CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2019(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-4899 89 Sql 2019-10-28 2019-11-01
7.5
None Remote Low Not required Partial Partial Partial
pixelpost 1.7.1 has SQL injection
2 CVE-2010-3662 89 Sql 2019-11-04 2019-11-05
6.5
None Remote Low ??? Partial Partial Partial
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend.
3 CVE-2011-1933 89 Sql 2019-11-26 2020-01-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Jifty::DBI before 0.68.
4 CVE-2011-1939 89 Sql 2019-11-26 2019-12-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6.
5 CVE-2011-2936 89 Sql 2019-11-12 2019-11-12
7.5
None Remote Low Not required Partial Partial Partial
Elgg through 1.7.10 has a SQL injection vulnerability
6 CVE-2011-3583 89 Sql 2019-11-26 2019-12-05
7.5
None Remote Low Not required Partial Partial Partial
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.
7 CVE-2011-3584 89 Sql 2019-11-26 2019-12-05
7.5
None Remote Low Not required Partial Partial Partial
The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input.
8 CVE-2012-6719 89 Sql 2019-08-28 2019-08-28
7.5
None Remote Low Not required Partial Partial Partial
The sharebar plugin before 1.2.2 for WordPress has SQL injection.
9 CVE-2013-2091 89 Exec Code Sql 2019-11-20 2019-11-21
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php.
10 CVE-2013-2738 89 Sql 2019-11-01 2019-11-04
7.5
None Remote Low Not required Partial Partial Partial
minidlna has SQL Injection that may allow retrieval of arbitrary files
11 CVE-2013-2745 89 Sql 2019-12-04 2019-12-10
7.5
None Remote Low Not required Partial Partial Partial
An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0
12 CVE-2013-5743 89 Sql 2019-12-11 2019-12-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.
13 CVE-2014-7257 89 Sql 2019-12-11 2019-12-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in DBD::PgPP 0.05 and earlier
14 CVE-2014-10376 89 Sql 2019-08-16 2019-08-21
7.5
None Remote Low Not required Partial Partial Partial
The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection.
15 CVE-2014-10379 89 Sql 2019-08-21 2019-08-22
7.5
None Remote Low Not required Partial Partial Partial
The duplicate-post plugin before 2.6 for WordPress has SQL injection.
16 CVE-2014-10387 89 Sql 2019-08-22 2019-08-26
7.5
None Remote Low Not required Partial Partial Partial
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection.
17 CVE-2015-0270 89 Sql 2019-10-25 2019-10-30
7.5
None Remote Low Not required Partial Partial Partial
Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter.
18 CVE-2015-3424 89 Exec Code Sql 2019-12-09 2019-12-11
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to execute arbitrary SQL commands via the SIDX parameter.
19 CVE-2015-4615 89 Sql 2019-02-15 2019-02-19
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables
20 CVE-2015-5591 89 Exec Code Sql 2019-12-31 2020-01-06
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in Zenphoto before 1.4.9 allow remote administrators to execute arbitrary SQL commands.
21 CVE-2015-9301 89 Sql 2019-08-13 2019-09-09
7.5
None Remote Low Not required Partial Partial Partial
The liveforms plugin before 3.2.0 for WordPress has SQL injection.
22 CVE-2015-9310 89 Sql 2019-08-14 2019-08-19
7.5
None Remote Low Not required Partial Partial Partial
The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues.
23 CVE-2015-9313 89 Sql 2019-08-14 2019-08-16
7.5
None Remote Low Not required Partial Partial Partial
The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element.
24 CVE-2015-9315 89 Sql 2019-08-14 2019-08-16
7.5
None Remote Low Not required Partial Partial Partial
The newstatpress plugin before 1.0.1 for WordPress has SQL injection.
25 CVE-2015-9316 89 Sql 2019-08-14 2019-08-19
7.5
None Remote Low Not required Partial Partial Partial
The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request via the poll_id parameter.
26 CVE-2015-9323 89 Sql 2019-08-16 2019-08-21
7.5
None Remote Low Not required Partial Partial Partial
The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.
27 CVE-2015-9324 89 Sql 2019-08-16 2021-11-02
7.5
None Remote Low Not required Partial Partial Partial
The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection.
28 CVE-2015-9325 89 Sql 2019-08-16 2019-08-21
7.5
None Remote Low Not required Partial Partial Partial
The visitors-online plugin before 0.4 for WordPress has SQL injection.
