Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10947 | 1 Post Indexer Project | 1 Post Indexer | 2019-09-13 | 6.5 MEDIUM | 7.2 HIGH |
| The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin. | |||||
| CVE-2019-5991 | 1 Cybozu | 1 Garoon | 2019-09-13 | 6.5 MEDIUM | 7.6 HIGH |
| SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2019-5996 | 1 Panasonic | 1 Video Insight Vms | 2019-09-13 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the Video Insight VMS 7.3.2.5 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-18597 | 1 Jtrt Responsive Tables Project | 1 Jtrt Responsive Tables | 2019-09-10 | 6.5 MEDIUM | 8.8 HIGH |
| The jtrt-responsive-tables plugin before 4.1.2 for WordPress has SQL Injection via the admin/class-jtrt-responsive-tables-admin.php tableId parameter. | |||||
| CVE-2017-18602 | 1 Ibps Online Exam Project | 1 Ibps Online Exam | 2019-09-10 | 6.5 MEDIUM | 8.8 HIGH |
| The examapp plugin 1.0 for WordPress has SQL injection via the wp-admin/admin.php?page=examapp_UserResult id parameter. | |||||
| CVE-2019-10671 | 1 Librenms | 1 Librenms | 2019-09-10 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in LibreNMS through 1.47. It does not parameterize all user supplied input within database queries, resulting in SQL injection. An authenticated attacker can subvert these database queries to extract or manipulate data, as demonstrated by the graph.php sort parameter. | |||||
| CVE-2019-12465 | 1 Librenms | 1 Librenms | 2019-09-10 | 5.5 MEDIUM | 8.1 HIGH |
| An issue was discovered in LibreNMS 1.50.1. A SQL injection flaw was identified in the ajax_rulesuggest.php file where the term parameter is used insecurely in a database query for showing columns of a table, as demonstrated by an ajax_rulesuggest.php?debug=1&term= request. | |||||
| CVE-2015-9353 | 1 Tri | 1 Gigpress | 2019-09-09 | 6.5 MEDIUM | 7.2 HIGH |
| The gigpress plugin before 2.3.11 for WordPress has SQL injection in the admin area, a different vulnerability than CVE-2015-4066. | |||||
| CVE-2015-9301 | 1 W3eden | 1 Live Forms | 2019-09-09 | 7.5 HIGH | 9.8 CRITICAL |
| The liveforms plugin before 3.2.0 for WordPress has SQL injection. | |||||
| CVE-2019-13191 | 1 Mapsolutions | 1 Intramaps | 2019-09-05 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL injection vulnerability in IntraMaps MapControl 8 allows attackers to execute arbitrary SQL commands via the /ApplicationEngine/Search/Refine/Set page. | |||||
| CVE-2019-15872 | 1 Wpbrigade | 1 Loginpress | 2019-09-05 | 7.5 HIGH | 9.8 CRITICAL |
| The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings. | |||||
| CVE-2015-9344 | 1 Perafox | 1 Link Log | 2019-09-04 | 7.5 HIGH | 9.8 CRITICAL |
| The link-log plugin before 2.1 for WordPress has SQL injection. | |||||
| CVE-2019-15569 | 1 Gov | 1 Ccd-data-store-api | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| HM Courts & Tribunals ccd-data-store-api before 2019-06-10 allows SQL injection, related to SearchQueryFactoryOperation.java and SortDirection.java. | |||||
| CVE-2019-15555 | 1 Wellness Project | 1 Wellness | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| FredReinink Wellness-app before 2019-06-19 allows SQL injection, related to dietTrack.php, exerciseGenerator.php, fitnessTrack.php, and server.php. | |||||
| CVE-2019-15557 | 1 Xm-online | 1 Xm\^online 2 User Account And Authentication Server | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key. | |||||
| CVE-2019-11363 | 1 Prophecyinternational | 1 Snare Central | 2019-09-03 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to execute arbitrary SQL commands via the AgentConsole/UserGroupQuery.php ShowUser parameter. | |||||
| CVE-2019-15560 | 1 Reviews Module Project | 1 Reviews Module | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| The Reviews Module before 2019-06-14 for OpenSource Table allows SQL injection in database/index.js. | |||||
| CVE-2019-15571 | 1 Clonos Project | 1 Clonos | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php. | |||||
| CVE-2019-15572 | 1 Cipsoft | 1 Gesior-aac | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| Gesior-AAC before 2019-05-01 allows ServiceCategoryID SQL injection in shop.php. | |||||
| CVE-2019-15573 | 1 Cipsoft | 1 Gesior-aac | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| Gesior-AAC before 2019-05-01 allows SQL injection in tankyou.php. | |||||