Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16745 | 1 Ebrigade | 1 Ebrigade | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| eBrigade before 5.0 has evenement_choice.php chxCal SQL Injection. | |||||
| CVE-2018-17092 | 1 I4a | 1 Donlinkage | 2019-10-03 | 5.5 MEDIUM | 5.4 MEDIUM |
| An issue was discovered in DonLinkage 6.6.8. SQL injection in /pages/proxy/php.php and /pages/proxy/add.php can be exploited via specially crafted input, allowing an attacker to obtain information from a database. The vulnerability can only be triggered by an authorized user. | |||||
| CVE-2017-1002012 | 1 Anblik | 1 Image-gallery-with-slideshow | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, In image-gallery-with-slideshow/admin_setting.php the following snippet of code does not sanitize input via the gid variable before passing it into an SQL statement. | |||||
| CVE-2018-3783 | 1 Flintcms | 1 Flintcms | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| A privilege escalation detected in flintcms versions <= 1.1.9 allows account takeover due to blind MongoDB injection in password reset. | |||||
| CVE-2017-1002005 | 1 Dtracker Project | 1 Dtracker | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query. | |||||
| CVE-2017-1002004 | 1 Dtracker Project | 1 Dtracker | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query. | |||||
| CVE-2017-3549 | 1 Oracle | 1 Scripting | 2019-10-03 | 7.5 HIGH | 9.1 CRITICAL |
| Vulnerability in the Oracle Scripting component of Oracle E-Business Suite (subcomponent: Scripting Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Scripting accessible data as well as unauthorized access to critical data or complete access to all Oracle Scripting accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). | |||||
| CVE-2018-8733 | 1 Nagios | 1 Nagios Xi | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to make configuration changes and leverage an authenticated SQL injection vulnerability. | |||||
| CVE-2019-16999 | 1 Idcos | 1 Cloudboot | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI. | |||||
| CVE-2019-16743 | 1 Ebrigade | 1 Ebrigade | 2019-10-02 | 6.5 MEDIUM | 8.8 HIGH |
| eBrigade before 5.0 has evenement_ical.php evenement SQL Injection. | |||||
| CVE-2019-16692 | 1 Phpipam | 1 Phpipam | 2019-10-01 | 7.5 HIGH | 9.8 CRITICAL |
| phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used. | |||||
| CVE-2015-9446 | 1 Unitegallery | 1 Unite Gallery Lite | 2019-09-26 | 6.5 MEDIUM | 8.8 HIGH |
| The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php. | |||||
| CVE-2018-17232 | 1 Slack Archivebot Project | 1 Slack Archivebot | 2019-09-26 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in archivebot.py in docmarionum1 Slack ArchiveBot (aka slack-archive-bot) before 2018-09-19 allows remote attackers to execute arbitrary SQL commands via the text parameter to cursor.execute(). | |||||
| CVE-2015-9449 | 1 Efficientscripts | 1 Microblog Poster | 2019-09-26 | 6.5 MEDIUM | 7.2 HIGH |
| The microblog-poster plugin before 1.6.2 for WordPress has SQL Injection via the wp-admin/options-general.php?page=microblogposter.php account_id parameter. | |||||
| CVE-2015-9448 | 1 Pressified | 1 Sendpress | 2019-09-26 | 6.5 MEDIUM | 8.8 HIGH |
| The sendpress plugin before 1.2 for WordPress has SQL Injection via the wp-admin/admin.php?page=sp-queue listid parameter. | |||||
| CVE-2018-5989 | 1 Chillcreations | 1 Ccnewsletter | 2019-09-26 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099. | |||||
| CVE-2019-16194 | 1 Centreon | 1 Centreon | 2019-09-25 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php. | |||||
| CVE-2019-16696 | 1 Phpipam | 1 Phpipam | 2019-09-23 | 7.5 HIGH | 9.8 CRITICAL |
| phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used. | |||||
| CVE-2019-16695 | 1 Phpipam | 1 Phpipam | 2019-09-23 | 7.5 HIGH | 9.8 CRITICAL |
| phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used. | |||||
| CVE-2019-16694 | 1 Phpipam | 1 Phpipam | 2019-09-23 | 7.5 HIGH | 9.8 CRITICAL |
| phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used. | |||||