CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 2019(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-6805 89 Sql 2019-01-25 2019-01-25
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter.
2 CVE-2019-6798 89 Sql 2019-01-26 2019-01-28
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.
3 CVE-2019-6708 89 Sql 2019-01-23 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
PHPSHE 1.7 has SQL injection via the admin.php?mod=order state parameter.
4 CVE-2019-6707 89 Sql 2019-01-23 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
PHPSHE 1.7 has SQL injection via the admin.php?mod=product&act=state product_id[] parameter.
5 CVE-2019-6691 89 Sql 2019-01-23 2019-01-25
6.5
None Remote Low ??? Partial Partial Partial
phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb[] parameter, related to the "--backup database" option.
6 CVE-2019-6497 89 Sql 2019-01-20 2019-01-23
7.5
None Remote Low Not required Partial Partial Partial
Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.
7 CVE-2019-6296 89 Sql 2019-01-15 2019-01-18
7.5
None Remote Low Not required Partial Partial Partial
Cleanto 5.0 has SQL Injection via the assets/lib/export_ajax.php id parameter.
8 CVE-2019-6295 89 Sql 2019-01-15 2019-01-18
7.5
None Remote Low Not required Partial Partial Partial
Cleanto 5.0 has SQL Injection via the assets/lib/service_method_ajax.php service_id parameter.
9 CVE-2019-6259 89 Sql 2019-01-14 2019-01-16
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter.
10 CVE-2019-6127 89 Exec Code Sql 2019-01-11 2019-01-23
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table[] SQL injection. This can be used for PHP code execution via "INTO OUTFILE" with a .php filename.
11 CVE-2019-5893 89 Sql 2019-01-10 2019-01-17
7.5
None Remote Low Not required Partial Partial Partial
Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/query/data.xml query parameter.
12 CVE-2019-5720 89 Sql 2019-01-08 2019-01-30
7.5
None Remote Low Not required Partial Partial Partial
includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in the reference field that can allow the attacker to grab the entire database of the application via the void_transaction.php filterType parameter.
13 CVE-2019-5488 89 Sql 2019-01-07 2019-02-14
5.0
None Remote Low Not required Partial None None
EARCLINK ESPCMS-P8 has SQL injection in the install_pack/index.php?ac=Member&at=verifyAccount verify_key parameter. install_pack/espcms_public/espcms_db.php may allow retrieving sensitive information from the ESPCMS database.
14 CVE-2019-3577 89 Sql 2019-01-02 2019-02-14
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/ProductAction.class.php allows blind SQL Injection via the id[0] parameter to the /product URI.
15 CVE-2019-3576 89 Sql 2019-01-02 2019-02-14
7.5
None Remote Low Not required Partial Partial Partial
inxedu through 2018-12-24 has a SQL Injection vulnerability that can lead to information disclosure via the deleteFaveorite/ PATH_INFO. The vulnerable code location is com.inxedu.os.edu.controller.user.UserController#deleteFavorite (aka deleteFavorite in com/inxedu/os/edu/controller/user/UserController.java), where courseFavoritesService.deleteCourseFavoritesById is mishandled during use of MyBatis. NOTE: UserController.java has a spelling variation in an annotation: a @RequestMapping("/deleteFaveorite/{ids}") line followed by a "public ModelAndView deleteFavorite" line.
16 CVE-2019-3494 89 Sql 2019-01-01 2019-01-16
6.4
None Remote Low Not required None Partial Partial
Simply-Blog through 2019-01-01 has SQL Injection via the admin/deleteCategories.php delete parameter.
17 CVE-2018-20730 89 Exec Code Sql 2019-01-17 2019-01-22
5.0
None Remote Low Not required Partial None None
A SQL injection vulnerability in NeDi before 1.7Cp3 allows any user to execute arbitrary SQL read commands via the query.php component.
18 CVE-2018-20719 89 Sql 2019-01-15 2019-01-18
6.5
None Remote Low ??? Partial Partial Partial
In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter.
19 CVE-2018-20716 89 Sql 2019-01-15 2019-01-23
7.5
None Remote Low Not required Partial Partial Partial
CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature.
20 CVE-2018-20715 89 Sql 2019-01-15 2019-01-23
7.5
None Remote Low Not required Partial Partial Partial
The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php.
21 CVE-2018-20713 89 Sql 2019-01-15 2019-01-18
6.5
None Remote Low ??? Partial Partial Partial
Shopware before 5.4.3 allows SQL Injection by remote authenticated users, aka SW-21404.
22 CVE-2018-19998 89 Exec Code Sql 2019-01-03 2019-01-11
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter.
23 CVE-2018-19994 89 Exec Code Sql 2019-01-03 2019-01-09
6.5
None Remote Low ??? Partial Partial Partial
An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter.
24 CVE-2018-19415 89 Exec Code Sql 2019-01-03 2019-01-14
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Plikli CMS 4.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to join_group.php or (2) comment_id parameter to story.php.
25 CVE-2018-16803 89 Exec Code Sql 2019-01-10 2020-01-16
10.0
None Remote Low Not required Complete Complete Complete
In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows attackers to execute SQL code.
26 CVE-2018-16188 89 Exec Code Sql 2019-01-09 2019-02-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
27 CVE-2018-16175 89 Exec Code Sql 2019-01-09 2019-01-11
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the LearnPress prior to version 3.1.0 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.
28 CVE-2018-13045 89 Exec Code Sql 2019-01-02 2019-01-09
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the "Bazar" page in Yeswiki Cercopitheque 2018-06-19-1 and earlier allows attackers to execute arbitrary SQL commands via the "id" parameter.
Total number of vulnerabilities : 28   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.