Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16119 | 1 10web | 1 Photo Gallery | 2023-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter. | |||||
| CVE-2021-44345 | 1 Wvti | 1 One Card Integrated Management System | 2023-02-22 | 5.0 MEDIUM | 7.5 HIGH |
| Beijing Wisdom Vision Technology Industry Co., Ltd One Card Integrated Management System 3.0 is vulnerable to SQL Injection. | |||||
| CVE-2020-22669 | 2 Debian, Owasp | 2 Debian Linux, Owasp Modsecurity Core Rule Set | 2023-02-16 | N/A | 9.8 CRITICAL |
| Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications. | |||||
| CVE-2023-0771 | 1 Ampache | 1 Ampache | 2023-02-16 | N/A | 8.8 HIGH |
| SQL Injection in GitHub repository ampache/ampache prior to 5.5.7,develop. | |||||
| CVE-2013-2050 | 1 Redhat | 2 Cloudforms Management Engine, Manageiq Enterprise Virtualization Manager | 2023-02-13 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile[] parameter in an explorer action. | |||||
| CVE-2014-7814 | 1 Redhat | 1 Cloudforms 3.1 Management Engine | 2023-02-13 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL filter. | |||||
| CVE-2014-0137 | 1 Redhat | 1 Cloudforms 3.0 Management Engine | 2023-02-13 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists. | |||||
| CVE-2013-4386 | 2 Redhat, Theforeman | 2 Openstack, Foreman | 2023-02-13 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter. | |||||
| CVE-2018-14623 | 1 Theforeman | 1 Katello | 2023-02-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is vulnerable. | |||||
| CVE-2016-3072 | 2 Katello, Redhat | 3 Katello, Enterprise Linux, Satellite | 2023-02-12 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter. | |||||
| CVE-2023-22900 | 1 Thinkingsoftware | 1 Efence | 2023-02-07 | N/A | 9.8 CRITICAL |
| Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database. | |||||
| CVE-2019-13578 | 1 Givewp | 1 Givewp | 2023-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php. | |||||
| CVE-2021-40961 | 1 Cmsmadesimple | 1 Cms Made Simple | 2023-02-06 | 6.5 MEDIUM | 8.8 HIGH |
| CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '. | |||||
| CVE-2019-13571 | 1 Vsourz | 1 Advanced Cf7 Db | 2023-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system. | |||||
| CVE-2019-15016 | 1 Zingbox | 1 Inspector | 2023-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database. | |||||
| CVE-2020-13592 | 1 Rukovoditel | 1 Rukovoditel | 2023-02-03 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exists in "global_lists/choices" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. | |||||
| CVE-2020-13587 | 1 Rukovoditel | 1 Rukovoditel | 2023-02-03 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exists in the "forms_fields_rules/rules" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. | |||||
| CVE-2020-13591 | 1 Rukovoditel | 1 Rukovoditel | 2023-02-03 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exists in the "access_rules/rules_form" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. | |||||
| CVE-2019-16980 | 1 Fusionpbx | 1 Fusionpbx | 2023-02-03 | 6.5 MEDIUM | 8.8 HIGH |
| In FusionPBX up to v4.5.7, the file app\call_broadcast\call_broadcast_edit.php uses an unsanitized "id" variable coming from the URL in an unparameterized SQL query, leading to SQL injection. | |||||
| CVE-2022-41142 | 1 Centreon | 1 Centreon | 2023-02-03 | N/A | 8.8 HIGH |
| This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to configure poller resources. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18304. | |||||