Total
14659 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10910 | 2 Drupal, Sensiolabs | 2 Drupal, Symfony | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection. | |||||
| CVE-2019-10866 | 1 10web | 1 Form Maker | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function get_labels_parameters in the file form-maker/admin/models/Submissions_fm.php with a crafted value of the /models/Submissioc parameter. | |||||
| CVE-2019-10852 | 1 Computrols | 1 Computrols Building Automation Software | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=start_pulling&id= substring. | |||||
| CVE-2019-10766 | 1 Pixie Project | 1 Pixie | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Pixie versions 1.0.x before 1.0.3, and 2.0.x before 2.0.2 allow SQL Injection in the limit() function due to improper sanitization. | |||||
| CVE-2019-10763 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| pimcore/pimcore before 6.3.0 is vulnerable to SQL Injection. An attacker with limited privileges (classes permission) can achieve a SQL injection that can lead in data leakage. The vulnerability can be exploited via 'id', 'storeId', 'pageSize' and 'tables' parameters, using a payload for trigger a time based or error based sql injection. | |||||
| CVE-2019-10762 | 1 Medoo | 1 Medoo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| columnQuote in medoo before 1.7.5 allows remote attackers to perform a SQL Injection due to improper escaping. | |||||
| CVE-2019-10757 | 1 Knexjs | 1 Knex | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB. | |||||
| CVE-2019-10752 | 1 Sequelizejs | 1 Sequelize | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite. | |||||
| CVE-2019-10749 | 1 Sequelizejs | 1 Sequelize | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect. | |||||
| CVE-2019-10748 | 1 Sequelizejs | 1 Sequelize | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects. | |||||
| CVE-2019-10708 | 1 S-cms | 1 S-cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter. | |||||
| CVE-2019-10707 | 1 Mkcms Project | 1 Mkcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| MKCMS V5.0 has SQL injection via the bplay.php play parameter. | |||||
| CVE-2019-10692 | 1 Codecabin | 1 Wp Go Maps | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement. | |||||
| CVE-2019-10687 | 1 Kbpublisher | 1 Kbpublisher | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entry_id[0] parameter, the admin/index.php?module=log id parameter, or an index.php?View=print&id[]= request. | |||||
| CVE-2019-10671 | 1 Librenms | 1 Librenms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in LibreNMS through 1.47. It does not parameterize all user supplied input within database queries, resulting in SQL injection. An authenticated attacker can subvert these database queries to extract or manipulate data, as demonstrated by the graph.php sort parameter. | |||||
| CVE-2019-10664 | 1 Domoticz | 1 Domoticz | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Domoticz before 4.10578 allows SQL Injection via the idx parameter in CWebServer::GetFloorplanImage in WebServer.cpp. | |||||
| CVE-2019-10663 | 1 Grandstream | 2 Ucm6204, Ucm6204 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI. | |||||
| CVE-2019-10653 | 1 Hsycms | 1 Hsycms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Hsycms V1.1. There is a SQL injection vulnerability via a /news/*.html page. | |||||
| CVE-2019-10262 | 1 Bluecms Project | 1 Bluecms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection issue was discovered in BlueCMS 1.6. The variable $ad_id is spliced directly in uploads/admin/ad.php in the admin folder, and is not wrapped in single quotes, resulting in injection around the escape of magic quotes. | |||||
| CVE-2019-10232 | 1 Teclib-edition | 1 Gestionnaire Libre De Parc Informatique | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php. | |||||