Total
14669 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11972 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-11971 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-11970 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-11880 | 1 Commsy | 1 Commsy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| CommSy through 8.6.5 has SQL Injection via the cid parameter. This is fixed in 9.2. | |||||
| CVE-2019-11821 | 1 Synology | 1 Photo Station | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter. | |||||
| CVE-2019-11768 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature. | |||||
| CVE-2019-11678 | 1 Zohocorp | 1 Manageengine Firewall Analyzer | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection. | |||||
| CVE-2019-11625 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/emailingRequest.php. A remote background administrator privilege user (or a user with permission to manage emailing) could exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2019-11623 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=siteweb. A remote background administrator privilege user (or a user with permission to manage configuration siteweb) could exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2019-11622 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. A remote background administrator privilege user (or a user with permission to manage modulecategory) could exploit the vulnerability to obtain database sensitive information via modulecategory_edit_titre. | |||||
| CVE-2019-11621 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=network. A remote background administrator privilege user (or a user with permission to manage network configuration) could exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2019-11620 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. A remote background administrator privilege user (or a user with permission to manage modulecategory) could exploit the vulnerability to obtain database sensitive information via modulecategory_add_titre. | |||||
| CVE-2019-11619 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=analytics. A remote background administrator privilege user (or a user with permission to manage configuration analytics) could exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2019-11614 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/commentView.php. A remote unauthorized attacker could exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2019-11613 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/contactView.php. A remote normal registered user could exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2019-11600 | 1 Openproject | 1 Openproject | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access. | |||||
| CVE-2019-11567 | 1 Aikcms | 1 Aikcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in AikCms v2.0. There is a SQL Injection vulnerability via $_GET['del'], as demonstrated by an admin/page/system/nav.php?del= URI. | |||||
| CVE-2019-11518 | 1 Sem-cms | 1 Semcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in SEMCMS 3.8. SEMCMS_Inquiry.php allows AID[] SQL Injection because the class.phpmailer.php inject_check_sql protection mechanism is incomplete. | |||||
| CVE-2019-11512 | 1 Contao | 1 Contao | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Contao 4.x allows SQL Injection. Fixed in Contao 4.4.39 and Contao 4.7.5. | |||||
| CVE-2019-11469 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the "Execute Program Action(s)" feature. | |||||