Total
16419 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-0352 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-132074310 | ||||
| CVE-2020-0344 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140729887 | ||||
| CVE-2020-0060 | 1 Google | 1 Android | 2024-11-21 | 4.4 Medium |
| In query of SmsProvider.java and MmsSmsProvider.java, there is a possible permission bypass due to SQL injection. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143229845 | ||||
| CVE-2019-9918 | 1 Harmistechnology | 1 Je Messenger | 2024-11-21 | 9.1 Critical |
| An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database. | ||||
| CVE-2019-9885 | 1 Eclass | 1 Eclass Ip | 2024-11-21 | N/A |
| eClass platform < ip.2.5.10.2.1 allows an attacker to execute SQL command via /admin/academic/studenview_left.php StudentID parameter. | ||||
| CVE-2019-9846 | 1 Rockoa | 1 Rockoa | 2024-11-21 | N/A |
| RockOA 1.8.7 allows remote attackers to obtain sensitive information because the webmain/webmainAction.php publictreestore method constructs a SQL WHERE clause unsafely by using the pidfields and idfields parameters, aka background SQL injection. | ||||
| CVE-2019-9762 | 1 Phpshe | 1 Phpshe | 2024-11-21 | N/A |
| A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id. The vulnerability does not need any authentication. | ||||
| CVE-2019-9759 | 1 Tongda2000 | 1 Office Anywhere | 2024-11-21 | N/A |
| An issue was discovered in TONGDA Office Anywhere 10.18.190121. There is a SQL Injection vulnerability via the general/approve_center/list/input_form/work_handle.php run_id parameter. | ||||
| CVE-2019-9693 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A |
| In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id), _AdjustNameSeq (parameter shownumber), _Updatepicture (parameter picture_id), and _Deletepicture (parameter picture_id). | ||||
| CVE-2019-9626 | 1 Phpshe | 1 Phpshe | 2024-11-21 | N/A |
| PHPSHE 1.7 allows module/index/cart.php pintuan_id SQL Injection to index.php. | ||||
| CVE-2019-9615 | 1 Ofcms Project | 1 Ofcms | 2024-11-21 | N/A |
| An issue was discovered in OFCMS before 1.1.3. It allows admin/system/generate/create?sql= SQL injection, related to SystemGenerateController.java. | ||||
| CVE-2019-9594 | 1 Bluecms Project | 1 Bluecms | 2024-11-21 | N/A |
| BlueCMS 1.6 allows SQL Injection via the user_id parameter in an uploads/admin/user.php?act=edit request. | ||||
| CVE-2019-9568 | 1 Incsub | 1 Forminator | 2024-11-21 | 6.5 Medium |
| The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has SQL Injection via the wp-admin/admin.php?page=forminator-entries entry[] parameter if the attacker has the delete permission. | ||||
| CVE-2019-9566 | 1 Flarumchina | 1 Flarumchina | 2024-11-21 | N/A |
| FlarumChina v0.1.0-beta.7C has SQL injection via a /?q= request. | ||||
| CVE-2019-9204 | 1 Nagios | 1 Incident Manager | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands. | ||||
| CVE-2019-9184 | 1 J2store | 1 J2store | 2024-11-21 | N/A |
| SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the product_option[] parameter. | ||||
| CVE-2019-9165 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id. | ||||
| CVE-2019-9087 | 1 Digitaldruid | 1 Hoteldruid | 2024-11-21 | N/A |
| HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php numtariffa1 parameter. | ||||
| CVE-2019-9086 | 1 Digitaldruid | 1 Hoteldruid | 2024-11-21 | N/A |
| HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle.php anno parameter. | ||||
| CVE-2019-9083 | 1 Sqlitemanager | 1 Sqlitemanager | 2024-11-21 | N/A |
| SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanager/main.php dbsel parameter. NOTE: This product is discontinued. | ||||