Total
14669 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12353 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/dl_sendmail.php (when the attacker has admin authority) via the id parameter. | |||||
| CVE-2019-12352 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendmail.php (when the attacker has dls_print authority) via a dlid cookie. | |||||
| CVE-2019-12351 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_print.php via an id parameter value with a trailing comma. | |||||
| CVE-2019-12350 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_download.php via an id parameter value with a trailing comma. | |||||
| CVE-2019-12349 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 2019. SQL Injection exists in /admin/dl_sendsms.php via the id parameter. | |||||
| CVE-2019-12348 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 2019. SQL Injection exists in user/ztconfig.php via the daohang or img POST parameter. | |||||
| CVE-2019-12279 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form). NOTE: The vendor disputes this issues as not being a vulnerability because the issue does not seem to be a legitimate SQL Injection. The POC does not show any valid injection that can be done with the variable provided, and while the username value being passed does get used in a SQL query, it is passed through SQL escaping functions when creating the call. The vendor tried re-creating the issue with no luck | |||||
| CVE-2019-12251 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadmin_ceditpost cvalue parameter. | |||||
| CVE-2019-12239 | 1 Wpbookingsystem | 1 Wp Booking System | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access. | |||||
| CVE-2019-12196 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine NetFlow Analyzer 12.3 allows attackers to execute arbitrary SQL commands via the DeviceID parameter. | |||||
| CVE-2019-12193 | 1 H3c | 1 H3cloud Os | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| H3C H3Cloud OS all versions allows SQL injection via the ear/grid_event sidx parameter. | |||||
| CVE-2019-12149 | 1 Silverstripe | 2 Registry, Restfulserver | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in silverstripe/restfulserver module 1.0.x before 1.0.9, 2.0.x before 2.0.4, and 2.1.x before 2.1.2 and silverstripe/registry module 2.1.x before 2.1.1 and 2.2.x before 2.2.1 allows attackers to execute arbitrary SQL commands. | |||||
| CVE-2019-11984 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-11979 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-11978 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-11977 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-11976 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-11975 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-11974 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-11973 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||