Total
14524 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15563 | 1 Ohdsi | 1 Webapi | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Observational Health Data Sciences and Informatics (OHDSI) WebAPI before 2.7.2 allows SQL injection in FeatureExtractionService.java. | |||||
| CVE-2019-15562 | 1 Gorm | 1 Gorm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| GORM before 1.9.10 allows SQL injection via incomplete parentheses. NOTE: Misusing Gorm by passing untrusted user input where Gorm expects trusted SQL fragments is a vulnerability in the application, not in Gorm | |||||
| CVE-2019-15561 | 1 Flashlingo Project | 1 Flashlingo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| FlashLingo before 2019-06-12 allows SQL injection, related to flashlingo.js and db.js. | |||||
| CVE-2019-15560 | 1 Reviews Module Project | 1 Reviews Module | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Reviews Module before 2019-06-14 for OpenSource Table allows SQL injection in database/index.js. | |||||
| CVE-2019-15559 | 1 Hawn Project | 1 Hawn | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| DianoxDragon Hawn before 2019-07-10 allows SQL injection. | |||||
| CVE-2019-15558 | 1 Xm-online | 1 Xm\^online 2 - Common Utils And Endpoints | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| XM^online 2 Common Utils and Endpoints 0.2.1 allows SQL injection, related to Constants.java, DropSchemaResolver.java, and SchemaChangeResolver.java. | |||||
| CVE-2019-15557 | 1 Xm-online | 1 Xm\^online 2 User Account And Authentication Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key. | |||||
| CVE-2019-15556 | 1 Social Network Project | 1 Social Network | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Pvanloon1983 social_network before 2019-07-03 allows SQL injection in includes/form_handlers/register_handler.php. | |||||
| CVE-2019-15555 | 1 Wellness Project | 1 Wellness | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| FredReinink Wellness-app before 2019-06-19 allows SQL injection, related to dietTrack.php, exerciseGenerator.php, fitnessTrack.php, and server.php. | |||||
| CVE-2019-15537 | 1 Cesnet | 1 Proxystatistics | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php. | |||||
| CVE-2019-15536 | 1 Youracclaim | 1 Acclaim | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via delete_records. | |||||
| CVE-2019-15535 | 1 Hostosm | 1 Tasking Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Tasking Manager before 3.4.0 allows SQL Injection via custom SQL. | |||||
| CVE-2019-15534 | 1 Raml-module-builder Project | 1 Raml-module-builder | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Raml-Module-Builder 26.4.0 allows SQL Injection in PostgresClient.update. | |||||
| CVE-2019-15533 | 1 Xayr | 1 Xenfcoresharp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| XENFCoreSharp before 2019-07-16 allows SQL injection in web/verify.php. | |||||
| CVE-2019-15301 | 1 Terrasoft | 1 Bpm Online Crm System Sdk | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm'online CRM-System SDK 7.13 allows attackers to execute arbitrary SQL commands via the value parameter. | |||||
| CVE-2019-15300 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query. | |||||
| CVE-2019-15105 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Zoho ManageEngine Application Manager through 14.2. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature. | |||||
| CVE-2019-15104 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Zoho ManageEngine OpManager through 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature. | |||||
| CVE-2019-15025 | 1 Ninjaforms | 1 Ninjaforms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page. | |||||
| CVE-2019-15016 | 1 Zingbox | 1 Inspector | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database. | |||||