Total
14695 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-17647 | 1 Centreon | 1 Centreon | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Centreon before 2.8.30, 18.10.8, 19.04.5, and 19.10.2. SQL Injection exists via the include/monitoring/status/Hosts/xml/hostXML.php instance parameter. | |||||
| CVE-2019-17612 | 1 74cms | 1 74cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in 74CMS v5.2.8. There is a SQL Injection generated by the _list method in the Common/Controller/BackendController.class.php file via the index.php?m=Admin&c=Ad&a=category sort parameter. | |||||
| CVE-2019-17602 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated. | |||||
| CVE-2019-17580 | 1 Dormsystem Project | 1 Dormsystem | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| tonyy dormsystem through 1.3 allows SQL Injection in admin.php. | |||||
| CVE-2019-17553 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the admin/?n=tags&c=index&a=doSaveTags URI. | |||||
| CVE-2019-17552 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in idreamsoft iCMS v7.0.14. There is a spider_project.admincp.php SQL injection vulnerability in the 'upload spider project scheme' feature via a two-dimensional payload. | |||||
| CVE-2019-17527 | 1 Joomsky | 1 Js Jobs | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| dataForDepandantField in models/custormfields.php in the JS JOBS FREE extension before 1.2.7 for Joomla! allows SQL Injection via the index.php?option=com_jsjobs&task=customfields.getfieldtitlebyfieldandfieldfo child parameter. | |||||
| CVE-2019-17429 | 1 Adhouma Cms Project | 1 Adhouma Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Adhouma CMS through 2019-10-09 has SQL Injection via the post.php p_id parameter. | |||||
| CVE-2019-17419 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=user&c=admin_user&a=doGetUserInfo id parameter. | |||||
| CVE-2019-17418 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter, a different issue than CVE-2019-16997. | |||||
| CVE-2019-17370 | 1 Otcms | 1 Otcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFile_deal.php blocks "into outfile" in a SELECT statement, but does not block the "into/**/outfile" manipulation. Therefore, the attacker can create a .php file. | |||||
| CVE-2019-17357 | 1 Cacti | 1 Cacti | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery. | |||||
| CVE-2019-17319 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Emails module by a Regular user. | |||||
| CVE-2019-17318 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by a Regular user. | |||||
| CVE-2019-17298 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Administration module by a Developer user. | |||||
| CVE-2019-17297 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Quotes module by a Regular user. | |||||
| CVE-2019-17296 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Contacts module by a Regular user. | |||||
| CVE-2019-17295 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the history function by a Regular user. | |||||
| CVE-2019-17294 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the export function by a Regular user. | |||||
| CVE-2019-17293 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Project module by a Regular user. | |||||