Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8783 | 1 Salesagility | 1 Suitecrm | 2020-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of 4). | |||||
| CVE-2020-10218 | 1 Sapplica | 1 Sentrifugo | 2020-03-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function. | |||||
| CVE-2018-14502 | 1 Kibokolabs | 1 Chained Quiz | 2020-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters. | |||||
| CVE-2020-10184 | 1 Yubico | 1 Yubikey One Time Password Validation Server | 2020-03-12 | 5.0 MEDIUM | 7.5 HIGH |
| The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service; the issue does NOT affect YubiCloud. | |||||
| CVE-2020-10220 | 1 Rconfig | 1 Rconfig | 2020-03-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter. | |||||
| CVE-2018-6363 | 1 Taskrabbit Clone Project | 1 Taskrabbit Clone | 2020-03-11 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Task Rabbit Clone 1.0 via the single_blog.php id parameter. | |||||
| CVE-2020-0060 | 1 Google | 1 Android | 2020-03-11 | 2.1 LOW | 4.4 MEDIUM |
| In query of SmsProvider.java and MmsSmsProvider.java, there is a possible permission bypass due to SQL injection. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143229845 | |||||
| CVE-2017-17625 | 1 On Demand Marketplace Script Project | 1 On Demand Marketplace Script | 2020-03-10 | 7.5 HIGH | 9.8 CRITICAL |
| Professional Service Script 1.0 has SQL Injection via the service-list city parameter. | |||||
| CVE-2020-10190 | 1 Munkireport Project | 1 Munkireport | 2020-03-10 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in MunkiReport before 5.3.0. An authenticated user could achieve SQL Injection in app/models/tablequery.php by crafting a special payload on the /datatables/data endpoint. | |||||
| CVE-2015-7340 | 1 Gwesystems | 1 Jevents | 2020-03-10 | 6.5 MEDIUM | 7.2 HIGH |
| JEvents Joomla Component before 3.4.0 RC6 has SQL Injection via evid in a Manage Events action. | |||||
| CVE-2015-7338 | 1 Acyba | 1 Acymailing | 2020-03-10 | 6.5 MEDIUM | 7.2 HIGH |
| SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocation_longitude request to index.php. | |||||
| CVE-2014-1634 | 1 Magento | 1 Advanced Newsletter | 2020-03-10 | 10.0 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO. | |||||
| CVE-2015-7342 | 1 Joobi | 1 Jnews | 2020-03-10 | 6.5 MEDIUM | 7.2 HIGH |
| JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field. | |||||
| CVE-2019-17647 | 1 Centreon | 1 Centreon | 2020-03-07 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Centreon before 2.8.30, 18.10.8, 19.04.5, and 19.10.2. SQL Injection exists via the include/monitoring/status/Hosts/xml/hostXML.php instance parameter. | |||||
| CVE-2019-20107 | 1 Testlink | 1 Testlink | 2020-03-07 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple SQL injection vulnerabilities in TestLink through 1.9.19 allows remote authenticated users to execute arbitrary SQL commands via the (1) tproject_id parameter to keywordsView.php; the (2) req_spec_id parameter to reqSpecCompareRevisions.php; the (3) requirement_id parameter to reqCompareVersions.php; the (4) build_id parameter to planUpdateTC.php; the (5) tplan_id parameter to newest_tcversions.php; the (6) tplan_id parameter to tcCreatedPerUserGUI.php; the (7) tcase_id parameter to tcAssign2Tplan.php; or the (8) testcase_id parameter to tcCompareVersions.php. Authentication is often easy to achieve: a guest account, that can execute this attack, can be created by anyone in the default configuration. | |||||
| CVE-2020-10106 | 1 Phpgurukul | 1 Daily Expense Tracker System | 2020-03-06 | 7.5 HIGH | 9.8 CRITICAL |
| PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injection, as demonstrated by the email parameter in index.php or register.php. The SQL injection allows to dump the MySQL database and to bypass the login prompt. | |||||
| CVE-2019-19607 | 1 Mitel | 1 Micollab Audio\, Web \& Video Conferencing | 2020-03-04 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the session parameter. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts. | |||||
| CVE-2019-19608 | 1 Mitel | 1 Micollab Audio\, Web \& Video Conferencing | 2020-03-04 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the registeredList.cgi page. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts. | |||||
| CVE-2018-16356 | 1 Pbootcms | 1 Pbootcms | 2020-03-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter. | |||||
| CVE-2018-16357 | 1 Pbootcms | 1 Pbootcms | 2020-03-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order parameter. | |||||