Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10707 | 1 Mkcms Project | 1 Mkcms | 2019-04-03 | 7.5 HIGH | 9.8 CRITICAL |
| MKCMS V5.0 has SQL injection via the bplay.php play parameter. | |||||
| CVE-2019-10708 | 1 S-cms | 1 S-cms | 2019-04-03 | 7.5 HIGH | 9.8 CRITICAL |
| S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter. | |||||
| CVE-2019-9759 | 1 Tongda2000 | 1 Office Anywhere | 2019-04-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in TONGDA Office Anywhere 10.18.190121. There is a SQL Injection vulnerability via the general/approve_center/list/input_form/work_handle.php run_id parameter. | |||||
| CVE-2019-10663 | 1 Grandstream | 2 Ucm6204, Ucm6204 Firmware | 2019-04-01 | 6.5 MEDIUM | 8.8 HIGH |
| Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI. | |||||
| CVE-2019-10262 | 1 Bluecms Project | 1 Bluecms | 2019-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection issue was discovered in BlueCMS 1.6. The variable $ad_id is spliced directly in uploads/admin/ad.php in the admin folder, and is not wrapped in single quotes, resulting in injection around the escape of magic quotes. | |||||
| CVE-2018-20678 | 1 Librenms | 1 Librenms | 2019-03-28 | 6.5 MEDIUM | 8.8 HIGH |
| LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search. | |||||
| CVE-2018-6330 | 1 Laravel | 1 Framework | 2019-03-28 | 6.5 MEDIUM | 8.8 HIGH |
| Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters. | |||||
| CVE-2018-18798 | 1 School Attendance Monitoring System Project | 1 School Attendance Monitoring System | 2019-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| Attendance Monitoring System 1.0 has SQL Injection via the 'id' parameter to student/index.php?view=view, event/index.php?view=view, and user/index.php?view=view. | |||||
| CVE-2019-10232 | 1 Teclib-edition | 1 Gestionnaire Libre De Parc Informatique | 2019-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php. | |||||
| CVE-2019-6491 | 1 Risi | 1 Gestao De Horarios | 2019-03-25 | 6.5 MEDIUM | 8.8 HIGH |
| RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection. | |||||
| CVE-2019-9083 | 1 Sqlitemanager | 1 Sqlitemanager | 2019-03-25 | 7.5 HIGH | 9.8 CRITICAL |
| SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanager/main.php dbsel parameter. NOTE: This product is discontinued. | |||||
| CVE-2019-5722 | 1 Portier | 1 Portier | 2019-03-22 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Due to a lack of user input validation in parameter handling, it has various SQL injections, including on the login form, and on the search form for a key ring number. | |||||
| CVE-2018-19510 | 1 Ens | 1 Webgalamb | 2019-03-21 | 7.5 HIGH | 9.8 CRITICAL |
| subscriber.php in Webgalamb through 7.0 is vulnerable to SQL injection via the Client-IP HTTP request header. | |||||
| CVE-2017-17721 | 1 Zuuse | 1 Beims Contractorweb .net | 2019-03-21 | 7.5 HIGH | 9.8 CRITICAL |
| CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter. | |||||
| CVE-2017-5609 | 1 S9y | 1 Serendipity | 2019-03-19 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2017-6578 | 1 Mail-masta Project | 1 Mail-masta | 2019-03-19 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: subscriber_email. | |||||
| CVE-2017-6576 | 1 Mail-masta Project | 1 Mail-masta | 2019-03-19 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/campaign-delete.php with the GET Parameter: id. | |||||
| CVE-2017-6575 | 1 Mail-masta Project | 1 Mail-masta | 2019-03-19 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: member_id. | |||||
| CVE-2017-6574 | 1 Mail-masta Project | 1 Mail-masta | 2019-03-19 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: filter_list. | |||||
| CVE-2017-6577 | 1 Mail-masta Project | 1 Mail-masta | 2019-03-19 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: list_id. | |||||