Total
16419 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-9053 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A |
| An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter. | ||||
| CVE-2019-9047 | 1 Fizzday | 1 Gorose | 2024-11-21 | N/A |
| GoRose v1.0.4 has SQL Injection when the order_by or group_by parameter can be controlled. | ||||
| CVE-2019-9039 | 1 Couchbase | 1 Sync Gateway | 2024-11-21 | N/A |
| In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions through the parameters "startkey" and "endkey" on the "_all_docs" endpoint. By issuing nested queries with CPU-intensive operations they may have been able to cause increased resource usage and denial of service conditions. The _all_docs endpoint is not required for Couchbase Mobile replication and external access to this REST endpoint has been blocked to mitigate this issue. This issue has been fixed in versions 2.5.0 and 2.1.3. | ||||
| CVE-2019-8979 | 1 Kohanaframework | 1 Kohana | 2024-11-21 | N/A |
| Kohana through 3.3.6 has SQL Injection when the order_by() parameter can be controlled. | ||||
| CVE-2019-8923 | 1 Apachefriends | 1 Xampp | 2024-11-21 | N/A |
| XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf.php jahr parameter. NOTE: This product is discontinued. | ||||
| CVE-2019-8600 | 1 Apple | 6 Icloud, Iphone Os, Itunes and 3 more | 2024-11-21 | 9.8 Critical |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A maliciously crafted SQL query may lead to arbitrary code execution. | ||||
| CVE-2019-8429 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter. | ||||
| CVE-2019-8428 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value. | ||||
| CVE-2019-8424 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter. | ||||
| CVE-2019-8423 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter. | ||||
| CVE-2019-8422 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | N/A |
| A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php. | ||||
| CVE-2019-8421 | 1 Bagesoft | 1 Bagecms | 2024-11-21 | N/A |
| upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter. | ||||
| CVE-2019-8393 | 1 Hotels Server Project | 1 Hotels Server | 2024-11-21 | N/A |
| Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled. | ||||
| CVE-2019-8360 | 1 Themerig | 1 Find A Place Cms Directory | 2024-11-21 | N/A |
| Themerig Find a Place CMS Directory 1.5 has SQL Injection via the find/assets/external/data_2.php cate parameter. | ||||
| CVE-2019-8143 | 1 Magento | 1 Magento | 2024-11-21 | 6.5 Medium |
| A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with access to email templates can send malicious SQL queries and obtain access to sensitive information stored in the database. | ||||
| CVE-2019-8134 | 1 Magento | 1 Magento | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with marketing privileges can execute arbitrary SQL queries in the database when accessing email template variables. | ||||
| CVE-2019-8130 | 1 Magento | 1 Magento | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with store manipulation privileges can execute arbitrary SQL queries by getting access to the database connection through group instance in email templates. | ||||
| CVE-2019-8127 | 1 Magento | 1 Magento | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to an account with Newsletter Template editing permission could exfiltrate the Admin login data, and reset their password, effectively performing a privilege escalation. | ||||
| CVE-2019-7755 | 1 Weberp | 1 Weberp | 2024-11-21 | 8.8 High |
| In webERP 4.15, the Import Bank Transactions function fails to sanitize the content of imported MT940 bank statement files, resulting in the execution of arbitrary SQL queries, aka SQL Injection. | ||||
| CVE-2019-7726 | 1 Nukeviet | 1 Nukeviet | 2024-11-21 | 9.8 Critical |
| modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request (e.g., Referer and User-Agent). | ||||