ReportizFlow
Filtered by vendor
Subscriptions
Total
14903 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-20613 | 1 Google | 1 Android | 2024-11-21 | 8.1 High |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is time-based SQL injection in Contacts. The Samsung ID is SVE-2018-13452 (March 2019). | ||||
| CVE-2019-20592 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Story Video Editor Content Provider. The Samsung ID is SVE-2019-14062 (July 2019). | ||||
| CVE-2019-20591 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Gear VR Service Content Provider. The Samsung ID is SVE-2019-14058 (July 2019). | ||||
| CVE-2019-20576 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Samsung mobile devices with P(9.0) software. The MemorySaver Content Provider allows SQL injection. The Samsung ID is SVE-2019-14365 (August 2019). | ||||
| CVE-2019-20574 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Wi-Fi history Content Provider. The Samsung ID is SVE-2019-14061 (August 2019). | ||||
| CVE-2019-20573 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the RCS Content Provider. The Samsung IDs are SVE-2019-14059, SVE-2019-14685 (August 2019). | ||||
| CVE-2019-20447 | 1 Jobberbase | 1 Jobberbase | 2024-11-21 | 9.8 Critical |
| Jobberbase 2.0 has SQL injection via the PATH_INFO to the jobs-in endpoint. | ||||
| CVE-2019-20361 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-11-21 | 9.8 Critical |
| There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability). | ||||
| CVE-2019-20337 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2024-11-21 | 7.2 High |
| In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.php news_id parameter is vulnerable to SQL Injection. | ||||
| CVE-2019-20179 | 1 Soplanning | 1 Soplanning | 2024-11-21 | 8.8 High |
| SOPlanning 1.45 has SQL injection via the user_list.php "by" parameter. | ||||
| CVE-2019-20107 | 1 Testlink | 1 Testlink | 2024-11-21 | 8.8 High |
| Multiple SQL injection vulnerabilities in TestLink through 1.9.19 allows remote authenticated users to execute arbitrary SQL commands via the (1) tproject_id parameter to keywordsView.php; the (2) req_spec_id parameter to reqSpecCompareRevisions.php; the (3) requirement_id parameter to reqCompareVersions.php; the (4) build_id parameter to planUpdateTC.php; the (5) tplan_id parameter to newest_tcversions.php; the (6) tplan_id parameter to tcCreatedPerUserGUI.php; the (7) tcase_id parameter to tcAssign2Tplan.php; or the (8) testcase_id parameter to tcCompareVersions.php. Authentication is often easy to achieve: a guest account, that can execute this attack, can be created by anyone in the default configuration. | ||||
| CVE-2019-20059 | 1 Mfscripts | 1 Yetishare | 2024-11-21 | 8.8 High |
| payment_manage.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.4 directly insert values from the sSortDir_0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection. NOTE: this issue exists because of an incomplete fix for CVE-2019-19732. | ||||
| CVE-2019-1825 | 1 Cisco | 3 Evolved Programmable Network Manager, Network Level Service, Prime Infrastructure | 2024-11-21 | N/A |
| A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains malicious SQL statements to the affected application. A successful exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data. | ||||
| CVE-2019-1824 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2024-11-21 | N/A |
| A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains malicious SQL statements to the affected application. A successful exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data. | ||||
| CVE-2019-19986 | 1 Seling | 1 Visual Access Manager | 2024-11-21 | 7.5 High |
| An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. An attacker without authentication is able to execute arbitrary SQL SELECT statements by injecting the HTTP (POST or GET) parameter persoid into /tools/VamPersonPhoto.php. The SQL Injection type is Error-based (this means that relies on error messages thrown by the database server to obtain information about the structure of the database). | ||||
| CVE-2019-19876 | 1 Br-automation | 1 Industrial Automation Aprol | 2024-11-21 | 9.8 Critical |
| An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An EnMon PHP script was vulnerable to SQL injection, a different vulnerability than CVE-2019-10006. | ||||
| CVE-2019-19850 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 7.2 High |
| An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backend user who has administrator privileges. | ||||
| CVE-2019-19846 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 9.8 Critical |
| In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors. | ||||
| CVE-2019-19740 | 1 Octeth | 1 Oempro | 2024-11-21 | 9.8 Critical |
| Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignID in Campaign.Get is vulnerable. | ||||
| CVE-2019-19734 | 1 Mfscripts | 1 Yetishare | 2024-11-21 | 8.8 High |
| _account_move_file_in_folder.ajax.php in MFScripts YetiShare 3.5.2 directly inserts values from the fileIds parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection. | ||||