Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10232 | 1 Teclib-edition | 1 Gestionnaire Libre De Parc Informatique | 2019-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php. | |||||
| CVE-2019-6491 | 1 Risi | 1 Gestao De Horarios | 2019-03-25 | 6.5 MEDIUM | 8.8 HIGH |
| RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection. | |||||
| CVE-2019-9083 | 1 Sqlitemanager | 1 Sqlitemanager | 2019-03-25 | 7.5 HIGH | 9.8 CRITICAL |
| SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanager/main.php dbsel parameter. NOTE: This product is discontinued. | |||||
| CVE-2019-5722 | 1 Portier | 1 Portier | 2019-03-22 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Due to a lack of user input validation in parameter handling, it has various SQL injections, including on the login form, and on the search form for a key ring number. | |||||
| CVE-2018-19510 | 1 Ens | 1 Webgalamb | 2019-03-21 | 7.5 HIGH | 9.8 CRITICAL |
| subscriber.php in Webgalamb through 7.0 is vulnerable to SQL injection via the Client-IP HTTP request header. | |||||
| CVE-2017-17721 | 1 Zuuse | 1 Beims Contractorweb .net | 2019-03-21 | 7.5 HIGH | 9.8 CRITICAL |
| CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter. | |||||
| CVE-2017-5609 | 1 S9y | 1 Serendipity | 2019-03-19 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2017-6578 | 1 Mail-masta Project | 1 Mail-masta | 2019-03-19 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: subscriber_email. | |||||
| CVE-2017-6577 | 1 Mail-masta Project | 1 Mail-masta | 2019-03-19 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: list_id. | |||||
| CVE-2017-6576 | 1 Mail-masta Project | 1 Mail-masta | 2019-03-19 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/campaign-delete.php with the GET Parameter: id. | |||||
| CVE-2017-6575 | 1 Mail-masta Project | 1 Mail-masta | 2019-03-19 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: member_id. | |||||
| CVE-2017-6574 | 1 Mail-masta Project | 1 Mail-masta | 2019-03-19 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: filter_list. | |||||
| CVE-2017-6573 | 1 Mail-masta Project | 1 Mail-masta | 2019-03-19 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit-list.php with the GET Parameter: id. | |||||
| CVE-2017-6572 | 1 Mail-masta Project | 1 Mail-masta | 2019-03-19 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/add_member.php with the GET Parameter: filter_list. | |||||
| CVE-2017-6571 | 1 Mail-masta Project | 1 Mail-masta | 2019-03-19 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign.php with the GET Parameter: id. | |||||
| CVE-2017-6570 | 1 Mail-masta Project | 1 Mail-masta | 2019-03-19 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign-list.php with the GET Parameter: id. | |||||
| CVE-2017-5346 | 1 Genixcms | 1 Genixcms | 2019-03-15 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in inc/lib/Control/Backend/posts.control.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to gxadmin/index.php. | |||||
| CVE-2019-9762 | 1 Phpshe | 1 Phpshe | 2019-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id. The vulnerability does not need any authentication. | |||||
| CVE-2015-4592 | 1 Eclinicalworks | 1 Population Health | 2019-03-14 | 6.5 MEDIUM | 8.8 HIGH |
| eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input. | |||||
| CVE-2017-6097 | 1 Mail-masta Project | 1 Mail-masta | 2019-03-13 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign/count_of_send.php (Requires authentication to Wordpress admin) with the POST Parameter: camp_id. | |||||