ReportizFlow
Filtered by vendor
Subscriptions
Total
14629 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-10762 | 1 Medoo | 1 Medoo | 2024-11-21 | 9.8 Critical |
| columnQuote in medoo before 1.7.5 allows remote attackers to perform a SQL Injection due to improper escaping. | ||||
| CVE-2019-10757 | 1 Knexjs | 1 Knex | 2024-11-21 | 9.8 Critical |
| knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB. | ||||
| CVE-2019-10752 | 1 Sequelizejs | 1 Sequelize | 2024-11-21 | 9.8 Critical |
| Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite. | ||||
| CVE-2019-10749 | 1 Sequelizejs | 1 Sequelize | 2024-11-21 | 9.8 Critical |
| sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect. | ||||
| CVE-2019-10748 | 1 Sequelizejs | 1 Sequelize | 2024-11-21 | 9.8 Critical |
| Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects. | ||||
| CVE-2019-10708 | 1 S-cms | 1 S-cms | 2024-11-21 | N/A |
| S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter. | ||||
| CVE-2019-10707 | 1 Mkcms Project | 1 Mkcms | 2024-11-21 | N/A |
| MKCMS V5.0 has SQL injection via the bplay.php play parameter. | ||||
| CVE-2019-10692 | 1 Codecabin | 1 Wp Go Maps | 2024-11-21 | 9.8 Critical |
| In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement. | ||||
| CVE-2019-10687 | 1 Kbpublisher | 1 Kbpublisher | 2024-11-21 | N/A |
| KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entry_id[0] parameter, the admin/index.php?module=log id parameter, or an index.php?View=print&id[]= request. | ||||
| CVE-2019-10671 | 1 Librenms | 1 Librenms | 2024-11-21 | 8.8 High |
| An issue was discovered in LibreNMS through 1.47. It does not parameterize all user supplied input within database queries, resulting in SQL injection. An authenticated attacker can subvert these database queries to extract or manipulate data, as demonstrated by the graph.php sort parameter. | ||||
| CVE-2019-10664 | 1 Domoticz | 1 Domoticz | 2024-11-21 | N/A |
| Domoticz before 4.10578 allows SQL Injection via the idx parameter in CWebServer::GetFloorplanImage in WebServer.cpp. | ||||
| CVE-2019-10663 | 1 Grandstream | 2 Ucm6204, Ucm6204 Firmware | 2024-11-21 | N/A |
| Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI. | ||||
| CVE-2019-10653 | 1 Hsycms | 1 Hsycms | 2024-11-21 | N/A |
| An issue was discovered in Hsycms V1.1. There is a SQL injection vulnerability via a /news/*.html page. | ||||
| CVE-2019-10262 | 1 Bluecms Project | 1 Bluecms | 2024-11-21 | N/A |
| A SQL Injection issue was discovered in BlueCMS 1.6. The variable $ad_id is spliced directly in uploads/admin/ad.php in the admin folder, and is not wrapped in single quotes, resulting in injection around the escape of magic quotes. | ||||
| CVE-2019-10232 | 1 Teclib-edition | 1 Gestionnaire Libre De Parc Informatique | 2024-11-21 | N/A |
| Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php. | ||||
| CVE-2019-10208 | 2 Postgresql, Redhat | 5 Postgresql, Enterprise Linux, Rhel E4s and 2 more | 2024-11-21 | 8.8 High |
| A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. | ||||
| CVE-2019-10141 | 2 Openstack, Redhat | 4 Ironic-inspector, Enterprise Linux, Openstack and 1 more | 2024-11-21 | N/A |
| A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query using unfiltered data from a server reporting inspection results (by a POST to the /v1/continue endpoint). Because the API is unauthenticated, the flaw could be exploited by an attacker with access to the network on which ironic-inspector is listening. Because of how ironic-inspector uses the query results, it is unlikely that data could be obtained. However, the attacker could pass malicious data and create a denial of service. | ||||
| CVE-2019-10123 | 1 Ais | 2 Esel-server, Logistic Software | 2024-11-21 | N/A |
| SQL Injection in Advanced InfoData Systems (AIS) ESEL-Server 67 (which is the backend for the AIS logistics mobile app) allows an anonymous attacker to execute arbitrary code in the context of the user of the MSSQL database. The default user for the database is the 'sa' user. | ||||
| CVE-2019-1010259 | 1 Saltstack | 2 Salt 2018, Salt 2019 | 2024-11-21 | N/A |
| SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for Salt. The attack vector is: specially crafted password string. The fixed version is: 2018.3.4. | ||||
| CVE-2019-1010248 | 1 I-doit | 1 I-doit | 2024-11-21 | N/A |
| Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. The impact is: Unauthenticated mysql database access. The component is: Web login form. The attack vector is: An attacker can exploit the vulnerability by sending a malicious HTTP POST request. The fixed version is: 1.12.1. | ||||