Vulnerabilities (CVE)

Filtered by CWE-89
Total 15371 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-7003 1 Avaya 1 Control Manager 2024-11-21 6.4 MEDIUM 10.0 CRITICAL
A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated.
CVE-2019-7001 1 Avaya 1 Ip Office Contact Center 2024-11-21 6.5 MEDIUM 9.9 CRITICAL
A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affected versions of IP Office Contact Center include all 9.x and 10.x versions prior to 10.1.2.2.2-11201.1908. Unsupported versions not listed here were not evaluated.
CVE-2019-6805 1 S-cms 1 S-cms 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter.
CVE-2019-6798 1 Phpmyadmin 1 Phpmyadmin 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.
CVE-2019-6708 1 Phpshe 1 Phpshe 2024-11-21 6.5 MEDIUM 7.2 HIGH
PHPSHE 1.7 has SQL injection via the admin.php?mod=order state parameter.
CVE-2019-6707 1 Phpshe 1 Phpshe 2024-11-21 6.5 MEDIUM 7.2 HIGH
PHPSHE 1.7 has SQL injection via the admin.php?mod=product&act=state product_id[] parameter.
CVE-2019-6691 1 Phpwind 1 Phpwind 2024-11-21 6.5 MEDIUM 7.2 HIGH
phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb[] parameter, related to the "--backup database" option.
CVE-2019-6658 1 F5 1 Big-ip Advanced Firewall Manager 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a vulnerability in the AFM configuration utility may allow any authenticated BIG-IP user to run an SQL injection attack.
CVE-2019-6523 1 Advantech 1 Webaccess\/scada 2024-11-21 7.5 HIGH 9.8 CRITICAL
WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands.
CVE-2019-6506 1 Salesagility 1 Suitecrm 2024-11-21 7.5 HIGH 9.8 CRITICAL
SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL Injection.
CVE-2019-6497 1 Hotels Server Project 1 Hotels Server 2024-11-21 7.5 HIGH 9.8 CRITICAL
Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.
CVE-2019-6491 1 Risi 1 Gestao De Horarios 2024-11-21 6.5 MEDIUM 8.8 HIGH
RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection.
CVE-2019-6296 1 Skymoonlabs 1 Cleanto 2024-11-21 7.5 HIGH 9.8 CRITICAL
Cleanto 5.0 has SQL Injection via the assets/lib/export_ajax.php id parameter.
CVE-2019-6295 1 Skymoonlabs 1 Cleanto 2024-11-21 7.5 HIGH 9.8 CRITICAL
Cleanto 5.0 has SQL Injection via the assets/lib/service_method_ajax.php service_id parameter.
CVE-2019-6259 1 Icmsdev 1 Icms 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter.
CVE-2019-6127 1 Xiaocms 1 Xiaocms 2024-11-21 6.5 MEDIUM 7.2 HIGH
An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table[] SQL injection. This can be used for PHP code execution via "INTO OUTFILE" with a .php filename.
CVE-2019-6012 1 Tms-outsource 1 Wpdatatables Lite 2024-11-21 6.5 MEDIUM 7.2 HIGH
SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2019-5996 1 Panasonic 1 Video Insight Vms 2024-11-21 6.5 MEDIUM 8.8 HIGH
SQL injection vulnerability in the Video Insight VMS 7.3.2.5 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2019-5991 1 Cybozu 1 Garoon 2024-11-21 6.5 MEDIUM 7.6 HIGH
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2019-5934 1 Cybozu 1 Garoon 2024-11-21 6.5 MEDIUM 7.2 HIGH
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application 'logging'.