ReportizFlow
Filtered by vendor
Subscriptions
Total
16480 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-14254 | 1 Publisure | 1 Publisure | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the secure portal in Publisure 2.1.2. Because SQL queries are not well sanitized, there are multiple SQL injections in userAccFunctions.php functions. Using this, an attacker can access passwords and/or grant access to the user account "user" in order to become "Administrator" (for example). | ||||
| CVE-2019-14234 | 4 Debian, Djangoproject, Fedoraproject and 1 more | 4 Debian Linux, Django, Fedora and 1 more | 2024-11-21 | N/A |
| An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function. | ||||
| CVE-2019-14231 | 1 Onionbuzz | 1 Onionbuzz | 2024-11-21 | N/A |
| An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin before 1.2.2 for WordPress. One could exploit the points parameter in the ob_get_results ajax nopriv handler due to there being no sanitization prior to use in a SQL query in getResultByPointsTrivia. This allows an unauthenticated/unprivileged user to perform a SQL injection attack capable of remote code execution and information disclosure. | ||||
| CVE-2019-14230 | 1 Onionbuzz | 1 Onionbuzz | 2024-11-21 | N/A |
| An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin before 1.2.7 for WordPress. One could exploit the id parameter in the set_count ajax nopriv handler due to there being no sanitization prior to use in a SQL query in saveQuestionVote. This allows an unauthenticated/unprivileged user to perform a SQL injection attack capable of remote code execution and information disclosure. | ||||
| CVE-2019-13978 | 1 Ovidentia | 1 Ovidentia | 2024-11-21 | N/A |
| Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request. | ||||
| CVE-2019-13969 | 1 Metinfo | 1 Metinfo | 2024-11-21 | N/A |
| Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1 request. | ||||
| CVE-2019-13957 | 1 Umbraco | 1 Umbraco | 2024-11-21 | 9.8 Critical |
| In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter. | ||||
| CVE-2019-13578 | 1 Givewp | 1 Givewp | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php. | ||||
| CVE-2019-13575 | 1 Wpeverest | 1 Everest Forms | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/evf-entry-functions.php | ||||
| CVE-2019-13573 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability exists in the FolioVision FV Flowplayer Video Player plugin before 7.3.19.727 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system. | ||||
| CVE-2019-13572 | 1 Adenion | 1 Blog2social | 2024-11-21 | 9.8 Critical |
| The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection. | ||||
| CVE-2019-13571 | 1 Vsourz | 1 Advanced Cf7 Db | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system. | ||||
| CVE-2019-13570 | 1 Ajdg | 1 Adrotate | 2024-11-21 | N/A |
| The AJdG AdRotate plugin before 5.3 for WordPress allows SQL Injection. | ||||
| CVE-2019-13569 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-11-21 | N/A |
| A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system. | ||||
| CVE-2019-13507 | 1 Hidea | 1 Az Admin | 2024-11-21 | N/A |
| hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection. | ||||
| CVE-2019-13489 | 1 Trape Project | 1 Trape | 2024-11-21 | N/A |
| Trape through 2019-05-08 has SQL injection via the data[2] variable in core/db.py, as demonstrated by the /bs t parameter. | ||||
| CVE-2019-13462 | 1 Lansweeper | 1 Lansweeper | 2024-11-21 | N/A |
| Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. | ||||
| CVE-2019-13447 | 1 Sertek | 1 Xpare | 2024-11-21 | N/A |
| An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could access the backend database via SQL injection. | ||||
| CVE-2019-13413 | 1 Boiteasite | 1 Rencontre | 2024-11-21 | 9.8 Critical |
| The Rencontre plugin before 3.1.3 for WordPress allows SQL Injection via inc/rencontre_widget.php. | ||||
| CVE-2019-13409 | 1 Topmeeting | 1 Topmeeting | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability was discovered in TOPMeeting before version 8.8 (2019/08/19). An attacker can use a union based injection query string though a search meeting room feature to get databases schema and username/password. | ||||