Vulnerabilities (CVE)

CWE filter

CWE-89

Filter

5305 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-8979 2 Kohanaframework, Koseven 2 Kohana, Koseven 2019-02-21 7.5
Koseven through 3.3.9, and Kohana through 3.3.6, has SQL Injection when the order_by() parameter can be controlled.
CVE-2019-7164 1 Sqlalchemy 1 Sqlalchemy 2019-02-20 7.5
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
CVE-2018-4056 1 Debian 1 Debian Linux 2019-02-20 7.5
An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which...
CVE-2016-1000271 2019-02-20 7.5
Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an SQL injection in "/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events". This attack appears to be exploitable if the attacker can...
CVE-2019-8421 1 Bagesoft 1 Bagecms 2019-02-20 6.5
upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter.
CVE-2019-8393 1 Hotels Server Project 1 Hotels Server 2019-02-20 7.5
Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled.
CVE-2019-8360 1 Themerig 1 Find A Place Cms Directory 2019-02-20 7.5
Themerig Find a Place CMS Directory 1.5 has SQL Injection via the find/assets/external/data_2.php cate parameter.
CVE-2019-8422 1 Pbootcms 1 Pbootcms 2019-02-19 6.5
A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php.
CVE-2019-8423 1 Zoneminder 1 Zoneminder 2019-02-19 7.5
ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.
CVE-2019-8424 1 Zoneminder 1 Zoneminder 2019-02-19 7.5
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.
CVE-2019-8428 1 Zoneminder 1 Zoneminder 2019-02-19 7.5
ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.
CVE-2019-8429 1 Zoneminder 1 Zoneminder 2019-02-19 7.5
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter.
CVE-2015-4615 1 Easy2map 1 Easy2map-photos 2019-02-19 7.5
Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables
CVE-2019-5488 1 Earclink 1 Espcms-p8 2019-02-14 5.0
EARCLINK ESPCMS-P8 has SQL injection in the install_pack/index.php?ac=Member&at=verifyAccount verify_key parameter. install_pack/espcms_public/espcms_db.php may allow retrieving sensitive information from the ESPCMS database.
CVE-2019-3576 1 Inxedu Project 1 Inxedu 2019-02-14 7.5
inxedu through 2018-12-24 has a SQL Injection vulnerability that can lead to information disclosure via the deleteFaveorite/ PATH_INFO. The vulnerable code location is com.inxedu.os.edu.controller.user.UserController#deleteFavorite (aka...
CVE-2019-3577 1 Bijiadao 1 Waimai Super Cms 2019-02-14 7.5
An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/ProductAction.class.php allows blind SQL Injection via the id[0] parameter to the /product URI.
CVE-2015-7999 1 Citrix 1 Command Center 2019-02-13 6.5
Multiple SQL injection vulnerabilities in the Administration Web UI servlets in Citrix Command Center before 5.1 Build 36.7 and 5.2 before Build 44.11 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2018-13792 1 Abbyy 1 Flexicapture 2019-02-13 7.5
Multiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCapture before 12 Release 2 allow an attacker to execute arbitrary SQL commands via the mask, sortOrder, filter, or Order parameter.
CVE-2018-20770 2019-02-13 7.5
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is Blind SQL Injection.
CVE-2018-17542 2019-02-12 5.0
SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request.