Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-89
Total 14685 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-15567 1 Openforis 1 Arena 2024-11-21 7.5 HIGH 9.8 CRITICAL
OpenForis Arena before 2019-05-07 allows SQL injection in the sorting feature.
CVE-2019-15566 1 Alfresco 1 Alfresco 2024-11-21 7.5 HIGH 9.8 CRITICAL
The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java.
CVE-2019-15565 1 Webimpacto 1 Icommktconnector 2024-11-21 7.5 HIGH 9.8 CRITICAL
The ICOMMKT connector before 1.0.7 for PrestaShop allows SQL injection in icommktconnector.php.
CVE-2019-15564 1 Compassionuk 1 Compassion Switzerland 2024-11-21 7.5 HIGH 9.8 CRITICAL
The Compassion Switzerland addons 10.01.4 for Odoo allow SQL injection in models/partner_compassion.py.
CVE-2019-15563 1 Ohdsi 1 Webapi 2024-11-21 7.5 HIGH 9.8 CRITICAL
Observational Health Data Sciences and Informatics (OHDSI) WebAPI before 2.7.2 allows SQL injection in FeatureExtractionService.java.
CVE-2019-15562 1 Gorm 1 Gorm 2024-11-21 7.5 HIGH 9.8 CRITICAL
GORM before 1.9.10 allows SQL injection via incomplete parentheses. NOTE: Misusing Gorm by passing untrusted user input where Gorm expects trusted SQL fragments is a vulnerability in the application, not in Gorm
CVE-2019-15561 1 Flashlingo Project 1 Flashlingo 2024-11-21 7.5 HIGH 9.8 CRITICAL
FlashLingo before 2019-06-12 allows SQL injection, related to flashlingo.js and db.js.
CVE-2019-15560 1 Reviews Module Project 1 Reviews Module 2024-11-21 7.5 HIGH 9.8 CRITICAL
The Reviews Module before 2019-06-14 for OpenSource Table allows SQL injection in database/index.js.
CVE-2019-15559 1 Hawn Project 1 Hawn 2024-11-21 7.5 HIGH 9.8 CRITICAL
DianoxDragon Hawn before 2019-07-10 allows SQL injection.
CVE-2019-15558 1 Xm-online 1 Xm\^online 2 - Common Utils And Endpoints 2024-11-21 7.5 HIGH 9.8 CRITICAL
XM^online 2 Common Utils and Endpoints 0.2.1 allows SQL injection, related to Constants.java, DropSchemaResolver.java, and SchemaChangeResolver.java.
CVE-2019-15557 1 Xm-online 1 Xm\^online 2 User Account And Authentication Server 2024-11-21 7.5 HIGH 9.8 CRITICAL
XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key.
CVE-2019-15556 1 Social Network Project 1 Social Network 2024-11-21 7.5 HIGH 9.8 CRITICAL
Pvanloon1983 social_network before 2019-07-03 allows SQL injection in includes/form_handlers/register_handler.php.
CVE-2019-15555 1 Wellness Project 1 Wellness 2024-11-21 7.5 HIGH 9.8 CRITICAL
FredReinink Wellness-app before 2019-06-19 allows SQL injection, related to dietTrack.php, exerciseGenerator.php, fitnessTrack.php, and server.php.
CVE-2019-15537 1 Cesnet 1 Proxystatistics 2024-11-21 7.5 HIGH 9.8 CRITICAL
The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php.
CVE-2019-15536 1 Youracclaim 1 Acclaim 2024-11-21 7.5 HIGH 9.8 CRITICAL
The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via delete_records.
CVE-2019-15535 1 Hostosm 1 Tasking Manager 2024-11-21 7.5 HIGH 9.8 CRITICAL
Tasking Manager before 3.4.0 allows SQL Injection via custom SQL.
CVE-2019-15534 1 Raml-module-builder Project 1 Raml-module-builder 2024-11-21 7.5 HIGH 9.8 CRITICAL
Raml-Module-Builder 26.4.0 allows SQL Injection in PostgresClient.update.
CVE-2019-15533 1 Xayr 1 Xenfcoresharp 2024-11-21 7.5 HIGH 9.8 CRITICAL
XENFCoreSharp before 2019-07-16 allows SQL injection in web/verify.php.
CVE-2019-15301 1 Terrasoft 1 Bpm Online Crm System Sdk 2024-11-21 7.5 HIGH 9.8 CRITICAL
A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm'online CRM-System SDK 7.13 allows attackers to execute arbitrary SQL commands via the value parameter.
CVE-2019-15300 1 Centreon 1 Centreon Web 2024-11-21 6.5 MEDIUM 8.8 HIGH
A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query.