-04-16 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter. | |||||
| CVE-2019-8979 | 1 Kohanaframework | 1 Kohana | 2019-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Kohana through 3.3.6 has SQL Injection when the order_by() parameter can be controlled. | |||||
| CVE-2019-5715 | 1 Silverstripe | 1 Silverstripe | 2019-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject. | |||||
| CVE-2019-3792 | 1 Pivotal Software | 1 Concourse | 2019-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data. | |||||
| CVE-2019-10707 | 1 Mkcms Project | 1 Mkcms | 2019-04-03 | 7.5 HIGH | 9.8 CRITICAL |
| MKCMS V5.0 has SQL injection via the bplay.php play parameter. | |||||
| CVE-2019-10708 | 1 S-cms | 1 S-cms | 2019-04-03 | 7.5 HIGH | 9.8 CRITICAL |
| S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter. | |||||
| CVE-2019-9759 | 1 Tongda2000 | 1 Office Anywhere | 2019-04-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in TONGDA Office Anywhere 10.18.190121. There is a SQL Injection vulnerability via the general/approve_center/list/input_form/work_handle.php run_id parameter. | |||||
| CVE-2019-10663 | 1 Grandstream | 2 Ucm6204, Ucm6204 Firmware | 2019-04-01 | 6.5 MEDIUM | 8.8 HIGH |
| Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI. | |||||
| CVE-2019-10262 | 1 Bluecms Project | 1 Bluecms | 2019-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection issue was discovered in BlueCMS 1.6. The variable $ad_id is spliced directly in uploads/admin/ad.php in the admin folder, and is not wrapped in single quotes, resulting in injection around the escape of magic quotes. | |||||