Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16693 | 1 Phpipam | 1 Phpipam | 2019-09-23 | 7.5 HIGH | 9.8 CRITICAL |
| phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used. | |||||
| CVE-2015-9400 | 1 Typomedia | 1 Wordpress Meta Robots | 2019-09-20 | 6.5 MEDIUM | 8.8 HIGH |
| The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection. | |||||
| CVE-2015-9399 | 1 Trivetechnology | 1 Wp-stats-dashboard | 2019-09-20 | 6.5 MEDIUM | 7.2 HIGH |
| The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection. | |||||
| CVE-2019-16644 | 1 Tuzicms | 1 Tuzicms | 2019-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring. | |||||
| CVE-2015-9395 | 1 Usersultra | 1 Users Ultra Membership | 2019-09-20 | 6.5 MEDIUM | 8.8 HIGH |
| The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action. | |||||
| CVE-2015-9398 | 1 Webmaster-source | 1 Gocodes | 2019-09-20 | 6.5 MEDIUM | 8.8 HIGH |
| The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection. | |||||
| CVE-2019-16642 | 1 Yejiao | 1 Tuzicms | 2019-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| App\Mobile\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Mobile/Zhuanti/group?id= substring. | |||||
| CVE-2016-11000 | 1 Smackcoders | 1 Ultimate Exporter | 2019-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter. | |||||
| CVE-2019-14254 | 1 Publisure | 1 Publisure | 2019-09-19 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the secure portal in Publisure 2.1.2. Because SQL queries are not well sanitized, there are multiple SQL injections in userAccFunctions.php functions. Using this, an attacker can access passwords and/or grant access to the user account "user" in order to become "Administrator" (for example). | |||||
| CVE-2019-16264 | 1 Egpp | 1 Sistema Integrado De Gestion Academica | 2019-09-17 | 7.5 HIGH | 9.8 CRITICAL |
| In Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado de Gestion Academica (GESAC) v1, the username parameter of the authentication form is vulnerable to SQL injection, allowing attackers to access the database. | |||||
| CVE-2018-15873 | 1 Sapplica | 1 Sentrifugo | 2019-09-16 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection issue was discovered in Sentrifugo 3.2 via the deptid parameter. | |||||
| CVE-2016-10949 | 1 Relevanssi | 1 Relevanssi | 2019-09-16 | 6.8 MEDIUM | 8.8 HIGH |
| The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization. | |||||
| CVE-2016-10951 | 1 Firestormplugins | 1 Fs-shopping-cart | 2019-09-16 | 6.5 MEDIUM | 7.2 HIGH |
| The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter. | |||||
| CVE-2019-16309 | 1 Flamecms Project | 1 Flamecms | 2019-09-16 | 7.5 HIGH | 9.8 CRITICAL |
| FlameCMS 3.3.5 has SQL injection in account/login.php via accountName. | |||||
| CVE-2016-10950 | 1 Sirv | 1 Sirv | 2019-09-16 | 6.5 MEDIUM | 8.8 HIGH |
| The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter. | |||||
| CVE-2017-18614 | 1 Wp-kama | 1 Kama Click Counter | 2019-09-16 | 9.3 HIGH | 8.1 HIGH |
| The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter. | |||||
| CVE-2016-10942 | 1 Podlove | 1 Podlove Podcast Publisher | 2019-09-13 | 7.5 HIGH | 9.8 CRITICAL |
| The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF. | |||||
| CVE-2016-10940 | 1 Zm-gallery Project | 1 Zm-gallery | 2019-09-13 | 6.5 MEDIUM | 7.2 HIGH |
| The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter. | |||||
| CVE-2016-10943 | 1 Zx-csv-upload Project | 1 Zx-csv-upload | 2019-09-13 | 6.5 MEDIUM | 7.2 HIGH |
| The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter. | |||||
| CVE-2016-10939 | 1 Xtremelocator | 1 Xtremelocator | 2019-09-13 | 6.5 MEDIUM | 7.2 HIGH |
| The xtremelocator plugin 1.5 for WordPress has SQL injection via the id parameter. | |||||