Total
15388 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11614 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/commentView.php. A remote unauthorized attacker could exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2019-11613 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/contactView.php. A remote normal registered user could exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2019-11600 | 1 Openproject | 1 Openproject | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access. | |||||
| CVE-2019-11567 | 1 Aikcms | 1 Aikcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in AikCms v2.0. There is a SQL Injection vulnerability via $_GET['del'], as demonstrated by an admin/page/system/nav.php?del= URI. | |||||
| CVE-2019-11518 | 1 Sem-cms | 1 Semcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in SEMCMS 3.8. SEMCMS_Inquiry.php allows AID[] SQL Injection because the class.phpmailer.php inject_check_sql protection mechanism is incomplete. | |||||
| CVE-2019-11512 | 1 Contao | 1 Contao | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Contao 4.x allows SQL Injection. Fixed in Contao 4.4.39 and Contao 4.7.5. | |||||
| CVE-2019-11469 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the "Execute Program Action(s)" feature. | |||||
| CVE-2019-11452 | 1 Whatsns | 1 Whatsns | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| whatsns 4.0 allows index.php?admin_category/remove.html cid[] SQL injection. | |||||
| CVE-2019-11451 | 1 Whatsns | 1 Whatsns | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| whatsns 4.0 allows index.php?inform/add.html qid SQL injection. | |||||
| CVE-2019-11450 | 1 Whatsns | 1 Whatsns | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| whatsns 4.0 allows index.php?question/ajaxadd.html title SQL injection. | |||||
| CVE-2019-11448 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text to a .vbs file. | |||||
| CVE-2019-11363 | 1 Prophecyinternational | 1 Snare Central | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to execute arbitrary SQL commands via the AgentConsole/UserGroupQuery.php ShowUser parameter. | |||||
| CVE-2019-11362 | 1 Rocboss | 1 Rocboss | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL injection via the Post:doReward score paramter, as demonstrated by the /do/reward/3 URI. | |||||
| CVE-2019-11196 | 1 Vpcsbd | 1 Integrated University Management System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An authentication bypass vulnerability in all versions of ValuePLUS Integrated University Management System (IUMS) allows unauthenticated, remote attackers to gain administrator privileges via the Teachers Web Panel (TWP) User ID or Password field. If exploited, the attackers could perform any actions with administrator privileges (e.g., enumerate/delete all the students' personal information or modify various settings). | |||||
| CVE-2019-11057 | 1 Vtiger | 1 Vtiger Crm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands. | |||||
| CVE-2019-10916 | 1 Siemens | 4 Simatic Pcs 7, Simatic Wincc, Simatic Wincc \(tia Portal\) and 1 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An attacker with access to the project file could run arbitrary system commands with the privileges of the local database server. The vulnerability could be exploited by an attacker with access to the project file. The vulnerability does impact the confidentiality, integrity, and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-10913 | 1 Sensiolabs | 1 Symfony | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. This is related to symfony/http-foundation. | |||||
| CVE-2019-10910 | 2 Drupal, Sensiolabs | 2 Drupal, Symfony | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection. | |||||
| CVE-2019-10866 | 1 10web | 1 Form Maker | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function get_labels_parameters in the file form-maker/admin/models/Submissions_fm.php with a crafted value of the /models/Submissioc parameter. | |||||
| CVE-2019-10852 | 1 Computrols | 1 Computrols Building Automation Software | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=start_pulling&id= substring. | |||||