Vulnerabilities (CVE)

CWE filter

CWE-89

Filter

5341 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-6506 1 Salesagility 1 Suitecrm 2019-04-17 7.5
SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL Injection.
CVE-2019-4012 1 Ibm 2 Bigfix Webui Profile Management, Bigfix Webui Software Distribution 2019-04-17 7.5
IBM BigFix WebUI Profile Management 6 and Software Distribution 23 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the...
CVE-2018-6393 1 Freepbx 1 Freepbx 2019-04-16 6.5
** DISPUTED ** FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL...
CVE-2019-9184 1 J2store 1 J2store 2019-04-16 7.5
SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the product_option[] parameter.
CVE-2017-8917 1 Joomla 1 Joomla%21 2019-04-16 7.5
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2018-18018 1 Tribulant 1 Slideshow Gallery 2019-04-16 7.5
SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter.
CVE-2019-9204 1 Nagios 1 Incident Manager 2019-04-15 7.5
SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands.
CVE-2019-9165 1 Nagios 1 Nagios Xi 2019-04-15 7.5
SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id.
CVE-2019-8979 2 Kohanaframework, Koseven 2 Kohana, Koseven 2019-04-12 7.5
Kohana through 3.3.6 has SQL Injection when the order_by() parameter can be controlled.
CVE-2019-7548 2 Sqlalchemy, Debian 2 Sqlalchemy, Debian Linux 2019-04-12 6.8
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
CVE-2019-5715 1 Silverstripe 1 Silverstripe 2019-04-12 7.5
All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject.
CVE-2019-7139 1 Magento 1 Magento 2019-04-11 7.5
An unauthenticated user can execute arbitrary code through an SQL injection vulnerability, which causes sensitive data leakage. This issue is fixed in Magento Open Source 1.9.4.1, Magento Commerce 1.14.4.1, SUPEE-11086, Magento 2.2.8, Magento 2.3.1.
CVE-2018-1994 1 Ibm 2 Infosphere Information Server On Cloud, Infosphere Metadata Asset Manager 2019-04-10 7.5
IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM...
CVE-2019-3792 1 Pivotal Software 1 Concourse 2019-04-09 5.0
Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data.
CVE-2019-7001 2019-04-09 6.5
A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affected versions of IP Office Contact Center include...
CVE-2018-20505 2 Apple, Sqlite 6 Icloud, Itunes, Sqlite and 3 more 2019-04-08 5.0
SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).
CVE-2019-6491 1 Risi 1 Gestao De Horarios 2019-03-25 6.5
RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection.
CVE-2019-9083 1 Sqlitemanager 1 Sqlitemanager 2019-03-25 7.5
SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanager/main.php dbsel parameter. NOTE: This product is discontinued.
CVE-2019-5722 1 Portier 1 Portier 2019-03-22 7.5
An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Due to a lack of user input validation in parameter handling, it has various SQL injections, including on the login form, and on the search form for a key ring number.
CVE-2018-20556 1 Booking Calendar Project 1 Booking Calendar 2019-03-22 6.5
SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the booking_id parameter.