Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12838 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection. | |||||
| CVE-2019-11768 | 1 Phpmyadmin | 1 Phpmyadmin | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature. | |||||
| CVE-2019-11600 | 1 Openproject | 1 Openproject | 2023-11-07 | 6.8 MEDIUM | 8.1 HIGH |
| A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access. | |||||
| CVE-2019-11057 | 1 Vtiger | 1 Vtiger Crm | 2023-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands. | |||||
| CVE-2019-10752 | 1 Sequelizejs | 1 Sequelize | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite. | |||||
| CVE-2019-10748 | 1 Sequelizejs | 1 Sequelize | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects. | |||||
| CVE-2019-1000023 | 1 Opt-net | 1 Ng-netms | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) version v3.6-2 and earlier versions contains a SQL Injection vulnerability in Identified vulnerable parameters: id, id_access_type and id_attr_access that can result in a malicious attacker can include own SQL commands which database will execute. This attack appears to be exploitable via network connectivity. | |||||
| CVE-2018-9493 | 1 Google | 1 Android | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| In the content provider of the download manager, there is a possible SQL injection due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111085900 | |||||
| CVE-2018-6494 | 1 Microfocus | 1 Service Manager | 2023-11-07 | 5.5 MEDIUM | 5.4 MEDIUM |
| Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data. | |||||
| CVE-2018-6493 | 1 Hp | 2 Network Automation, Network Operations Management Ultimate | 2023-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection. | |||||
| CVE-2018-5384 | 1 Navarino | 1 Infinity | 2023-11-07 | 5.0 MEDIUM | 9.8 CRITICAL |
| Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection. If successfully exploited the user can get info from the underlying postgresql database that could lead into to total compromise of the product. The said script is available with no authentication. | |||||
| CVE-2018-20715 | 1 Oxid-esales | 1 Eshop | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php. | |||||
| CVE-2018-1292 | 1 Apache | 1 Fineract | 2023-11-07 | 5.5 MEDIUM | 8.1 HIGH |
| Within the 'getReportType' method in Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, a hacker could inject SQL to read/update data for which he doesn't have authorization for by way of the 'reportName' parameter. | |||||
| CVE-2018-1291 | 1 Apache | 1 Fineract | 2023-11-07 | 5.5 MEDIUM | 8.1 HIGH |
| Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' which are appended directly with SQL statements. A hacker/user can inject/draft the 'orderBy' query parameter by way of the "order" param in such a way to read/update the data for which he doesn't have authorization. | |||||
| CVE-2018-1290 | 1 Apache | 1 Fineract | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, Using a single quotation escape with two continuous SQL parameters can cause a SQL injection. This could be done in Methods like retrieveAuditEntries of AuditsApiResource Class and retrieveCommands of MakercheckersApiResource Class. | |||||
| CVE-2018-1289 | 1 Apache | 1 Fineract | 2023-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' and 'sortOrder' which are appended directly with SQL statements. A hacker/user can inject/draft the 'orderBy' and 'sortOrder' query parameter in such a way to read/update the data for which he doesn't have authorization. | |||||
| CVE-2018-1282 | 1 Apache | 1 Hive | 2023-11-07 | 7.5 HIGH | 9.1 CRITICAL |
| This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation. | |||||
| CVE-2018-19553 | 1 Interspire | 1 Email Marketer | 2023-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| Interspire Email Marketer through 6.1.6 has SQL Injection via an updateblock sortorder request to Dynamiccontenttags.php | |||||
| CVE-2018-19552 | 1 Interspire | 1 Email Marketer | 2023-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| Interspire Email Marketer through 6.1.6 has SQL Injection via a deleteblock blockid[] request to Dynamiccontenttags.php. | |||||
| CVE-2018-19551 | 1 Interspire | 1 Email Marketer | 2023-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| Interspire Email Marketer through 6.1.6 has SQL Injection via a checkduplicatetags tagname request to Dynamiccontenttags.php. | |||||