Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9626 | 1 Phpshe | 1 Phpshe | 2019-03-07 | 7.5 HIGH | 9.8 CRITICAL |
| PHPSHE 1.7 allows module/index/cart.php pintuan_id SQL Injection to index.php. | |||||
| CVE-2018-18450 | 1 Pbootcms | 1 Pbootcms | 2019-03-07 | 7.5 HIGH | 9.8 CRITICAL |
| apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demonstrated by the POST data to the admin.php/Single/mod/mcode/1/id/3 URI. | |||||
| CVE-2019-9594 | 1 Bluecms Project | 1 Bluecms | 2019-03-07 | 7.5 HIGH | 9.8 CRITICAL |
| BlueCMS 1.6 allows SQL Injection via the user_id parameter in an uploads/admin/user.php?act=edit request. | |||||
| CVE-2018-6329 | 1 Unitrends | 1 Backup | 2019-03-07 | 10.0 HIGH | 9.8 CRITICAL |
| It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, allowing a remote attacker to place a privilege escalation exploit on the target system and subsequently execute arbitrary commands. | |||||
| CVE-2019-9615 | 1 Ofcms Project | 1 Ofcms | 2019-03-07 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in OFCMS before 1.1.3. It allows admin/system/generate/create?sql= SQL injection, related to SystemGenerateController.java. | |||||
| CVE-2018-8734 | 1 Nagios | 1 Nagios Xi | 2019-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter. | |||||
| CVE-2019-9566 | 1 Flarumchina | 1 Flarumchina | 2019-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| FlarumChina v0.1.0-beta.7C has SQL injection via a /?q= request. | |||||
| CVE-2018-7033 | 2 Debian, Schedmd | 2 Debian Linux, Slurm | 2019-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD. | |||||
| CVE-2018-8057 | 1 Westernbridgegroup | 1 Razor | 2019-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection vulnerability exists in Western Bridge Cobub Razor 0.8.0 via the channel_name or platform parameter in a /index.php?/manage/channel/addchannel request, related to /application/controllers/manage/channel.php. | |||||
| CVE-2018-7802 | 1 Schneider-electric | 2 Evlink Parking, Evlink Parking Firmware | 2019-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could give access to the web interface with full privileges. | |||||
| CVE-2019-9047 | 1 Fizzday | 1 Gorose | 2019-02-25 | 7.5 HIGH | 9.8 CRITICAL |
| GoRose v1.0.4 has SQL Injection when the order_by or group_by parameter can be controlled. | |||||
| CVE-2016-1000271 | 1 Dthdevelopment | 1 Dt Register | 2019-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an SQL injection in "/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events". This attack appears to be exploitable if the attacker can reach the web server. | |||||
| CVE-2017-18362 | 1 Connectwise | 1 Manageditsync | 2019-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all endpoints managed by the VSA server. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run arbitrary SQL queries, both read and write, without authentication. | |||||
| CVE-2019-8421 | 1 Bagesoft | 1 Bagecms | 2019-02-20 | 6.5 MEDIUM | 7.2 HIGH |
| upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter. | |||||
| CVE-2019-8393 | 1 Hotels Server Project | 1 Hotels Server | 2019-02-20 | 7.5 HIGH | 9.8 CRITICAL |
| Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled. | |||||
| CVE-2019-8360 | 1 Themerig | 1 Find A Place Cms Directory | 2019-02-20 | 7.5 HIGH | 9.8 CRITICAL |
| Themerig Find a Place CMS Directory 1.5 has SQL Injection via the find/assets/external/data_2.php cate parameter. | |||||
| CVE-2019-8422 | 1 Pbootcms | 1 Pbootcms | 2019-02-19 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php. | |||||
| CVE-2019-8423 | 1 Zoneminder | 1 Zoneminder | 2019-02-19 | 7.5 HIGH | 9.8 CRITICAL |
| ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter. | |||||
| CVE-2019-8424 | 1 Zoneminder | 1 Zoneminder | 2019-02-19 | 7.5 HIGH | 9.8 CRITICAL |
| ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter. | |||||
| CVE-2019-8428 | 1 Zoneminder | 1 Zoneminder | 2019-02-19 | 7.5 HIGH | 9.8 CRITICAL |
| ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value. | |||||