Total
15993 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8422 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php. | |||||
| CVE-2019-8421 | 1 Bagesoft | 1 Bagecms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter. | |||||
| CVE-2019-8393 | 1 Hotels Server Project | 1 Hotels Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled. | |||||
| CVE-2019-8360 | 1 Themerig | 1 Find A Place Cms Directory | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Themerig Find a Place CMS Directory 1.5 has SQL Injection via the find/assets/external/data_2.php cate parameter. | |||||
| CVE-2019-8143 | 1 Magento | 1 Magento | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with access to email templates can send malicious SQL queries and obtain access to sensitive information stored in the database. | |||||
| CVE-2019-8134 | 1 Magento | 1 Magento | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with marketing privileges can execute arbitrary SQL queries in the database when accessing email template variables. | |||||
| CVE-2019-8130 | 1 Magento | 1 Magento | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with store manipulation privileges can execute arbitrary SQL queries by getting access to the database connection through group instance in email templates. | |||||
| CVE-2019-8127 | 1 Magento | 1 Magento | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to an account with Newsletter Template editing permission could exfiltrate the Admin login data, and reset their password, effectively performing a privilege escalation. | |||||
| CVE-2019-7755 | 1 Weberp | 1 Weberp | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In webERP 4.15, the Import Bank Transactions function fails to sanitize the content of imported MT940 bank statement files, resulting in the execution of arbitrary SQL queries, aka SQL Injection. | |||||
| CVE-2019-7726 | 1 Nukeviet | 1 Nukeviet | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request (e.g., Referer and User-Agent). | |||||
| CVE-2019-7587 | 1 Bo-blog | 1 Bw | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Bo-blog Wind through 1.6.0-r allows SQL Injection via the admin.php/comments/batchdel/ comID parameter because this parameter is mishandled in the mode/admin.mode.php delBlockedBatch function. | |||||
| CVE-2019-7585 | 1 Bijiadao | 1 Waimai Super Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/PublicAction.class.php allows time-based SQL Injection via the param array parameter to the /index.php?m=public&a=checkemail URI. | |||||
| CVE-2019-7568 | 1 Baijiacms Project | 1 Baijiacms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in baijiacms V4 that can result in time-based blind SQL injection to get data via the cate parameter in an index.php?act=index request. | |||||
| CVE-2019-7548 | 5 Debian, Opensuse, Oracle and 2 more | 9 Debian Linux, Backports Sle, Leap and 6 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. | |||||
| CVE-2019-7484 | 1 Sonicwall | 2 Sma 100, Sma 100 Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Authenticated SQL Injection in SonicWall SMA100 allow user to gain read-only access to unauthorized resources using viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier. | |||||
| CVE-2019-7478 | 1 Sonicwall | 1 Global Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulnerability affected GMS versions GMS 8.4, 8.5, 8.6, 8.7, 9.0 and 9.1. | |||||
| CVE-2019-7316 | 1 Css-tricks | 1 Chat2 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in CSS-TRICKS Chat2 through 2015-05-05. The userid parameter in jumpin.php has a SQL injection vulnerability. | |||||
| CVE-2019-7164 | 5 Debian, Opensuse, Oracle and 2 more | 9 Debian Linux, Backports Sle, Leap and 6 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. | |||||
| CVE-2019-7139 | 1 Magento | 1 Magento | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | |||||
| CVE-2019-7003 | 1 Avaya | 1 Control Manager | 2024-11-21 | 6.4 MEDIUM | 10.0 CRITICAL |
| A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated. | |||||