Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13569 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2019-07-31 | 10.0 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system. | |||||
| CVE-2015-1560 | 1 Centreon | 1 Centreon | 2019-07-30 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the isUserAdmin function in include/common/common-Func.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon web 2.7.0) allows remote attackers to execute arbitrary SQL commands via the sid parameter to include/common/XmlTree/GetXmlTree.php. | |||||
| CVE-2014-3828 | 1 Merethis | 2 Centreon, Centreon Enterprise Server | 2019-07-30 | 10.0 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php, (4) the mnftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php, or (5) the index parameter to common/javascript/commandGetArgs/cmdGetExample.php in include/. | |||||
| CVE-2018-19312 | 1 Centreon | 1 Centreon | 2019-07-30 | 6.5 MEDIUM | 8.8 HIGH |
| Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.24) allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI. | |||||
| CVE-2018-19281 | 1 Centreon | 1 Centreon | 2019-07-30 | 7.5 HIGH | 9.8 CRITICAL |
| Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection. | |||||
| CVE-2018-19271 | 1 Centreon | 1 Centreon | 2019-07-30 | 6.5 MEDIUM | 8.8 HIGH |
| Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) allows SQL Injection via the main.php searchH parameter. | |||||
| CVE-2019-1010191 | 1 Marginalia Project | 1 Marginalia | 2019-07-29 | 7.5 HIGH | 9.8 CRITICAL |
| marginalia < 1.6 is affected by: SQL Injection. The impact is: The impact is a injection of any SQL queries when a user controller argument is added as a component. The component is: Affects users that add a component that is user controller, for instance a parameter or a header. The attack vector is: Hacker inputs a SQL to a vulnerable vector(header, http parameter, etc). The fixed version is: 1.6. | |||||
| CVE-2019-14266 | 1 Opensns | 1 Opensns | 2019-07-29 | 6.5 MEDIUM | 8.8 HIGH |
| OpenSNS v6.1.0 allows SQL Injection via the index.php?s=/ucenter/Config/ uid parameter because of the getNeedQueryData function in Application/Common/Model/UserModel.class.php. | |||||
| CVE-2012-5967 | 1 Merethis | 1 Centreon | 2019-07-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter. | |||||
| CVE-2019-12193 | 1 H3c | 1 H3cloud Os | 2019-07-29 | 7.5 HIGH | 9.8 CRITICAL |
| H3C H3Cloud OS all versions allows SQL injection via the ear/grid_event sidx parameter. | |||||
| CVE-2019-13978 | 1 Ovidentia | 1 Ovidentia | 2019-07-27 | 6.5 MEDIUM | 8.8 HIGH |
| Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request. | |||||
| CVE-2019-1010201 | 1 Jeesite | 1 Jeesite | 2019-07-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jeesite 1.2.7 is affected by: SQL Injection. The impact is: sensitive information disclosure. The component is: updateProcInsIdByBusinessId() function in src/main/java/com.thinkgem.jeesite/modules/act/ActDao.java has SQL Injection vulnerability. The attack vector is: network connectivity,authenticated. The fixed version is: 4.0 and later. | |||||
| CVE-2019-1010153 | 1 Zzcms | 1 Zzcms | 2019-07-24 | 7.5 HIGH | 9.8 CRITICAL |
| zzcms 8.3 and earlier is affected by: SQL Injection. The impact is: sql inject. The component is: zs/subzs.php. | |||||
| CVE-2019-1010148 | 1 Zzcms | 1 Zzcms | 2019-07-24 | 7.5 HIGH | 9.8 CRITICAL |
| zzcms version 8.3 and earlier is affected by: SQL Injection. The impact is: zzcms File Delete to Code Execution. | |||||
| CVE-2019-1010248 | 1 I-doit | 1 I-doit | 2019-07-23 | 7.5 HIGH | 9.8 CRITICAL |
| Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. The impact is: Unauthenticated mysql database access. The component is: Web login form. The attack vector is: An attacker can exploit the vulnerability by sending a malicious HTTP POST request. The fixed version is: 1.12.1. | |||||
| CVE-2019-14231 | 1 Onionbuzz | 1 Onionbuzz | 2019-07-23 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin before 1.2.2 for WordPress. One could exploit the points parameter in the ob_get_results ajax nopriv handler due to there being no sanitization prior to use in a SQL query in getResultByPointsTrivia. This allows an unauthenticated/unprivileged user to perform a SQL injection attack capable of remote code execution and information disclosure. | |||||
| CVE-2019-14230 | 1 Onionbuzz | 1 Onionbuzz | 2019-07-23 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin before 1.2.7 for WordPress. One could exploit the id parameter in the set_count ajax nopriv handler due to there being no sanitization prior to use in a SQL query in saveQuestionVote. This allows an unauthenticated/unprivileged user to perform a SQL injection attack capable of remote code execution and information disclosure. | |||||
| CVE-2019-1010104 | 1 Techytalk | 1 Quick Chat | 2019-07-23 | 7.5 HIGH | 9.8 CRITICAL |
| TechyTalk Quick Chat WordPress Plugin All up to the latest is affected by: SQL Injection. The impact is: Access to the database. The component is: like_escape is used in Quick-chat.php line 399. The attack vector is: Crafted ajax request. | |||||
| CVE-2019-12946 | 1 Elcom | 1 Elcom Cms | 2019-07-22 | 5.0 MEDIUM | 7.5 HIGH |
| Elcom CMS before 10.7 has SQL Injection via EventSearchByState.aspx and EventSearchAdv.aspx. | |||||
| CVE-2019-13969 | 1 Metinfo | 1 Metinfo | 2019-07-19 | 6.5 MEDIUM | 8.8 HIGH |
| Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1 request. | |||||