Total
15112 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14529 | 1 Open-emr | 1 Openemr | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php. | |||||
| CVE-2019-14430 | 1 Youphptube | 1 Youphptube | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows SQL Injection. | |||||
| CVE-2019-14348 | 1 Beardev | 1 Joomsport | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via the joomsport_season/new-yorkers/?action=playerlist sid parameter. | |||||
| CVE-2019-14314 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.11 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via modules/nextgen_gallery_display/package.module.nextgen_gallery_display.php. | |||||
| CVE-2019-14313 | 1 10web | 1 Photo Gallery | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php. | |||||
| CVE-2019-14266 | 1 Opensns | 1 Opensns | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| OpenSNS v6.1.0 allows SQL Injection via the index.php?s=/ucenter/Config/ uid parameter because of the getNeedQueryData function in Application/Common/Model/UserModel.class.php. | |||||
| CVE-2019-14254 | 1 Publisure | 1 Publisure | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the secure portal in Publisure 2.1.2. Because SQL queries are not well sanitized, there are multiple SQL injections in userAccFunctions.php functions. Using this, an attacker can access passwords and/or grant access to the user account "user" in order to become "Administrator" (for example). | |||||
| CVE-2019-14234 | 3 Debian, Djangoproject, Fedoraproject | 3 Debian Linux, Django, Fedora | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function. | |||||
| CVE-2019-14231 | 1 Onionbuzz | 1 Onionbuzz | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin before 1.2.2 for WordPress. One could exploit the points parameter in the ob_get_results ajax nopriv handler due to there being no sanitization prior to use in a SQL query in getResultByPointsTrivia. This allows an unauthenticated/unprivileged user to perform a SQL injection attack capable of remote code execution and information disclosure. | |||||
| CVE-2019-14230 | 1 Onionbuzz | 1 Onionbuzz | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin before 1.2.7 for WordPress. One could exploit the id parameter in the set_count ajax nopriv handler due to there being no sanitization prior to use in a SQL query in saveQuestionVote. This allows an unauthenticated/unprivileged user to perform a SQL injection attack capable of remote code execution and information disclosure. | |||||
| CVE-2019-13978 | 1 Ovidentia | 1 Ovidentia | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request. | |||||
| CVE-2019-13969 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1 request. | |||||
| CVE-2019-13957 | 1 Umbraco | 1 Umbraco | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter. | |||||
| CVE-2019-13578 | 1 Givewp | 1 Givewp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php. | |||||
| CVE-2019-13575 | 1 Wpeverest | 1 Everest Forms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/evf-entry-functions.php | |||||
| CVE-2019-13573 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in the FolioVision FV Flowplayer Video Player plugin before 7.3.19.727 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system. | |||||
| CVE-2019-13572 | 1 Adenion | 1 Blog2social | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection. | |||||
| CVE-2019-13571 | 1 Vsourz | 1 Advanced Cf7 Db | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system. | |||||
| CVE-2019-13570 | 1 Ajdg | 1 Adrotate | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The AJdG AdRotate plugin before 5.3 for WordPress allows SQL Injection. | |||||
| CVE-2019-13569 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system. | |||||