Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7065 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2019-02-05 | 6.5 MEDIUM | 7.2 HIGH |
| An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation. All versions of ClearPass are affected by multiple authenticated SQL injection vulnerabilities. In each case, an authenticated administrative user of any type could exploit this vulnerability to gain access to "appadmin" credentials, leading to complete cluster compromise. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix. | |||||
| CVE-2018-1000890 | 1 Frontaccounting | 1 Frontaccounting | 2019-01-30 | 5.0 MEDIUM | 7.5 HIGH |
| FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application. | |||||
| CVE-2019-5720 | 1 Frontaccounting | 1 Frontaccounting | 2019-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in the reference field that can allow the attacker to grab the entire database of the application via the void_transaction.php filterType parameter. | |||||
| CVE-2018-20568 | 1 Generic Content Management System Project | 1 Generic Content Management System | 2019-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| Administrator/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass. | |||||
| CVE-2019-6798 | 1 Phpmyadmin | 1 Phpmyadmin | 2019-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature. | |||||
| CVE-2019-6805 | 1 S-cms | 1 S-cms | 2019-01-25 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter. | |||||
| CVE-2019-6691 | 1 Phpwind | 1 Phpwind | 2019-01-25 | 6.5 MEDIUM | 7.2 HIGH |
| phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb[] parameter, related to the "--backup database" option. | |||||
| CVE-2018-20715 | 1 Oxid-esales | 1 Eshop | 2019-01-23 | 7.5 HIGH | 9.8 CRITICAL |
| The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php. | |||||
| CVE-2018-20716 | 1 Cubecart | 1 Cubecart | 2019-01-23 | 7.5 HIGH | 9.8 CRITICAL |
| CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature. | |||||
| CVE-2019-6127 | 1 Xiaocms | 1 Xiaocms | 2019-01-23 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table[] SQL injection. This can be used for PHP code execution via "INTO OUTFILE" with a .php filename. | |||||
| CVE-2019-6497 | 1 Hotels Server Project | 1 Hotels Server | 2019-01-23 | 7.5 HIGH | 9.8 CRITICAL |
| Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter. | |||||
| CVE-2018-20730 | 1 Nedi | 1 Nedi | 2019-01-22 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL injection vulnerability in NeDi before 1.7Cp3 allows any user to execute arbitrary SQL read commands via the query.php component. | |||||
| CVE-2019-6295 | 1 Skymoonlabs | 1 Cleanto | 2019-01-18 | 7.5 HIGH | 9.8 CRITICAL |
| Cleanto 5.0 has SQL Injection via the assets/lib/service_method_ajax.php service_id parameter. | |||||
| CVE-2019-6296 | 1 Skymoonlabs | 1 Cleanto | 2019-01-18 | 7.5 HIGH | 9.8 CRITICAL |
| Cleanto 5.0 has SQL Injection via the assets/lib/export_ajax.php id parameter. | |||||
| CVE-2018-20719 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2019-01-18 | 6.5 MEDIUM | 8.8 HIGH |
| In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter. | |||||
| CVE-2018-20713 | 1 Shopware | 1 Shopware | 2019-01-18 | 6.5 MEDIUM | 8.8 HIGH |
| Shopware before 5.4.3 allows SQL Injection by remote authenticated users, aka SW-21404. | |||||
| CVE-2019-5893 | 1 Nelson-it | 1 Open Source Erp | 2019-01-17 | 7.5 HIGH | 9.8 CRITICAL |
| Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/query/data.xml query parameter. | |||||
| CVE-2019-3494 | 1 Simply-blog Project | 1 Simply-blog | 2019-01-16 | 6.4 MEDIUM | 7.5 HIGH |
| Simply-Blog through 2019-01-01 has SQL Injection via the admin/deleteCategories.php delete parameter. | |||||
| CVE-2019-6259 | 1 Icmsdev | 1 Icms | 2019-01-16 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter. | |||||
| CVE-2018-19415 | 1 Plikli | 1 Plikli Cms | 2019-01-14 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Plikli CMS 4.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to join_group.php or (2) comment_id parameter to story.php. | |||||