Vulnerabilities (CVE)

CWE filter

CWE-89

Filter

5688 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-17429 1 Adhouma Cms Project 1 Adhouma Cms 2019-10-11 7.5
Adhouma CMS through 2019-10-09 has SQL Injection via the post.php p_id parameter.
CVE-2019-17128 1 Netreo 1 Omnicenter 2019-10-11 5.0
Netreo OmniCenter through 12.1.1 allows unauthenticated SQL Injection (Boolean Based Blind) in the redirect parameters and parameter name of the login page through a GET request. The injection allows an attacker to read sensitive information from...
CVE-2015-9467 1 K-78 1 Broken Link Manager 2019-10-11 7.5
The broken-link-manager plugin before 0.5.0 for WordPress has wpslDelURL or wpslEditURL SQL injection via the url parameter.
CVE-2015-9461 1 Brinidesigner 1 Awesome Filterable Portfolio 2019-10-11 6.5
The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_portfolio_item_page SQL injection via the item_id parameter.
CVE-2015-9458 1 Seo Searchterms Tagging 2 Project 1 Seo Searchterms Tagging 2 2019-10-11 6.5
The searchterms-tagging-2 plugin through 1.535 for WordPress has SQL injection via the pk_stt2_db_get_popular_terms count parameter exploitable via CSRF.
CVE-2019-15016 1 Zingbox 1 Inspector 2019-10-11 6.5
An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database.
CVE-2015-9454 1 Slidervilla 1 Smooth Slider 2019-10-10 6.5
The smooth-slider plugin before 2.7 for WordPress has SQL Injection via the wp-admin/admin.php?page=smooth-slider-admin current_slider_id parameter.
CVE-2019-17072 1 Awplife 1 Contact Form Widget 2019-10-10 7.5
The new-contact-form-widget (aka Contact Form Widget - Contact Query, Form Maker) plugin 1.0.9 for WordPress has SQL Injection via all-query-page.php.
CVE-2019-17418 1 Metinfo 1 Metinfo 2019-10-10 6.5
An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter, a different issue than CVE-2019-16997.
CVE-2019-17419 1 Metinfo 1 Metinfo 2019-10-10 6.5
An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=user&c=admin_user&a=doGetUserInfo id parameter.
CVE-2019-17292 1 Sugarcrm 1 Sugarcrm 2019-10-10 6.5
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by an Admin user.
CVE-2019-17293 1 Sugarcrm 1 Sugarcrm 2019-10-10 6.5
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Project module by a Regular user.
CVE-2019-9039 1 Couchbase 1 Sync Gateway 2019-10-10 7.5
In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway?s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions through the parameters "startkey" and "endkey"...
CVE-2008-1508 1 Efestech 1 E-kontor 2019-10-10 7.5
SQL injection vulnerability in EfesTech E-Kont?r and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2005-2035 1 Cool Cafe Chat 1 Cool Cafe Chat 2019-10-10 7.5
SQL injection vulnerability in login.asp for Cool Cafe (Cool Caf?) Chat 1.2.1 allows remote attackers to execute arbitrary SQL commands via the password.
CVE-2019-9918 1 Harmistechnology 1 Je Messenger 2019-10-09 N/A
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database.
CVE-2019-9885 1 Eclass 1 Eclass Ip 2019-10-09 7.5
eClass platform < ip.2.5.10.2.1 allows an attacker to execute SQL command via /admin/academic/studenview_left.php StudentID parameter.
CVE-2019-7003 1 Avaya 1 Control Manager 2019-10-09 6.4
A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of...
CVE-2019-7001 1 Avaya 1 Ip Office Contact Center 2019-10-09 6.5
A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affected versions of IP Office Contact Center include...
CVE-2019-5476 1 Nextcloud 1 Lookup-server 2019-10-09 7.5
An SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (running on https://lookup.nextcloud.com) caused unauthenticated users to be able to execute arbitrary SQL commands.