Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7765 | 1 Schneider-electric | 1 U.motion Builder | 2019-05-14 | 6.8 MEDIUM | 8.8 HIGH |
| The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the object_id input parameter. | |||||
| CVE-2018-12295 | 1 Seagate | 1 Nas Os | 2019-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3.15.1 allows attackers to execute arbitrary SQL commands via the dirId URL parameter. | |||||
| CVE-2017-12759 | 1 Ynetinteractive | 1 Soa School Management | 2019-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| Ynet Interactive - http://demo.ynetinteractive.com/soa/ SOA School Management 3.0 is affected by: SQL Injection. The impact is: Code execution (remote). | |||||
| CVE-2017-12757 | 1 Ambittechnologies | 12 Itech B2b Script, Itech Business Networking Script, Itech Caregiver Script and 9 more | 2019-05-10 | 7.5 HIGH | 9.8 CRITICAL |
| Certain Ambit Technologies Pvt. Ltd products are affected by: SQL Injection. This affects iTech B2B Script 4.42i and Tech Business Networking Script 8.26i and Tech Caregiver Script 2.71i and Tech Classifieds Script 7.41i and Tech Dating Script 3.40i and Tech Freelancer Script 5.27i and Tech Image Sharing Script 4.13i and Tech Job Script 9.27i and Tech Movie Script 7.51i and Tech Multi Vendor Script 6.63i and Tech Social Networking Script 3.08i and Tech Travel Script 9.49. The impact is: Code execution (remote). | |||||
| CVE-2017-12761 | 1 Webfile Explorer Project | 1 Webfile Explorer | 2019-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by: SQL Injection. The impact is: Arbitrary File Download (remote). The component is: $file = $_GET['id'] in download.php. The attack vector is: http://speicher.example.com/envato/codecanyon/demo/web-file-explorer/download.php?id=WebExplorer/../config.php. | |||||
| CVE-2017-12758 | 1 Joomlaextensions | 1 Component Appointment | 2019-05-09 | 7.5 HIGH | 9.8 CRITICAL |
| https://www.joomlaextensions.co.in/ Joomla! Component Appointment 1.1 is affected by: SQL Injection. The impact is: Code execution (remote). The component is: com_appointment component. | |||||
| CVE-2018-20556 | 1 Booking Calendar Project | 1 Booking Calendar | 2019-05-09 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the booking_id parameter. | |||||
| CVE-2019-11448 | 1 Zohocorp | 1 Manageengine Applications Manager | 2019-05-06 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text to a .vbs file. | |||||
| CVE-2019-11678 | 1 Zohocorp | 1 Manageengine Firewall Analyzer | 2019-05-03 | 7.5 HIGH | 9.8 CRITICAL |
| The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection. | |||||
| CVE-2018-14874 | 1 Polarisft | 1 Intellect Core Banking | 2019-05-03 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. Input passed through the code parameter in three pages as collaterals/colexe3t.jsp and /references/refsuppu.jsp and /references/refbranu.jsp is mishandled before being used in SQL queries, allowing SQL injection with an authenticated session. | |||||
| CVE-2019-10664 | 1 Domoticz | 1 Domoticz | 2019-05-03 | 7.5 HIGH | 9.8 CRITICAL |
| Domoticz before 4.10578 allows SQL Injection via the idx parameter in CWebServer::GetFloorplanImage in WebServer.cpp. | |||||
| CVE-2019-11614 | 1 Doorgets | 1 Doorgets Cms | 2019-05-01 | 5.0 MEDIUM | 7.5 HIGH |
| doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/commentView.php. A remote unauthorized attacker could exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2019-11620 | 1 Doorgets | 1 Doorgets Cms | 2019-05-01 | 4.0 MEDIUM | 4.9 MEDIUM |
| doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. A remote background administrator privilege user (or a user with permission to manage modulecategory) could exploit the vulnerability to obtain database sensitive information via modulecategory_add_titre. | |||||
| CVE-2019-11621 | 1 Doorgets | 1 Doorgets Cms | 2019-05-01 | 4.0 MEDIUM | 4.9 MEDIUM |
| doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=network. A remote background administrator privilege user (or a user with permission to manage network configuration) could exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2019-11622 | 1 Doorgets | 1 Doorgets Cms | 2019-05-01 | 4.0 MEDIUM | 4.9 MEDIUM |
| doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. A remote background administrator privilege user (or a user with permission to manage modulecategory) could exploit the vulnerability to obtain database sensitive information via modulecategory_edit_titre. | |||||
| CVE-2019-11623 | 1 Doorgets | 1 Doorgets Cms | 2019-05-01 | 4.0 MEDIUM | 4.9 MEDIUM |
| doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=siteweb. A remote background administrator privilege user (or a user with permission to manage configuration siteweb) could exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2019-11625 | 1 Doorgets | 1 Doorgets Cms | 2019-05-01 | 4.0 MEDIUM | 4.9 MEDIUM |
| doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/emailingRequest.php. A remote background administrator privilege user (or a user with permission to manage emailing) could exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2019-11613 | 1 Doorgets | 1 Doorgets Cms | 2019-05-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/contactView.php. A remote normal registered user could exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2019-11619 | 1 Doorgets | 1 Doorgets Cms | 2019-05-01 | 4.0 MEDIUM | 4.9 MEDIUM |
| doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=analytics. A remote background administrator privilege user (or a user with permission to manage configuration analytics) could exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2019-11567 | 1 Aikcms | 1 Aikcms | 2019-04-29 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in AikCms v2.0. There is a SQL Injection vulnerability via $_GET['del'], as demonstrated by an admin/page/system/nav.php?del= URI. | |||||