CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2019(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-1000023 89 Exec Code Sql 2019-02-04 2019-02-06
7.5
None Remote Low Not required Partial Partial Partial
OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) version v3.6-2 and earlier versions contains a SQL Injection vulnerability in Identified vulnerable parameters: id, id_access_type and id_attr_access that can result in a malicious attacker can include own SQL commands which database will execute. This attack appears to be exploitable via network connectivity.
2 CVE-2019-9184 89 Exec Code Sql 2019-02-26 2019-04-25
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the product_option[] parameter.
3 CVE-2019-9047 89 Sql 2019-02-23 2019-02-25
7.5
None Remote Low Not required Partial Partial Partial
GoRose v1.0.4 has SQL Injection when the order_by or group_by parameter can be controlled.
4 CVE-2019-8979 89 Sql 2019-02-21 2019-04-12
7.5
None Remote Low Not required Partial Partial Partial
Kohana through 3.3.6 has SQL Injection when the order_by() parameter can be controlled.
5 CVE-2019-8429 89 Sql 2019-02-18 2019-02-19
7.5
None Remote Low Not required Partial Partial Partial
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter.
6 CVE-2019-8428 89 Sql 2019-02-18 2019-02-19
7.5
None Remote Low Not required Partial Partial Partial
ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.
7 CVE-2019-8424 89 Sql 2019-02-18 2019-02-19
7.5
None Remote Low Not required Partial Partial Partial
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.
8 CVE-2019-8423 89 Sql 2019-02-18 2019-02-19
7.5
None Remote Low Not required Partial Partial Partial
ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.
9 CVE-2019-8422 89 Sql 2019-02-17 2019-02-19
6.5
None Remote Low ??? Partial Partial Partial
A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php.
10 CVE-2019-8421 89 Sql 2019-02-17 2019-02-20
6.5
None Remote Low ??? Partial Partial Partial
upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter.
11 CVE-2019-8393 89 Sql 2019-02-17 2019-02-20
7.5
None Remote Low Not required Partial Partial Partial
Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled.
12 CVE-2019-8360 89 Sql 2019-02-16 2019-02-20
7.5
None Remote Low Not required Partial Partial Partial
Themerig Find a Place CMS Directory 1.5 has SQL Injection via the find/assets/external/data_2.php cate parameter.
13 CVE-2019-7587 89 Sql 2019-02-07 2019-02-08
7.5
None Remote Low Not required Partial Partial Partial
Bo-blog Wind through 1.6.0-r allows SQL Injection via the admin.php/comments/batchdel/ comID parameter because this parameter is mishandled in the mode/admin.mode.php delBlockedBatch function.
14 CVE-2019-7585 89 Sql 2019-02-07 2019-02-08
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/PublicAction.class.php allows time-based SQL Injection via the param array parameter to the /index.php?m=public&a=checkemail URI.
15 CVE-2019-7568 89 Sql 2019-02-07 2019-02-07
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in baijiacms V4 that can result in time-based blind SQL injection to get data via the cate parameter in an index.php?act=index request.
16 CVE-2019-7548 89 Sql 2019-02-06 2021-11-30
6.8
None Remote Medium Not required Partial Partial Partial
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
17 CVE-2019-7316 89 Sql 2019-02-04 2020-10-07
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in CSS-TRICKS Chat2 through 2015-05-05. The userid parameter in jumpin.php has a SQL injection vulnerability.
18 CVE-2019-7164 89 Sql 2019-02-20 2021-12-03
7.5
None Remote Low Not required Partial Partial Partial
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
19 CVE-2019-6523 89 Sql 2019-02-05 2019-02-06
7.5
None Remote Low Not required Partial Partial Partial
WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands.
20 CVE-2018-20779 89 Sql 2019-02-11 2019-02-11
7.5
None Remote Low Not required Partial Partial Partial
Traq 3.7.1 allows SQL Injection via a tickets?search= URI.
21 CVE-2018-20770 89 Sql 2019-02-10 2019-02-13
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is Blind SQL Injection.
22 CVE-2018-17542 89 Sql 2019-02-11 2019-10-09
5.0
None Remote Low Not required Partial None None
SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request.
23 CVE-2018-13792 89 Exec Code Sql 2019-02-10 2020-09-10
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCapture before 12 Release 2 allow an attacker to execute arbitrary SQL commands via the mask, sortOrder, filter, or Order parameter.
24 CVE-2018-4056 89 Sql Bypass 2019-02-05 2019-02-20
7.5
None Remote Low Not required Partial Partial Partial
An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server administrator web portal. An attacker can log in via the external interface of the TURN server to trigger this vulnerability.
25 CVE-2017-18362 89 Exec Code Sql 2019-02-05 2019-02-22
7.5
None Remote Low Not required Partial Partial Partial
ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all endpoints managed by the VSA server. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run arbitrary SQL queries, both read and write, without authentication.
26 CVE-2016-1000271 89 Sql 2019-02-04 2019-02-22
7.5
None Remote Low Not required Partial Partial Partial
Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an SQL injection in "/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events". This attack appears to be exploitable if the attacker can reach the web server.
27 CVE-2015-4615 89 Sql 2019-02-15 2019-02-19
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables
Total number of vulnerabilities : 27   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.