29 CVE-2015-9326 89 Sql 2019-08-16 2019-08-21
7.5
None Remote Low Not required Partial Partial Partial
The wp-business-intelligence-lite plugin before 1.6.3 for WordPress has SQL injection.
30 CVE-2015-9330 89 Sql 2019-08-20 2019-08-22
7.5
None Remote Low Not required Partial Partial Partial
The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection.
31 CVE-2015-9333 89 Sql 2019-08-22 2019-09-30
7.5
None Remote Low Not required Partial Partial Partial
The cforms2 plugin before 14.6.10 for WordPress has SQL injection.
32 CVE-2015-9334 89 Sql 2019-08-22 2019-08-29
7.5
None Remote Low Not required Partial Partial Partial
The email-newsletter plugin through 20.15 for WordPress has SQL injection.
33 CVE-2015-9335 89 Sql 2019-08-22 2019-08-26
7.5
None Remote Low Not required Partial Partial Partial
The limit-attempts plugin before 1.1.1 for WordPress has SQL injection during IP address handling.
34 CVE-2015-9344 89 Sql 2019-08-27 2019-09-04
7.5
None Remote Low Not required Partial Partial Partial
The link-log plugin before 2.1 for WordPress has SQL injection.
35 CVE-2015-9352 89 Sql 2019-08-27 2019-08-28
7.5
None Remote Low Not required Partial Partial Partial
The wp-polls plugin before 2.72 for WordPress has SQL injection.
36 CVE-2015-9353 89 Sql 2019-08-28 2019-09-09
6.5
None Remote Low ??? Partial Partial Partial
The gigpress plugin before 2.3.11 for WordPress has SQL injection in the admin area, a different vulnerability than CVE-2015-4066.
37 CVE-2015-9395 89 Sql 2019-09-20 2019-09-20
6.5
None Remote Low ??? Partial Partial Partial
The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action.
38 CVE-2015-9398 89 Sql 2019-09-20 2019-09-20
6.5
None Remote Low ??? Partial Partial Partial
The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection.
39 CVE-2015-9399 89 Sql 2019-09-20 2019-09-20
6.5
None Remote Low ??? Partial Partial Partial
The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection.
40 CVE-2015-9400 89 Sql 2019-09-20 2019-09-20
6.5
None Remote Low ??? Partial Partial Partial
The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection.
41 CVE-2015-9445 352 Sql CSRF 2019-09-26 2019-09-26
6.8
None Remote Medium Not required Partial Partial Partial
The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation.
42 CVE-2015-9446 89 Sql 2019-09-26 2019-09-26
6.5
None Remote Low ??? Partial Partial Partial
The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php.
43 CVE-2015-9447 352 Sql CSRF 2019-09-26 2019-09-27
4.3
None Remote Medium Not required None Partial None
The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin.php galleryid or id parameters.
44 CVE-2015-9448 89 Sql 2019-09-26 2019-09-26
6.5
None Remote Low ??? Partial Partial Partial
The sendpress plugin before 1.2 for WordPress has SQL Injection via the wp-admin/admin.php?page=sp-queue listid parameter.
45 CVE-2015-9449 89 Sql 2019-09-26 2019-09-26
6.5
None Remote Low ??? Partial Partial Partial
The microblog-poster plugin before 1.6.2 for WordPress has SQL Injection via the wp-admin/options-general.php?page=microblogposter.php account_id parameter.
46 CVE-2015-9450 89 Sql 2019-10-07 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_cc pmfb_tid parameter.
47 CVE-2015-9451 89 Sql 2019-10-07 2019-10-08
7.5
None Remote Low Not required Partial Partial Partial
The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_mailchimp pmfb_tid parameter.
48 CVE-2015-9452 89 Sql 2019-10-07 2019-10-08
7.5
None Remote Low Not required Partial Partial Partial
The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter.
49 CVE-2015-9454 89 Sql 2019-10-07 2019-10-10
6.5
None Remote Low ??? Partial Partial Partial
The smooth-slider plugin before 2.7 for WordPress has SQL Injection via the wp-admin/admin.php?page=smooth-slider-admin current_slider_id parameter.
50 CVE-2015-9457 89 Sql 2019-10-10 2019-10-16
6.5
None Remote Low ??? Partial Partial Partial
The pretty-link plugin before 1.6.8 for WordPress has PrliLinksController::list_links SQL injection via the group parameter.
Total number of vulnerabilities : 551   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.