Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-18784 | 1 Salesagility | 1 Suitecrm | 2019-11-06 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection. | |||||
| CVE-2019-18464 | 1 Ipswitch | 1 Moveit Transfer | 2019-11-06 | 7.5 HIGH | 9.8 CRITICAL |
| In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3), multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database or may be able to alter the database. | |||||
| CVE-2019-6658 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2019-11-05 | 4.0 MEDIUM | 4.3 MEDIUM |
| On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a vulnerability in the AFM configuration utility may allow any authenticated BIG-IP user to run an SQL injection attack. | |||||
| CVE-2019-18663 | 1 Isl | 1 Arp-guard | 2019-11-05 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in a /login/forgot1 POST request in ARP-GUARD 4.0.0-5 allows unauthenticated remote attackers to execute arbitrary SQL commands via the user_id parameter. | |||||
| CVE-2018-16659 | 1 Rausoft | 1 Id.prove | 2019-11-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xp_cmdshell for the further privilege elevation. | |||||
| CVE-2010-3662 | 1 Typo3 | 1 Typo3 | 2019-11-05 | 6.5 MEDIUM | 8.8 HIGH |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend. | |||||
| CVE-2013-2738 | 1 Readymedia Project | 1 Readymedia | 2019-11-04 | 7.5 HIGH | 9.8 CRITICAL |
| minidlna has SQL Injection that may allow retrieval of arbitrary files | |||||
| CVE-2009-4899 | 1 Pixelpost | 1 Pixelpost | 2019-11-01 | 7.5 HIGH | 9.8 CRITICAL |
| pixelpost 1.7.1 has SQL injection | |||||
| CVE-2019-10762 | 1 Medoo | 1 Medoo | 2019-11-01 | 7.5 HIGH | 9.8 CRITICAL |
| columnQuote in medoo before 1.7.5 allows remote attackers to perform a SQL Injection due to improper escaping. | |||||
| CVE-2019-10749 | 1 Sequelizejs | 1 Sequelize | 2019-10-31 | 7.5 HIGH | 9.8 CRITICAL |
| sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect. | |||||
| CVE-2015-0270 | 1 Zend | 1 Framework | 2019-10-30 | 7.5 HIGH | 9.8 CRITICAL |
| Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter. | |||||
| CVE-2019-12516 | 1 Slickquiz Project | 1 Slickquiz | 2019-10-29 | 6.5 MEDIUM | 8.8 HIGH |
| The slickquiz plugin through 1.3.7.1 for WordPress allows SQL Injection by Subscriber users, as demonstrated by a /wp-admin/admin.php?page=slickquiz-scores&id= or /wp-admin/admin.php?page=slickquiz-edit&id= or /wp-admin/admin.php?page=slickquiz-preview&id= URI. | |||||
| CVE-2019-18387 | 1 Hotel And Lodge Management System Project | 1 Hotel And Lodge Management System | 2019-10-28 | 7.5 HIGH | 9.8 CRITICAL |
| Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details. | |||||
| CVE-2015-9496 | 1 Freshmail | 1 Freshmail-newsletter | 2019-10-24 | 6.5 MEDIUM | 8.8 HIGH |
| The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring. | |||||
| CVE-2019-17119 | 1 Wikidsystems | 1 Two Factor Authentication Enterprise Server | 2019-10-22 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter. | |||||
| CVE-2019-16917 | 1 Wikidsystems | 1 Two Factor Authentication Enterprise Server | 2019-10-22 | 6.5 MEDIUM | 8.8 HIGH |
| WiKID Enterprise 2FA (two factor authentication) Enterprise Server through 4.2.0-b2047 is vulnerable to SQL injection through the searchDevices.jsp endpoint. The uid and domain parameters are used, unsanitized, in a SQL query constructed in the buildSearchWhereClause function. | |||||
| CVE-2014-2311 | 1 Modx | 1 Modx Revolution | 2019-10-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modx.class.php in MODX Revolution 2.0.0 before 2.2.13 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-2736 | 1 Modx | 1 Modx Revolution | 2019-10-22 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MODX Revolution before 2.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) session ID (PHPSESSID) to index.php or remote authenticated users to execute arbitrary SQL commands via the (2) user parameter to connectors/security/message.php or (3) id parameter to manager/index.php. | |||||
| CVE-2019-17117 | 1 Wikidsystems | 1 2fa Enterprise Server | 2019-10-22 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows an authenticated user to execute arbitrary SQL commands via the processPref.jsp key parameter. | |||||
| CVE-2019-16404 | 1 Open-emr | 1 Openemr | 2019-10-22 | 6.5 MEDIUM | 8.8 HIGH |
| Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter. | |||||