Total
15131 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-6658 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a vulnerability in the AFM configuration utility may allow any authenticated BIG-IP user to run an SQL injection attack. | |||||
| CVE-2019-6523 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands. | |||||
| CVE-2019-6506 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL Injection. | |||||
| CVE-2019-6497 | 1 Hotels Server Project | 1 Hotels Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter. | |||||
| CVE-2019-6491 | 1 Risi | 1 Gestao De Horarios | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection. | |||||
| CVE-2019-6296 | 1 Skymoonlabs | 1 Cleanto | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Cleanto 5.0 has SQL Injection via the assets/lib/export_ajax.php id parameter. | |||||
| CVE-2019-6295 | 1 Skymoonlabs | 1 Cleanto | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Cleanto 5.0 has SQL Injection via the assets/lib/service_method_ajax.php service_id parameter. | |||||
| CVE-2019-6259 | 1 Icmsdev | 1 Icms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter. | |||||
| CVE-2019-6127 | 1 Xiaocms | 1 Xiaocms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table[] SQL injection. This can be used for PHP code execution via "INTO OUTFILE" with a .php filename. | |||||
| CVE-2019-6012 | 1 Tms-outsource | 1 Wpdatatables Lite | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2019-5996 | 1 Panasonic | 1 Video Insight Vms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the Video Insight VMS 7.3.2.5 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2019-5991 | 1 Cybozu | 1 Garoon | 2024-11-21 | 6.5 MEDIUM | 7.6 HIGH |
| SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2019-5934 | 1 Cybozu | 1 Garoon | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application 'logging'. | |||||
| CVE-2019-5893 | 1 Nelson-it | 1 Open Source Erp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/query/data.xml query parameter. | |||||
| CVE-2019-5722 | 1 Portier | 1 Portier | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Due to a lack of user input validation in parameter handling, it has various SQL injections, including on the login form, and on the search form for a key ring number. | |||||
| CVE-2019-5720 | 1 Frontaccounting | 1 Frontaccounting | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in the reference field that can allow the attacker to grab the entire database of the application via the void_transaction.php filterType parameter. | |||||
| CVE-2019-5715 | 1 Silverstripe | 1 Silverstripe | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject. | |||||
| CVE-2019-5488 | 1 Earclink | 1 Espcms-p8 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| EARCLINK ESPCMS-P8 has SQL injection in the install_pack/index.php?ac=Member&at=verifyAccount verify_key parameter. install_pack/espcms_public/espcms_db.php may allow retrieving sensitive information from the ESPCMS database. | |||||
| CVE-2019-5476 | 1 Nextcloud | 1 Lookup-server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (running on https://lookup.nextcloud.com) caused unauthenticated users to be able to execute arbitrary SQL commands. | |||||
| CVE-2019-5454 | 1 Nextcloud | 1 Nextcloud | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query is executed requiring to resetup the account. | |||||