ReportizFlow
Filtered by vendor
Subscriptions
Total
16716 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-13373 | 2 Dlink, Microsoft | 2 Central Wifimanager, Windows | 2024-11-21 | N/A |
| An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL. | ||||
| CVE-2019-13292 | 1 Weberp | 1 Weberp | 2024-11-21 | N/A |
| A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks. | ||||
| CVE-2019-13275 | 1 Veronalabs | 1 Wp Statistics | 2024-11-21 | N/A |
| An issue was discovered in the VeronaLabs wp-statistics plugin before 12.6.7 for WordPress. The v1/hit endpoint of the API, when the non-default "use cache plugin" setting is enabled, is vulnerable to unauthenticated blind SQL Injection. | ||||
| CVE-2019-13191 | 1 Mapsolutions | 1 Intramaps | 2024-11-21 | N/A |
| A SQL injection vulnerability in IntraMaps MapControl 8 allows attackers to execute arbitrary SQL commands via the /ApplicationEngine/Search/Refine/Set page. | ||||
| CVE-2019-13086 | 1 Cszcms | 1 Csz Cms | 2024-11-21 | N/A |
| core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrf_csz parameter. | ||||
| CVE-2019-13079 | 1 Quest | 1 Kace Systems Management Appliance | 2024-11-21 | 8.8 High |
| Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /adminui/history_log.php. The affected parameter is TYPE_NAME. | ||||
| CVE-2019-13078 | 1 Quest | 1 Kace Systems Management Appliance | 2024-11-21 | 8.8 High |
| Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /common/user_profile.php. The affected parameter is sort_column. | ||||
| CVE-2019-13076 | 1 Quest | 1 Kace Systems Management Appliance | 2024-11-21 | 8.8 High |
| Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /userui/ticket_list.php, and affected parameters are order[0][column] and order[0][dir]. | ||||
| CVE-2019-13027 | 1 Realization | 1 Concerto Critical Chain Planner | 2024-11-21 | N/A |
| Realization Concerto Critical Chain Planner (aka CCPM) 5.10.8071 has SQL Injection in at least in the taskupdt/taskdetails.aspx webpage via the projectname parameter. | ||||
| CVE-2019-13026 | 1 Oxid-esales | 1 Eshop | 2024-11-21 | N/A |
| OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This includes all shopping cart options, customer data, and the database. No interaction between the attacker and the victim is necessary. | ||||
| CVE-2019-12960 | 1 Livezilla | 1 Livezilla | 2024-11-21 | N/A |
| LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php via the parameter p_dt_s_d. | ||||
| CVE-2019-12946 | 1 Elcom | 1 Elcom Cms | 2024-11-21 | N/A |
| Elcom CMS before 10.7 has SQL Injection via EventSearchByState.aspx and EventSearchAdv.aspx. | ||||
| CVE-2019-12939 | 1 Livezilla | 1 Livezilla | 2024-11-21 | N/A |
| LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the p_ext_rse parameter. | ||||
| CVE-2019-12918 | 1 Quest | 1 Kace Systems Management Appliance | 2024-11-21 | 9.8 Critical |
| Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. The affected file is software_library.php and affected parameters are order[0][column] and order[0][dir]. | ||||
| CVE-2019-12872 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A |
| dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via view_unpushed_bundles.jsp. | ||||
| CVE-2019-12850 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | N/A |
| A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168. | ||||
| CVE-2019-12838 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-11-21 | 9.8 Critical |
| SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection. | ||||
| CVE-2019-12723 | 1 Teclib-edition | 1 Fields | 2024-11-21 | N/A |
| An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user. | ||||
| CVE-2019-12720 | 1 Auo | 1 Sunveillance Monitoring System \& Data Recorder | 2024-11-21 | 7.5 High |
| AUO SunVeillance Monitoring System before v1.1.9e is vulnerable to mvc_send_mail.aspx (MailAdd parameter) SQL Injection. An Attacker can carry a SQL Injection payload to the server, allowing the attacker to read privileged data. This also affects the picture_manage_mvc.aspx plant_no parameter, the swapdl_mvc.aspx plant_no parameter, and the account_management.aspx Text_Postal_Code and Text_Dis_Code parameters. | ||||
| CVE-2019-12619 | 1 Cisco | 8 Sd-wan Firmware, Vedge-100, Vedge-1000 and 5 more | 2024-11-21 | 6.5 Medium |
| A vulnerability in the web interface for Cisco SD-WAN Solution vManage could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data. | ||||