Total
15129 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-17552 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in idreamsoft iCMS v7.0.14. There is a spider_project.admincp.php SQL injection vulnerability in the 'upload spider project scheme' feature via a two-dimensional payload. | |||||
| CVE-2019-17527 | 1 Joomsky | 1 Js Jobs | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| dataForDepandantField in models/custormfields.php in the JS JOBS FREE extension before 1.2.7 for Joomla! allows SQL Injection via the index.php?option=com_jsjobs&task=customfields.getfieldtitlebyfieldandfieldfo child parameter. | |||||
| CVE-2019-17429 | 1 Adhouma Cms Project | 1 Adhouma Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Adhouma CMS through 2019-10-09 has SQL Injection via the post.php p_id parameter. | |||||
| CVE-2019-17419 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=user&c=admin_user&a=doGetUserInfo id parameter. | |||||
| CVE-2019-17418 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter, a different issue than CVE-2019-16997. | |||||
| CVE-2019-17370 | 1 Otcms | 1 Otcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFile_deal.php blocks "into outfile" in a SELECT statement, but does not block the "into/**/outfile" manipulation. Therefore, the attacker can create a .php file. | |||||
| CVE-2019-17357 | 1 Cacti | 1 Cacti | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery. | |||||
| CVE-2019-17319 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Emails module by a Regular user. | |||||
| CVE-2019-17318 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by a Regular user. | |||||
| CVE-2019-17298 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Administration module by a Developer user. | |||||
| CVE-2019-17297 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Quotes module by a Regular user. | |||||
| CVE-2019-17296 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Contacts module by a Regular user. | |||||
| CVE-2019-17295 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the history function by a Regular user. | |||||
| CVE-2019-17294 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the export function by a Regular user. | |||||
| CVE-2019-17293 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Project module by a Regular user. | |||||
| CVE-2019-17292 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by an Admin user. | |||||
| CVE-2019-17271 | 1 Vbulletin | 1 Vbulletin | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter. | |||||
| CVE-2019-17197 | 1 Open-emr | 1 Openemr | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| OpenEMR through 5.0.2 has SQL Injection in the Lifestyle demographic filter criteria in library/clinical_rules.php that affects library/patient.inc. | |||||
| CVE-2019-17128 | 1 Netreo | 1 Omnicenter | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Netreo OmniCenter through 12.1.1 allows unauthenticated SQL Injection (Boolean Based Blind) in the redirect parameters and parameter name of the login page through a GET request. The injection allows an attacker to read sensitive information from the database used by the application. | |||||
| CVE-2019-17119 | 1 Wikidsystems | 1 Two Factor Authentication Enterprise Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter. | |||||