Total
14524 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-18464 | 1 Ipswitch | 1 Moveit Transfer | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3), multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database or may be able to alter the database. | |||||
| CVE-2019-18413 | 1 Typestack Class-validator Project | 1 Typestack Class-validator | 2024-11-21 | 7.5 HIGH | 3.7 LOW |
| In TypeStack class-validator 0.10.2, validate() input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that can be used to reduce the risk of this bypass, this option is not documented and thus most developers configure input validation in the vulnerable default manner. With this vulnerability, attackers can launch SQL Injection or XSS attacks by injecting arbitrary malicious input. NOTE: a software maintainer agrees with the "is not documented" finding but suggests that much of the responsibility for the risk lies in a different product. | |||||
| CVE-2019-18387 | 1 Hotel And Lodge Management System Project | 1 Hotel And Lodge Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details. | |||||
| CVE-2019-18344 | 1 Online Grading System Project | 1 Online Grading System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Sourcecodester Online Grading System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the student, instructor, department, room, class, or user page (id or classid parameter). | |||||
| CVE-2019-18234 | 1 Equinoxce | 1 Control Expert | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Equinox Control Expert all versions, is vulnerable to an SQL injection attack, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2019-18229 | 1 Advantech | 1 Wise-paas\/rmm | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information. | |||||
| CVE-2019-17647 | 1 Centreon | 1 Centreon | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Centreon before 2.8.30, 18.10.8, 19.04.5, and 19.10.2. SQL Injection exists via the include/monitoring/status/Hosts/xml/hostXML.php instance parameter. | |||||
| CVE-2019-17612 | 1 74cms | 1 74cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in 74CMS v5.2.8. There is a SQL Injection generated by the _list method in the Common/Controller/BackendController.class.php file via the index.php?m=Admin&c=Ad&a=category sort parameter. | |||||
| CVE-2019-17602 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated. | |||||
| CVE-2019-17580 | 1 Dormsystem Project | 1 Dormsystem | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| tonyy dormsystem through 1.3 allows SQL Injection in admin.php. | |||||
| CVE-2019-17553 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the admin/?n=tags&c=index&a=doSaveTags URI. | |||||
| CVE-2019-17552 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in idreamsoft iCMS v7.0.14. There is a spider_project.admincp.php SQL injection vulnerability in the 'upload spider project scheme' feature via a two-dimensional payload. | |||||
| CVE-2019-17527 | 1 Joomsky | 1 Js Jobs | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| dataForDepandantField in models/custormfields.php in the JS JOBS FREE extension before 1.2.7 for Joomla! allows SQL Injection via the index.php?option=com_jsjobs&task=customfields.getfieldtitlebyfieldandfieldfo child parameter. | |||||
| CVE-2019-17429 | 1 Adhouma Cms Project | 1 Adhouma Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Adhouma CMS through 2019-10-09 has SQL Injection via the post.php p_id parameter. | |||||
| CVE-2019-17419 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=user&c=admin_user&a=doGetUserInfo id parameter. | |||||
| CVE-2019-17418 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter, a different issue than CVE-2019-16997. | |||||
| CVE-2019-17370 | 1 Otcms | 1 Otcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFile_deal.php blocks "into outfile" in a SELECT statement, but does not block the "into/**/outfile" manipulation. Therefore, the attacker can create a .php file. | |||||
| CVE-2019-17357 | 1 Cacti | 1 Cacti | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery. | |||||
| CVE-2019-17319 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Emails module by a Regular user. | |||||
| CVE-2019-17318 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by a Regular user. | |||||