Total
14683 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13191 | 1 Mapsolutions | 1 Intramaps | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL injection vulnerability in IntraMaps MapControl 8 allows attackers to execute arbitrary SQL commands via the /ApplicationEngine/Search/Refine/Set page. | |||||
| CVE-2019-13086 | 1 Cszcms | 1 Csz Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrf_csz parameter. | |||||
| CVE-2019-13079 | 1 Quest | 1 Kace Systems Management Appliance | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /adminui/history_log.php. The affected parameter is TYPE_NAME. | |||||
| CVE-2019-13078 | 1 Quest | 1 Kace Systems Management Appliance | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /common/user_profile.php. The affected parameter is sort_column. | |||||
| CVE-2019-13076 | 1 Quest | 1 Kace Systems Management Appliance | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /userui/ticket_list.php, and affected parameters are order[0][column] and order[0][dir]. | |||||
| CVE-2019-13027 | 1 Realization | 1 Concerto Critical Chain Planner | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Realization Concerto Critical Chain Planner (aka CCPM) 5.10.8071 has SQL Injection in at least in the taskupdt/taskdetails.aspx webpage via the projectname parameter. | |||||
| CVE-2019-13026 | 1 Oxid-esales | 1 Eshop | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This includes all shopping cart options, customer data, and the database. No interaction between the attacker and the victim is necessary. | |||||
| CVE-2019-12960 | 1 Livezilla | 1 Livezilla | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php via the parameter p_dt_s_d. | |||||
| CVE-2019-12946 | 1 Elcom | 1 Elcom Cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Elcom CMS before 10.7 has SQL Injection via EventSearchByState.aspx and EventSearchAdv.aspx. | |||||
| CVE-2019-12939 | 1 Livezilla | 1 Livezilla | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the p_ext_rse parameter. | |||||
| CVE-2019-12918 | 1 Quest | 1 Kace Systems Management Appliance | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. The affected file is software_library.php and affected parameters are order[0][column] and order[0][dir]. | |||||
| CVE-2019-12872 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via view_unpushed_bundles.jsp. | |||||
| CVE-2019-12850 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168. | |||||
| CVE-2019-12838 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection. | |||||
| CVE-2019-12723 | 1 Teclib-edition | 1 Fields | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user. | |||||
| CVE-2019-12720 | 1 Auo | 1 Sunveillance Monitoring System \& Data Recorder | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| AUO SunVeillance Monitoring System before v1.1.9e is vulnerable to mvc_send_mail.aspx (MailAdd parameter) SQL Injection. An Attacker can carry a SQL Injection payload to the server, allowing the attacker to read privileged data. This also affects the picture_manage_mvc.aspx plant_no parameter, the swapdl_mvc.aspx plant_no parameter, and the account_management.aspx Text_Postal_Code and Text_Dis_Code parameters. | |||||
| CVE-2019-12710 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an authenticated, remote attacker to impact the confidentiality of an affected system by executing arbitrary SQL queries. The vulnerability exists because the affected software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted requests that contain malicious SQL statements to the affected application. A successful exploit could allow the attacker to determine the presence of certain values in the database, impacting the confidentiality of the system. | |||||
| CVE-2019-12619 | 1 Cisco | 8 Sd-wan Firmware, Vedge-100, Vedge-1000 and 5 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web interface for Cisco SD-WAN Solution vManage could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data. | |||||
| CVE-2019-12601 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 3 of 3). | |||||
| CVE-2019-12600 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 2 of 3). | |||||