Vulnerabilities (CVE)

CWE filter

CWE-89

Filter

5692 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-12682 1 Cisco 1 Firepower Management Center 2019-10-09 9.0
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities...
CVE-2019-12681 1 Cisco 1 Firepower Management Center 2019-10-09 9.0
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities...
CVE-2019-12680 1 Cisco 1 Firepower Management Center 2019-10-09 9.0
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities...
CVE-2019-12679 1 Cisco 1 Firepower Management Center 2019-10-09 9.0
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities...
CVE-2019-11821 1 Synology 1 Photo Station 2019-10-09 7.5
SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter.
CVE-2018-8914 1 Synology 1 Media Server 2019-10-09 7.5
SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654 allows remote attackers to execute arbitrary SQL commands via the ObjectID parameter.
CVE-2018-7528 1 Geutebrueck 2 G-cam%2fefd-2250 Firmware, Topfd-2125 Firmware 2019-10-09 6.4
An SQL injection vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an attacker to alter stored data.
CVE-2018-7501 1 Advantech 3 Webaccess, Webaccess%2fnms, Webaccess Dashboard 2019-10-09 5.0
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection...
CVE-2018-6494 1 Hp 1 Service Manager Web Tier 2019-10-09 5.5
Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data.
CVE-2018-6493 1 Hp 2 Network Automation, Network Operations Management Ultimate 2019-10-09 6.5
SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection.
CVE-2018-5443 2019-10-09 5.0
A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. WebAccess/SCADA does not properly sanitize its inputs for SQL commands.
CVE-2018-5404 2019-10-09 4.0
The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive...
CVE-2018-5384 2019-10-09 5.0
Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection. If successfully exploited the user can get info from the underlying postgresql database that could lead into to total...
CVE-2018-1994 1 Ibm 2 Infosphere Information Server On Cloud, Infosphere Metadata Asset Manager 2019-10-09 7.5
IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM...
CVE-2018-1819 1 Ibm 1 Financial Transaction Manager 2019-10-09 6.5
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2, 3.0.4, 3.0.6, and 3.2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add,...
CVE-2018-1756 1 Ibm 1 Security Identity Governance And Intelligence 2019-10-09 5.0
IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM...
CVE-2018-1699 1 Ibm 1 Maximo Asset Management 2019-10-09 6.5
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM...
CVE-2018-1674 1 Ibm 2 Business Automation Workflow, Business Process Manager 2019-10-09 6.5
IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information...
CVE-2018-1132 1 Opendaylight 1 Sdninterfaceapp 2019-10-09 7.5
A flaw was found in Opendaylight's SDNInterfaceapp (SDNI). Attackers can SQL inject the component's database (SQLite) without authenticating to the controller or SDNInterfaceapp. SDNInterface has been deprecated in OpenDayLight since it was last...
CVE-2018-1096 2 Theforeman, Redhat 2 Foreman, Satellite 2019-10-09 4.0
An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database.