ReportizFlow
Filtered by vendor
Subscriptions
Total
16715 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12348 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 9.8 Critical |
| An issue was discovered in zzcms 2019. SQL Injection exists in user/ztconfig.php via the daohang or img POST parameter. | ||||
| CVE-2019-12279 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | N/A |
| Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form). NOTE: The vendor disputes this issues as not being a vulnerability because the issue does not seem to be a legitimate SQL Injection. The POC does not show any valid injection that can be done with the variable provided, and while the username value being passed does get used in a SQL query, it is passed through SQL escaping functions when creating the call. The vendor tried re-creating the issue with no luck | ||||
| CVE-2019-12251 | 1 Ucms Project | 1 Ucms | 2024-11-21 | N/A |
| sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadmin_ceditpost cvalue parameter. | ||||
| CVE-2019-12239 | 1 Wpbookingsystem | 1 Wp Booking System | 2024-11-21 | 7.2 High |
| The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access. | ||||
| CVE-2019-12196 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2024-11-21 | N/A |
| A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine NetFlow Analyzer 12.3 allows attackers to execute arbitrary SQL commands via the DeviceID parameter. | ||||
| CVE-2019-12193 | 1 H3c | 1 H3cloud Os | 2024-11-21 | N/A |
| H3C H3Cloud OS all versions allows SQL injection via the ear/grid_event sidx parameter. | ||||
| CVE-2019-12149 | 1 Silverstripe | 2 Registry, Restfulserver | 2024-11-21 | N/A |
| SQL injection vulnerability in silverstripe/restfulserver module 1.0.x before 1.0.9, 2.0.x before 2.0.4, and 2.1.x before 2.1.2 and silverstripe/registry module 2.1.x before 2.1.1 and 2.2.x before 2.2.1 allows attackers to execute arbitrary SQL commands. | ||||
| CVE-2019-11984 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | ||||
| CVE-2019-11979 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | ||||
| CVE-2019-11978 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | ||||
| CVE-2019-11977 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | ||||
| CVE-2019-11976 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | ||||
| CVE-2019-11975 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | ||||
| CVE-2019-11974 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | ||||
| CVE-2019-11973 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | ||||
| CVE-2019-11972 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | ||||
| CVE-2019-11971 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | ||||
| CVE-2019-11970 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | ||||
| CVE-2019-11880 | 1 Commsy | 1 Commsy | 2024-11-21 | N/A |
| CommSy through 8.6.5 has SQL Injection via the cid parameter. This is fixed in 9.2. | ||||
| CVE-2019-11821 | 1 Synology | 1 Photo Station | 2024-11-21 | 7.3 High |
| SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter. | ||||