Total
14685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15105 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Zoho ManageEngine Application Manager through 14.2. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature. | |||||
| CVE-2019-15104 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Zoho ManageEngine OpManager through 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature. | |||||
| CVE-2019-15025 | 1 Ninjaforms | 1 Ninjaforms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page. | |||||
| CVE-2019-15016 | 1 Zingbox | 1 Inspector | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database. | |||||
| CVE-2019-14968 | 1 Txjia | 1 Imcat | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action. | |||||
| CVE-2019-14966 | 1 Frappe | 1 Frappe | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. There exists an authenticated SQL injection. | |||||
| CVE-2019-14937 | 1 Vanderbilt | 1 Redcap | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data. | |||||
| CVE-2019-14900 | 3 Hibernate, Quarkus, Redhat | 11 Hibernate Orm, Quarkus, Build Of Quarkus and 8 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. | |||||
| CVE-2019-14801 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows email subscription SQL injection. | |||||
| CVE-2019-14754 | 1 Open-school | 1 Open-school | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Open-School 3.0, and Community Edition 2.3, allows SQL Injection via the index.php?r=students/students/document id parameter. | |||||
| CVE-2019-14702 | 1 Microdigital | 6 Mdc-n2190v, Mdc-n2190v Firmware, Mdc-n4090 and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. SQL injection vulnerabilities exist in 13 forms that are reachable through HTTPD. An attacker can, for example, create an admin account. | |||||
| CVE-2019-14695 | 1 Sygnoos | 1 Popup Builder | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in the Sygnoos Popup Builder plugin before 3.45 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via com/libs/Table.php because Subscribers Table ordering is mishandled. | |||||
| CVE-2019-14529 | 1 Open-emr | 1 Openemr | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php. | |||||
| CVE-2019-14430 | 1 Youphptube | 1 Youphptube | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows SQL Injection. | |||||
| CVE-2019-14348 | 1 Beardev | 1 Joomsport | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via the joomsport_season/new-yorkers/?action=playerlist sid parameter. | |||||
| CVE-2019-14314 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.11 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via modules/nextgen_gallery_display/package.module.nextgen_gallery_display.php. | |||||
| CVE-2019-14313 | 1 10web | 1 Photo Gallery | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php. | |||||
| CVE-2019-14266 | 1 Opensns | 1 Opensns | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| OpenSNS v6.1.0 allows SQL Injection via the index.php?s=/ucenter/Config/ uid parameter because of the getNeedQueryData function in Application/Common/Model/UserModel.class.php. | |||||
| CVE-2019-14254 | 1 Publisure | 1 Publisure | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the secure portal in Publisure 2.1.2. Because SQL queries are not well sanitized, there are multiple SQL injections in userAccFunctions.php functions. Using this, an attacker can access passwords and/or grant access to the user account "user" in order to become "Administrator" (for example). | |||||
| CVE-2019-14234 | 3 Debian, Djangoproject, Fedoraproject | 3 Debian Linux, Django, Fedora | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function. | |||||