Vulnerabilities (CVE)

Filtered by CWE-89
Total 15388 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-15659 1 Genetechsolutions 1 Pie Register 2024-11-21 7.5 HIGH 9.8 CRITICAL
The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE-2018-10969.
CVE-2019-15658 1 Connect-pg-simple Project 1 Connect-pg-simple 2024-11-21 7.5 HIGH 7.3 HIGH
connect-pg-simple before 6.0.1 allows SQL injection if tableName or schemaName is untrusted data.
CVE-2019-15646 1 Carrcommunications 1 Rsvpmaker 2024-11-21 7.5 HIGH 9.8 CRITICAL
The rsvpmaker plugin before 6.2 for WordPress has SQL injection.
CVE-2019-15622 1 Nextcloud 1 Nextcloud 2024-11-21 2.1 LOW 2.4 LOW
Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries.
CVE-2019-15574 1 Cipsoft 1 Gesior-aac 2024-11-21 7.5 HIGH 9.8 CRITICAL
Gesior-AAC before 2019-05-01 allows serviceID SQL injection in accountmanagement.php.
CVE-2019-15573 1 Cipsoft 1 Gesior-aac 2024-11-21 7.5 HIGH 9.8 CRITICAL
Gesior-AAC before 2019-05-01 allows SQL injection in tankyou.php.
CVE-2019-15572 1 Cipsoft 1 Gesior-aac 2024-11-21 7.5 HIGH 9.8 CRITICAL
Gesior-AAC before 2019-05-01 allows ServiceCategoryID SQL injection in shop.php.
CVE-2019-15571 1 Clonos Project 1 Clonos 2024-11-21 7.5 HIGH 9.8 CRITICAL
The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php.
CVE-2019-15570 1 Bedita 1 Bedita 2024-11-21 7.5 HIGH 9.8 CRITICAL
BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters.
CVE-2019-15569 1 Gov 1 Ccd-data-store-api 2024-11-21 7.5 HIGH 9.8 CRITICAL
HM Courts & Tribunals ccd-data-store-api before 2019-06-10 allows SQL injection, related to SearchQueryFactoryOperation.java and SortDirection.java.
CVE-2019-15568 1 Idseq 1 Idseq-web 2024-11-21 7.5 HIGH 9.8 CRITICAL
idseq-web before 2019-07-01 in Infectious Disease Sequencing Platform IDseq allows SQL injection via tax_levels.
CVE-2019-15567 1 Openforis 1 Arena 2024-11-21 7.5 HIGH 9.8 CRITICAL
OpenForis Arena before 2019-05-07 allows SQL injection in the sorting feature.
CVE-2019-15566 1 Alfresco 1 Alfresco 2024-11-21 7.5 HIGH 9.8 CRITICAL
The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java.
CVE-2019-15565 1 Webimpacto 1 Icommktconnector 2024-11-21 7.5 HIGH 9.8 CRITICAL
The ICOMMKT connector before 1.0.7 for PrestaShop allows SQL injection in icommktconnector.php.
CVE-2019-15564 1 Compassionuk 1 Compassion Switzerland 2024-11-21 7.5 HIGH 9.8 CRITICAL
The Compassion Switzerland addons 10.01.4 for Odoo allow SQL injection in models/partner_compassion.py.
CVE-2019-15563 1 Ohdsi 1 Webapi 2024-11-21 7.5 HIGH 9.8 CRITICAL
Observational Health Data Sciences and Informatics (OHDSI) WebAPI before 2.7.2 allows SQL injection in FeatureExtractionService.java.
CVE-2019-15562 1 Gorm 1 Gorm 2024-11-21 7.5 HIGH 9.8 CRITICAL
GORM before 1.9.10 allows SQL injection via incomplete parentheses. NOTE: Misusing Gorm by passing untrusted user input where Gorm expects trusted SQL fragments is a vulnerability in the application, not in Gorm
CVE-2019-15561 1 Flashlingo Project 1 Flashlingo 2024-11-21 7.5 HIGH 9.8 CRITICAL
FlashLingo before 2019-06-12 allows SQL injection, related to flashlingo.js and db.js.
CVE-2019-15560 1 Reviews Module Project 1 Reviews Module 2024-11-21 7.5 HIGH 9.8 CRITICAL
The Reviews Module before 2019-06-14 for OpenSource Table allows SQL injection in database/index.js.
CVE-2019-15559 1 Hawn Project 1 Hawn 2024-11-21 7.5 HIGH 9.8 CRITICAL
DianoxDragon Hawn before 2019-07-10 allows SQL injection.