Vulnerabilities (CVE)

CWE filter

CWE-89

Filter

1252 total CVE
CVE Vendors Products Updated CVSS
CVE-2015-9465 2019-10-15 6.5
The yet-another-stars-rating plugin before 0.9.1 for WordPress has yasr_get_multi_set_values_and_field SQL injection via the set_id parameter.
CVE-2015-9460 2019-10-15 6.5
The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter.
CVE-2015-9462 2019-10-15 6.5
The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_category_page SQL injection via the cat_id parameter.
CVE-2019-17128 1 Netreo 1 Omnicenter 2019-10-11 5.0
Netreo OmniCenter through 12.1.1 allows unauthenticated SQL Injection (Boolean Based Blind) in the redirect parameters and parameter name of the login page through a GET request. The injection allows an attacker to read sensitive information from...
CVE-2015-9461 1 Brinidesigner 1 Awesome Filterable Portfolio 2019-10-11 6.5
The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_portfolio_item_page SQL injection via the item_id parameter.
CVE-2015-9458 1 Seo Searchterms Tagging 2 Project 1 Seo Searchterms Tagging 2 2019-10-11 6.5
The searchterms-tagging-2 plugin through 1.535 for WordPress has SQL injection via the pk_stt2_db_get_popular_terms count parameter exploitable via CSRF.
CVE-2019-15016 1 Zingbox 1 Inspector 2019-10-11 6.5
An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database.
CVE-2015-9454 1 Slidervilla 1 Smooth Slider 2019-10-10 6.5
The smooth-slider plugin before 2.7 for WordPress has SQL Injection via the wp-admin/admin.php?page=smooth-slider-admin current_slider_id parameter.
CVE-2019-17418 1 Metinfo 1 Metinfo 2019-10-10 6.5
An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter, a different issue than CVE-2019-16997.
CVE-2019-17419 1 Metinfo 1 Metinfo 2019-10-10 6.5
An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=user&c=admin_user&a=doGetUserInfo id parameter.
CVE-2019-17292 1 Sugarcrm 1 Sugarcrm 2019-10-10 6.5
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by an Admin user.
CVE-2019-17293 1 Sugarcrm 1 Sugarcrm 2019-10-10 6.5
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Project module by a Regular user.
CVE-2019-7003 1 Avaya 1 Control Manager 2019-10-09 6.4
A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of...
CVE-2019-7001 1 Avaya 1 Ip Office Contact Center 2019-10-09 6.5
A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affected versions of IP Office Contact Center include...
CVE-2019-4224 1 Ibm 1 Pureapplication System 2019-10-09 6.5
IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database....
CVE-2019-4147 1 Ibm 1 Sterling File Gateway 2019-10-09 6.5
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database....
CVE-2019-3760 1 Dell 2 Rsa Identity Governance And Lifecycle, Rsa Via Lifecycle And Governance 2019-10-09 6.5
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a SQL Injection vulnerability in Workflow Architect. A remote authenticated malicious user could potentially exploit this...
CVE-2019-1942 1 Cisco 1 Identity Services Engine 2019-10-09 4.0
A vulnerability in the sponsor portal web interface for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due...
CVE-2019-1825 1 Cisco 3 Evolved Programmable Network Manager, Network Level Service, Prime Infrastructure 2019-10-09 5.5
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist...
CVE-2019-1824 1 Cisco 2 Evolved Programmable Network Manager, Prime Infrastructure 2019-10-09 5.5
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist...