Total
15388 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13571 | 1 Vsourz | 1 Advanced Cf7 Db | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system. | |||||
| CVE-2019-13570 | 1 Ajdg | 1 Adrotate | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The AJdG AdRotate plugin before 5.3 for WordPress allows SQL Injection. | |||||
| CVE-2019-13569 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system. | |||||
| CVE-2019-13507 | 1 Hidea | 1 Az Admin | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection. | |||||
| CVE-2019-13489 | 1 Trape Project | 1 Trape | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Trape through 2019-05-08 has SQL injection via the data[2] variable in core/db.py, as demonstrated by the /bs t parameter. | |||||
| CVE-2019-13462 | 1 Lansweeper | 1 Lansweeper | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. | |||||
| CVE-2019-13447 | 1 Sertek | 1 Xpare | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could access the backend database via SQL injection. | |||||
| CVE-2019-13413 | 1 Boiteasite | 1 Rencontre | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Rencontre plugin before 3.1.3 for WordPress allows SQL Injection via inc/rencontre_widget.php. | |||||
| CVE-2019-13409 | 1 Topmeeting | 1 Topmeeting | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| A SQL injection vulnerability was discovered in TOPMeeting before version 8.8 (2019/08/19). An attacker can use a union based injection query string though a search meeting room feature to get databases schema and username/password. | |||||
| CVE-2019-13375 | 2 Dlink, Microsoft | 2 Central Wifimanager, Windows | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. The vulnerability does not need any authentication. | |||||
| CVE-2019-13373 | 2 Dlink, Microsoft | 2 Central Wifimanager, Windows | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL. | |||||
| CVE-2019-13292 | 1 Weberp | 1 Weberp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks. | |||||
| CVE-2019-13275 | 1 Veronalabs | 1 Wp Statistics | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the VeronaLabs wp-statistics plugin before 12.6.7 for WordPress. The v1/hit endpoint of the API, when the non-default "use cache plugin" setting is enabled, is vulnerable to unauthenticated blind SQL Injection. | |||||
| CVE-2019-13191 | 1 Mapsolutions | 1 Intramaps | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL injection vulnerability in IntraMaps MapControl 8 allows attackers to execute arbitrary SQL commands via the /ApplicationEngine/Search/Refine/Set page. | |||||
| CVE-2019-13086 | 1 Cszcms | 1 Csz Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrf_csz parameter. | |||||
| CVE-2019-13079 | 1 Quest | 1 Kace Systems Management Appliance | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /adminui/history_log.php. The affected parameter is TYPE_NAME. | |||||
| CVE-2019-13078 | 1 Quest | 1 Kace Systems Management Appliance | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /common/user_profile.php. The affected parameter is sort_column. | |||||
| CVE-2019-13076 | 1 Quest | 1 Kace Systems Management Appliance | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /userui/ticket_list.php, and affected parameters are order[0][column] and order[0][dir]. | |||||
| CVE-2019-13027 | 1 Realization | 1 Concerto Critical Chain Planner | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Realization Concerto Critical Chain Planner (aka CCPM) 5.10.8071 has SQL Injection in at least in the taskupdt/taskdetails.aspx webpage via the projectname parameter. | |||||
| CVE-2019-13026 | 1 Oxid-esales | 1 Eshop | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This includes all shopping cart options, customer data, and the database. No interaction between the attacker and the victim is necessary. | |||||