Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9352 | 1 Wp-polls Project | 1 Wp-polls | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-polls plugin before 2.72 for WordPress has SQL injection. | |||||
| CVE-2019-15646 | 1 Rsvpmaker Project | 1 Rsvpmaker | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| The rsvpmaker plugin before 6.2 for WordPress has SQL injection. | |||||
| CVE-2018-21004 | 1 Rsvpmaker Project | 1 Rsvpmaker | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection. | |||||
| CVE-2019-15537 | 1 Cesnet | 1 Proxystatistics | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php. | |||||
| CVE-2019-15565 | 1 Webimpacto | 1 Icommktconnector | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| The ICOMMKT connector before 1.0.7 for PrestaShop allows SQL injection in icommktconnector.php. | |||||
| CVE-2019-15567 | 1 Openforis | 1 Arena | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| OpenForis Arena before 2019-05-07 allows SQL injection in the sorting feature. | |||||
| CVE-2018-21003 | 1 Themekraft | 1 Buddyforms | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| The buddyforms plugin before 2.2.8 for WordPress has SQL injection. | |||||
| CVE-2019-15556 | 1 Social Network Project | 1 Social Network | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| Pvanloon1983 social_network before 2019-07-03 allows SQL injection in includes/form_handlers/register_handler.php. | |||||
| CVE-2019-15561 | 1 Flashlingo Project | 1 Flashlingo | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| FlashLingo before 2019-06-12 allows SQL injection, related to flashlingo.js and db.js. | |||||
| CVE-2019-15566 | 1 Alfresco | 1 Alfresco | 2019-08-27 | 7.5 HIGH | 9.8 CRITICAL |
| The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java. | |||||
| CVE-2019-15564 | 1 Compassionuk | 1 Compassion Switzerland | 2019-08-27 | 7.5 HIGH | 9.8 CRITICAL |
| The Compassion Switzerland addons 10.01.4 for Odoo allow SQL injection in models/partner_compassion.py. | |||||
| CVE-2019-10687 | 1 Kbpublisher | 1 Kbpublisher | 2019-08-27 | 7.5 HIGH | 9.8 CRITICAL |
| KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entry_id[0] parameter, the admin/index.php?module=log id parameter, or an index.php?View=print&id[]= request. | |||||
| CVE-2019-14937 | 1 Vanderbilt | 1 Redcap | 2019-08-27 | 6.0 MEDIUM | 7.5 HIGH |
| REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data. | |||||
| CVE-2019-14430 | 1 Youphptube | 1 Youphptube | 2019-08-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows SQL Injection. | |||||
| CVE-2019-15104 | 1 Zohocorp | 1 Manageengine Applications Manager | 2019-08-26 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Zoho ManageEngine OpManager through 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature. | |||||
| CVE-2019-15535 | 1 Hostosm | 1 Tasking Manager | 2019-08-26 | 7.5 HIGH | 9.8 CRITICAL |
| Tasking Manager before 3.4.0 allows SQL Injection via custom SQL. | |||||
| CVE-2019-15105 | 1 Zohocorp | 1 Manageengine Applications Manager | 2019-08-26 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Zoho ManageEngine Application Manager through 14.2. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature. | |||||
| CVE-2014-10387 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2019-08-26 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection. | |||||
| CVE-2019-15534 | 1 Raml-module-builder Project | 1 Raml-module-builder | 2019-08-26 | 7.5 HIGH | 9.8 CRITICAL |
| Raml-Module-Builder 26.4.0 allows SQL Injection in PostgresClient.update. | |||||
| CVE-2017-18573 | 1 Simplerealtytheme | 1 Simple Login Log | 2019-08-26 | 7.5 HIGH | 9.8 CRITICAL |
| The simple-login-log plugin before 1.1.2 for WordPress has SQL injection. | |||||