Total
14695 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19209 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Dolibarr ERP/CRM before 10.0.3 allows SQL Injection. | |||||
| CVE-2019-19207 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| rConfig 3.9.2 allows devices.php?searchColumn= SQL injection. | |||||
| CVE-2019-19113 | 1 Newbee-mall Project | 1 Newbee-mall | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?goodsCategoryId=&keyword= SQL Injection. | |||||
| CVE-2019-19094 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 6.5 MEDIUM | 7.6 HIGH |
| Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database. | |||||
| CVE-2019-19029 | 2 Linuxfoundation, Pivotal | 2 Harbor, Vmware Harbor Registry | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform. | |||||
| CVE-2019-19026 | 2 Linuxfoundation, Pivotal | 2 Harbor, Vmware Harbor Registry | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform. | |||||
| CVE-2019-19016 | 1 Titanhq | 1 Webtitan | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in TitanHQ WebTitan before 5.18. Some functions, such as /history-x.php, of the administration interface are vulnerable to SQL Injection through the results parameter. This could be used by an attacker to extract sensitive information from the appliance database. | |||||
| CVE-2019-18890 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query. | |||||
| CVE-2019-18866 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3.00r4 allows a user to extract arbitrary data from the rkc database. | |||||
| CVE-2019-18784 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection. | |||||
| CVE-2019-18663 | 1 Isl | 1 Arp-guard | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in a /login/forgot1 POST request in ARP-GUARD 4.0.0-5 allows unauthenticated remote attackers to execute arbitrary SQL commands via the user_id parameter. | |||||
| CVE-2019-18662 | 1 Youphptube | 1 Youphptube | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in YouPHPTube through 7.7. User input passed through the live_stream_code POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized (in getFromChat in plugin/LiveChat/Objects/LiveChatObj.php) before being used to construct a SQL query. This can be exploited by malicious users to, e.g., read sensitive data from the database through in-band SQL Injection attacks. Successful exploitation of this vulnerability requires the Live Chat plugin to be enabled. | |||||
| CVE-2019-18646 | 1 Untangle | 1 Ng Firewall | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user. | |||||
| CVE-2019-18622 | 3 Fedoraproject, Opensuse, Phpmyadmin | 4 Fedora, Backports Sle, Leap and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature. | |||||
| CVE-2019-18464 | 1 Ipswitch | 1 Moveit Transfer | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3), multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database or may be able to alter the database. | |||||
| CVE-2019-18413 | 1 Typestack Class-validator Project | 1 Typestack Class-validator | 2024-11-21 | 7.5 HIGH | 3.7 LOW |
| In TypeStack class-validator 0.10.2, validate() input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that can be used to reduce the risk of this bypass, this option is not documented and thus most developers configure input validation in the vulnerable default manner. With this vulnerability, attackers can launch SQL Injection or XSS attacks by injecting arbitrary malicious input. NOTE: a software maintainer agrees with the "is not documented" finding but suggests that much of the responsibility for the risk lies in a different product. | |||||
| CVE-2019-18387 | 1 Hotel And Lodge Management System Project | 1 Hotel And Lodge Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details. | |||||
| CVE-2019-18344 | 1 Online Grading System Project | 1 Online Grading System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Sourcecodester Online Grading System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the student, instructor, department, room, class, or user page (id or classid parameter). | |||||
| CVE-2019-18234 | 1 Equinoxce | 1 Control Expert | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Equinox Control Expert all versions, is vulnerable to an SQL injection attack, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2019-18229 | 1 Advantech | 1 Wise-paas\/rmm | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information. | |||||