CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2019(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-19850 89 Sql 2019-12-17 2019-12-20
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backend user who has administrator privileges.
2 CVE-2019-19846 89 Sql 2019-12-18 2019-12-18
7.5
None Remote Low Not required Partial Partial Partial
In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.
3 CVE-2019-19740 89 Sql 2019-12-12 2020-01-21
7.5
None Remote Low Not required Partial Partial Partial
Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignID in Campaign.Get is vulnerable.
4 CVE-2019-19734 89 Sql 2019-12-30 2020-01-07
6.5
None Remote Low ??? Partial Partial Partial
_account_move_file_in_folder.ajax.php in MFScripts YetiShare 3.5.2 directly inserts values from the fileIds parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection.
5 CVE-2019-19732 89 Sql 2019-12-30 2020-01-08
6.5
None Remote Low ??? Partial Partial Partial
translation_manage_text.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 directly insert values from the aSortDir_0 and/or sSortDir_0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection.
6 CVE-2019-19650 89 Sql 2019-12-11 2019-12-19
6.5
None Remote Low ??? Partial Partial Partial
Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function.
7 CVE-2019-19649 89 Sql 2019-12-11 2019-12-19
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function.
8 CVE-2019-19245 89 Sql 2019-12-02 2019-12-11
7.5
None Remote Low Not required Partial Partial Partial
NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication SQL Injection via the /elegant6/login LoginForm[username] field when double quotes are used.
9 CVE-2019-19016 89 Sql 2019-12-02 2019-12-04
5.0
None Remote Low Not required Partial None None
An issue was discovered in TitanHQ WebTitan before 5.18. Some functions, such as /history-x.php, of the administration interface are vulnerable to SQL Injection through the results parameter. This could be used by an attacker to extract sensitive information from the appliance database.
10 CVE-2019-18234 89 Exec Code Sql 2019-12-23 2019-12-30
7.5
None Remote Low Not required Partial Partial Partial
Equinox Control Expert all versions, is vulnerable to an SQL injection attack, which may allow an attacker to remotely execute arbitrary code.
11 CVE-2019-17527 89 Sql 2019-12-19 2020-01-02
7.5
None Remote Low Not required Partial Partial Partial
dataForDepandantField in models/custormfields.php in the JS JOBS FREE extension before 1.2.7 for Joomla! allows SQL Injection via the index.php?option=com_jsjobs&task=customfields.getfieldtitlebyfieldandfieldfo child parameter.
12 CVE-2019-15933 89 Sql 2019-12-12 2019-12-13
7.5
None Remote Low Not required Partial Partial Partial
Intesync Solismed 3.3sp has SQL Injection.
13 CVE-2019-8600 89 Exec Code Sql Mem. Corr. 2019-12-18 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A maliciously crafted SQL query may lead to arbitrary code execution.
14 CVE-2019-7484 89 Sql 2019-12-19 2019-12-31
4.0
None Remote Low ??? Partial None None
Authenticated SQL Injection in SonicWall SMA100 allow user to gain read-only access to unauthorized resources using viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier.
15 CVE-2019-7481 89 Sql 2019-12-17 2021-09-14
5.0
None Remote Low Not required Partial None None
Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. This vulnerablity impacted SMA100 version 9.0.0.3 and earlier.
16 CVE-2019-7478 89 Sql 2019-12-31 2020-01-09
7.5
None Remote Low Not required Partial Partial Partial
A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulnerability affected GMS versions GMS 8.4, 8.5, 8.6, 8.7, 9.0 and 9.1.
17 CVE-2019-6012 89 Exec Code Sql 2019-12-26 2020-01-03
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
18 CVE-2019-5112 89 Sql 2019-12-03 2019-12-04
6.5
None Remote Low ??? Partial Partial Partial
Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_status was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.
19 CVE-2019-5111 89 Sql 2019-12-03 2019-12-04
6.5
None Remote Low ??? Partial Partial Partial
Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_cat was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.
20 CVE-2019-5110 89 Sql 2019-12-03 2019-12-04
6.5
None Remote Low ??? Partial Partial Partial
Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.
21 CVE-2019-5109 89 Sql 2019-12-03 2019-12-04
6.5
None Remote Low ??? Partial Partial Partial
Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.
22 CVE-2018-7282 89 Sql 2019-12-06 2019-12-18
7.5
None Remote Low Not required Partial Partial Partial
The username parameter of the TITool PrintMonitor solution during the login request is vulnerable to and/or time-based blind SQLi.
23 CVE-2015-5591 89 Exec Code Sql 2019-12-31 2020-01-06
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in Zenphoto before 1.4.9 allow remote administrators to execute arbitrary SQL commands.
24 CVE-2015-3424 89 Exec Code Sql 2019-12-09 2019-12-11
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to execute arbitrary SQL commands via the SIDX parameter.
25 CVE-2014-7257 89 Sql 2019-12-11 2019-12-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in DBD::PgPP 0.05 and earlier
26 CVE-2013-5743 89 Sql 2019-12-11 2019-12-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.
27 CVE-2013-2745 89 Sql 2019-12-04 2019-12-10
7.5
None Remote Low Not required Partial Partial Partial
An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0
Total number of vulnerabilities : 27   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.