Vulnerabilities (CVE)

CWE filter

CWE-89

Filter

5692 total CVE
CVE Vendors Products Updated CVSS
CVE-2015-9465 2019-10-15 6.5
The yet-another-stars-rating plugin before 0.9.1 for WordPress has yasr_get_multi_set_values_and_field SQL injection via the set_id parameter.
CVE-2019-10757 1 Knexjs 1 Knex 2019-10-15 7.5
knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB.
CVE-2015-9460 2019-10-15 6.5
The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter.
CVE-2015-9462 2019-10-15 6.5
The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_category_page SQL injection via the cat_id parameter.
CVE-2019-17429 1 Adhouma Cms Project 1 Adhouma Cms 2019-10-11 7.5
Adhouma CMS through 2019-10-09 has SQL Injection via the post.php p_id parameter.
CVE-2019-17128 1 Netreo 1 Omnicenter 2019-10-11 5.0
Netreo OmniCenter through 12.1.1 allows unauthenticated SQL Injection (Boolean Based Blind) in the redirect parameters and parameter name of the login page through a GET request. The injection allows an attacker to read sensitive information from...
CVE-2015-9467 1 K-78 1 Broken Link Manager 2019-10-11 7.5
The broken-link-manager plugin before 0.5.0 for WordPress has wpslDelURL or wpslEditURL SQL injection via the url parameter.
CVE-2015-9461 1 Brinidesigner 1 Awesome Filterable Portfolio 2019-10-11 6.5
The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_portfolio_item_page SQL injection via the item_id parameter.
CVE-2015-9458 1 Seo Searchterms Tagging 2 Project 1 Seo Searchterms Tagging 2 2019-10-11 6.5
The searchterms-tagging-2 plugin through 1.535 for WordPress has SQL injection via the pk_stt2_db_get_popular_terms count parameter exploitable via CSRF.
CVE-2019-15016 1 Zingbox 1 Inspector 2019-10-11 6.5
An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database.
CVE-2015-9454 1 Slidervilla 1 Smooth Slider 2019-10-10 6.5
The smooth-slider plugin before 2.7 for WordPress has SQL Injection via the wp-admin/admin.php?page=smooth-slider-admin current_slider_id parameter.
CVE-2019-17072 1 Awplife 1 Contact Form Widget 2019-10-10 7.5
The new-contact-form-widget (aka Contact Form Widget - Contact Query, Form Maker) plugin 1.0.9 for WordPress has SQL Injection via all-query-page.php.
CVE-2019-17418 1 Metinfo 1 Metinfo 2019-10-10 6.5
An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter, a different issue than CVE-2019-16997.
CVE-2019-17419 1 Metinfo 1 Metinfo 2019-10-10 6.5
An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=user&c=admin_user&a=doGetUserInfo id parameter.
CVE-2019-17292 1 Sugarcrm 1 Sugarcrm 2019-10-10 6.5
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by an Admin user.
CVE-2019-17293 1 Sugarcrm 1 Sugarcrm 2019-10-10 6.5
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Project module by a Regular user.
CVE-2019-9039 1 Couchbase 1 Sync Gateway 2019-10-10 7.5
In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway?s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions through the parameters "startkey" and "endkey"...
CVE-2008-1508 1 Efestech 1 E-kontor 2019-10-10 7.5
SQL injection vulnerability in EfesTech E-Kont?r and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2005-2035 1 Cool Cafe Chat 1 Cool Cafe Chat 2019-10-10 7.5
SQL injection vulnerability in login.asp for Cool Cafe (Cool Caf?) Chat 1.2.1 allows remote attackers to execute arbitrary SQL commands via the password.
CVE-2019-9918 1 Harmistechnology 1 Je Messenger 2019-10-09 N/A
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database.