Vulnerabilities (CVE)

CWE filter

CWE-89

Filter

5692 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-9885 1 Eclass 1 Eclass Ip 2019-10-09 7.5
eClass platform < ip.2.5.10.2.1 allows an attacker to execute SQL command via /admin/academic/studenview_left.php StudentID parameter.
CVE-2019-7003 1 Avaya 1 Control Manager 2019-10-09 6.4
A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of...
CVE-2019-7001 1 Avaya 1 Ip Office Contact Center 2019-10-09 6.5
A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affected versions of IP Office Contact Center include...
CVE-2019-5476 1 Nextcloud 1 Lookup-server 2019-10-09 7.5
An SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (running on https://lookup.nextcloud.com) caused unauthenticated users to be able to execute arbitrary SQL commands.
CVE-2019-5454 1 Nextcloud 1 Nextcloud 2019-10-09 7.5
SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query is executed requiring to resetup the account.
CVE-2019-4483 1 Ibm 2 Emptoris Spend Analysis, Emptoris Contract Management 2019-10-09 7.5
IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify...
CVE-2019-4481 1 Ibm 2 Emptoris Spend Analysis, Emptoris Contract Management 2019-10-09 7.5
IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify...
CVE-2019-4224 1 Ibm 1 Pureapplication System 2019-10-09 6.5
IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database....
CVE-2019-4147 1 Ibm 1 Sterling File Gateway 2019-10-09 6.5
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database....
CVE-2019-4032 1 Ibm 1 Financial Transaction Manager 2019-10-09 7.5
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete...
CVE-2019-4012 1 Ibm 2 Bigfix Webui Profile Management, Bigfix Webui Software Distribution 2019-10-09 7.5
IBM BigFix WebUI Profile Management 6 and Software Distribution 23 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the...
CVE-2019-3760 1 Dell 2 Rsa Identity Governance And Lifecycle, Rsa Via Lifecycle And Governance 2019-10-09 6.5
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a SQL Injection vulnerability in Workflow Architect. A remote authenticated malicious user could potentially exploit this...
CVE-2019-1942 1 Cisco 1 Identity Services Engine 2019-10-09 4.0
A vulnerability in the sponsor portal web interface for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due...
CVE-2019-1825 1 Cisco 3 Evolved Programmable Network Manager, Network Level Service, Prime Infrastructure 2019-10-09 5.5
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist...
CVE-2019-1824 1 Cisco 2 Evolved Programmable Network Manager, Prime Infrastructure 2019-10-09 5.5
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist...
CVE-2019-12710 1 Cisco 1 Unified Communications Manager 2019-10-09 4.0
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an authenticated, remote attacker to impact the confidentiality of an...
CVE-2019-12686 1 Cisco 1 Firepower Management Center 2019-10-09 9.0
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities...
CVE-2019-12685 1 Cisco 1 Firepower Management Center 2019-10-09 9.0
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities...
CVE-2019-12684 1 Cisco 1 Firepower Management Center 2019-10-09 9.0
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities...
CVE-2019-12683 1 Cisco 1 Firepower Management Center 2019-10-09 9.0
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities...