Total
14736 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9626 | 1 Phpshe | 1 Phpshe | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| PHPSHE 1.7 allows module/index/cart.php pintuan_id SQL Injection to index.php. | |||||
| CVE-2019-9615 | 1 Ofcms Project | 1 Ofcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in OFCMS before 1.1.3. It allows admin/system/generate/create?sql= SQL injection, related to SystemGenerateController.java. | |||||
| CVE-2019-9594 | 1 Bluecms Project | 1 Bluecms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| BlueCMS 1.6 allows SQL Injection via the user_id parameter in an uploads/admin/user.php?act=edit request. | |||||
| CVE-2019-9568 | 1 Incsub | 1 Forminator | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has SQL Injection via the wp-admin/admin.php?page=forminator-entries entry[] parameter if the attacker has the delete permission. | |||||
| CVE-2019-9566 | 1 Flarumchina | 1 Flarumchina | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| FlarumChina v0.1.0-beta.7C has SQL injection via a /?q= request. | |||||
| CVE-2019-9204 | 1 Nagios | 1 Incident Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands. | |||||
| CVE-2019-9184 | 1 J2store | 1 J2store | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the product_option[] parameter. | |||||
| CVE-2019-9165 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id. | |||||
| CVE-2019-9087 | 1 Digitaldruid | 1 Hoteldruid | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php numtariffa1 parameter. | |||||
| CVE-2019-9086 | 1 Digitaldruid | 1 Hoteldruid | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle.php anno parameter. | |||||
| CVE-2019-9083 | 1 Sqlitemanager | 1 Sqlitemanager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanager/main.php dbsel parameter. NOTE: This product is discontinued. | |||||
| CVE-2019-9053 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter. | |||||
| CVE-2019-9047 | 1 Fizzday | 1 Gorose | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| GoRose v1.0.4 has SQL Injection when the order_by or group_by parameter can be controlled. | |||||
| CVE-2019-9039 | 1 Couchbase | 1 Sync Gateway | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions through the parameters "startkey" and "endkey" on the "_all_docs" endpoint. By issuing nested queries with CPU-intensive operations they may have been able to cause increased resource usage and denial of service conditions. The _all_docs endpoint is not required for Couchbase Mobile replication and external access to this REST endpoint has been blocked to mitigate this issue. This issue has been fixed in versions 2.5.0 and 2.1.3. | |||||
| CVE-2019-8979 | 1 Kohanaframework | 1 Kohana | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Kohana through 3.3.6 has SQL Injection when the order_by() parameter can be controlled. | |||||
| CVE-2019-8923 | 1 Apachefriends | 1 Xampp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf.php jahr parameter. NOTE: This product is discontinued. | |||||
| CVE-2019-8600 | 1 Apple | 6 Icloud, Iphone Os, Itunes and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A maliciously crafted SQL query may lead to arbitrary code execution. | |||||
| CVE-2019-8429 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter. | |||||
| CVE-2019-8428 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value. | |||||
| CVE-2019-8424 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter. | |||||