Total
15371 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-7003 | 1 Avaya | 1 Control Manager | 2024-11-21 | 6.4 MEDIUM | 10.0 CRITICAL |
A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated. | |||||
CVE-2019-7001 | 1 Avaya | 1 Ip Office Contact Center | 2024-11-21 | 6.5 MEDIUM | 9.9 CRITICAL |
A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affected versions of IP Office Contact Center include all 9.x and 10.x versions prior to 10.1.2.2.2-11201.1908. Unsupported versions not listed here were not evaluated. | |||||
CVE-2019-6805 | 1 S-cms | 1 S-cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter. | |||||
CVE-2019-6798 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature. | |||||
CVE-2019-6708 | 1 Phpshe | 1 Phpshe | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
PHPSHE 1.7 has SQL injection via the admin.php?mod=order state parameter. | |||||
CVE-2019-6707 | 1 Phpshe | 1 Phpshe | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
PHPSHE 1.7 has SQL injection via the admin.php?mod=product&act=state product_id[] parameter. | |||||
CVE-2019-6691 | 1 Phpwind | 1 Phpwind | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb[] parameter, related to the "--backup database" option. | |||||
CVE-2019-6658 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a vulnerability in the AFM configuration utility may allow any authenticated BIG-IP user to run an SQL injection attack. | |||||
CVE-2019-6523 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands. | |||||
CVE-2019-6506 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL Injection. | |||||
CVE-2019-6497 | 1 Hotels Server Project | 1 Hotels Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter. | |||||
CVE-2019-6491 | 1 Risi | 1 Gestao De Horarios | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection. | |||||
CVE-2019-6296 | 1 Skymoonlabs | 1 Cleanto | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Cleanto 5.0 has SQL Injection via the assets/lib/export_ajax.php id parameter. | |||||
CVE-2019-6295 | 1 Skymoonlabs | 1 Cleanto | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Cleanto 5.0 has SQL Injection via the assets/lib/service_method_ajax.php service_id parameter. | |||||
CVE-2019-6259 | 1 Icmsdev | 1 Icms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter. | |||||
CVE-2019-6127 | 1 Xiaocms | 1 Xiaocms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table[] SQL injection. This can be used for PHP code execution via "INTO OUTFILE" with a .php filename. | |||||
CVE-2019-6012 | 1 Tms-outsource | 1 Wpdatatables Lite | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2019-5996 | 1 Panasonic | 1 Video Insight Vms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
SQL injection vulnerability in the Video Insight VMS 7.3.2.5 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2019-5991 | 1 Cybozu | 1 Garoon | 2024-11-21 | 6.5 MEDIUM | 7.6 HIGH |
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2019-5934 | 1 Cybozu | 1 Garoon | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application 'logging'. |