Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-11018 | 1 Huge-it | 1 Image Gallery | 2020-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php. The affected function is huge_it_image_gallery_ajax_callback(). | |||||
| CVE-2020-8592 | 1 Eginnovations | 1 Eg Manager | 2020-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg.LoginHelperServlet (aka the Forgot Password feature). | |||||
| CVE-2014-3119 | 1 Web2project | 1 Web2project | 2020-02-05 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple SQL injection vulnerabilities in web2Project 3.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search_string parameter in the contacts module to index.php or allow remote attackers to execute arbitrary SQL commands via the updatekey parameter to (2) do_updatecontact.php or (3) updatecontact.php. | |||||
| CVE-2014-3719 | 1 Exlibrisgroup | 1 Aleph 500 | 2020-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in cgi-bin/review_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to execute arbitrary SQL commands via the (1) find, (2) lib, or (3) sid parameter. | |||||
| CVE-2018-5960 | 1 Tribalsystems | 1 Zenario | 2020-02-03 | 6.5 MEDIUM | 8.8 HIGH |
| Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of organizer.php or admin_boxes.ajax.php in the `Categories - Edit` module. | |||||
| CVE-2014-3868 | 1 Zeuscart | 1 Zeuscart | 2020-02-03 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple SQL injection vulnerabilities in ZeusCart 4.x. | |||||
| CVE-2015-0244 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2020-01-31 | 7.5 HIGH | 9.8 CRITICAL |
| PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation. | |||||
| CVE-2012-4383 | 1 Contao | 1 Contao | 2020-01-31 | 6.5 MEDIUM | 8.8 HIGH |
| contao prior to 2.11.4 has a sql injection vulnerability | |||||
| CVE-2014-1925 | 1 Koha | 1 Koha | 2020-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged by remote attackers using CVE-2014-1924. | |||||
| CVE-2020-3719 | 1 Magento | 1 Magento | 2020-01-30 | 7.8 HIGH | 7.5 HIGH |
| Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have an sql injection vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2014-1924 | 1 Koha | 1 Koha | 2020-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors. | |||||
| CVE-2012-5698 | 1 Babygekko | 1 Babygekko | 2020-01-29 | 6.8 MEDIUM | 8.8 HIGH |
| BabyGekko before 1.2.4 has SQL injection. | |||||
| CVE-2019-12619 | 1 Cisco | 8 Sd-wan Firmware, Vedge-100, Vedge-1000 and 5 more | 2020-01-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web interface for Cisco SD-WAN Solution vManage could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data. | |||||
| CVE-2020-7981 | 1 Rubygeocoder | 1 Geocoder | 2020-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data. | |||||
| CVE-2020-7939 | 1 Plone | 1 Plone | 2020-01-24 | 6.5 MEDIUM | 8.8 HIGH |
| SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.) | |||||
| CVE-2012-1259 | 1 Plixer | 1 Scrutinizer Netflow \& Sflow Analyzer | 2020-01-24 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allow remote attackers to execute arbitrary SQL commands via the (1) addip parameter to cgi-bin/scrut_fa_exclusions.cgi, (2) getPermissionsAndPreferences parameter to cgi-bin/login.cgi, or (3) possibly certain parameters to d4d/alarms.php as demonstrated by the search_str parameter. | |||||
| CVE-2011-2715 | 1 Drupal | 2 Data, Drupal | 2020-01-24 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names. | |||||
| CVE-2011-4094 | 1 Jara Project | 1 Jara | 2020-01-23 | 7.5 HIGH | 9.8 CRITICAL |
| Jara 1.6 has a SQL injection vulnerability. | |||||
| CVE-2005-4891 | 1 Simplemachines | 1 Simple Machine Forum | 2020-01-21 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements. | |||||
| CVE-2018-16803 | 1 Cimtechniques | 1 Cimscan | 2020-01-16 | 10.0 HIGH | 9.8 CRITICAL |
| In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows attackers to execute SQL code. | |||||