Vulnerabilities (CVE)

CWE filter

CWE-89

Filter

4434 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-10757 1 Knexjs 1 Knex 2019-10-15 7.5
knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB.
CVE-2019-17429 1 Adhouma Cms Project 1 Adhouma Cms 2019-10-11 7.5
Adhouma CMS through 2019-10-09 has SQL Injection via the post.php p_id parameter.
CVE-2015-9467 1 K-78 1 Broken Link Manager 2019-10-11 7.5
The broken-link-manager plugin before 0.5.0 for WordPress has wpslDelURL or wpslEditURL SQL injection via the url parameter.
CVE-2019-17072 1 Awplife 1 Contact Form Widget 2019-10-10 7.5
The new-contact-form-widget (aka Contact Form Widget - Contact Query, Form Maker) plugin 1.0.9 for WordPress has SQL Injection via all-query-page.php.
CVE-2019-9039 1 Couchbase 1 Sync Gateway 2019-10-10 7.5
In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway?s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions through the parameters "startkey" and "endkey"...
CVE-2008-1508 1 Efestech 1 E-kontor 2019-10-10 7.5
SQL injection vulnerability in EfesTech E-Kont?r and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2005-2035 1 Cool Cafe Chat 1 Cool Cafe Chat 2019-10-10 7.5
SQL injection vulnerability in login.asp for Cool Cafe (Cool Caf?) Chat 1.2.1 allows remote attackers to execute arbitrary SQL commands via the password.
CVE-2019-9885 1 Eclass 1 Eclass Ip 2019-10-09 7.5
eClass platform < ip.2.5.10.2.1 allows an attacker to execute SQL command via /admin/academic/studenview_left.php StudentID parameter.
CVE-2019-5476 1 Nextcloud 1 Lookup-server 2019-10-09 7.5
An SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (running on https://lookup.nextcloud.com) caused unauthenticated users to be able to execute arbitrary SQL commands.
CVE-2019-5454 1 Nextcloud 1 Nextcloud 2019-10-09 7.5
SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query is executed requiring to resetup the account.
CVE-2019-4483 1 Ibm 2 Emptoris Spend Analysis, Emptoris Contract Management 2019-10-09 7.5
IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify...
CVE-2019-4481 1 Ibm 2 Emptoris Spend Analysis, Emptoris Contract Management 2019-10-09 7.5
IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify...
CVE-2019-4032 1 Ibm 1 Financial Transaction Manager 2019-10-09 7.5
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete...
CVE-2019-4012 1 Ibm 2 Bigfix Webui Profile Management, Bigfix Webui Software Distribution 2019-10-09 7.5
IBM BigFix WebUI Profile Management 6 and Software Distribution 23 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the...
CVE-2019-12686 1 Cisco 1 Firepower Management Center 2019-10-09 9.0
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities...
CVE-2019-12685 1 Cisco 1 Firepower Management Center 2019-10-09 9.0
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities...
CVE-2019-12684 1 Cisco 1 Firepower Management Center 2019-10-09 9.0
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities...
CVE-2019-12683 1 Cisco 1 Firepower Management Center 2019-10-09 9.0
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities...
CVE-2019-12682 1 Cisco 1 Firepower Management Center 2019-10-09 9.0
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities...
CVE-2019-12681 1 Cisco 1 Firepower Management Center 2019-10-09 9.0
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities...