CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2019(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-10664 89 Sql 2019-03-31 2019-05-03
7.5
None Remote Low Not required Partial Partial Partial
Domoticz before 4.10578 allows SQL Injection via the idx parameter in CWebServer::GetFloorplanImage in WebServer.cpp.
2 CVE-2019-10663 89 Sql 2019-03-30 2019-04-01
6.5
None Remote Low ??? Partial Partial Partial
Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI.
3 CVE-2019-10262 89 Sql 2019-03-28 2019-03-29
7.5
None Remote Low Not required Partial Partial Partial
A SQL Injection issue was discovered in BlueCMS 1.6. The variable $ad_id is spliced directly in uploads/admin/ad.php in the admin folder, and is not wrapped in single quotes, resulting in injection around the escape of magic quotes.
4 CVE-2019-10232 89 Sql 2019-03-27 2019-03-28
7.5
None Remote Low Not required Partial Partial Partial
Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php.
5 CVE-2019-9918 89 Sql 2019-03-29 2019-10-09
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database.
6 CVE-2019-9762 89 Sql 2019-03-14 2019-03-14
7.5
None Remote Low Not required Partial Partial Partial
A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id. The vulnerability does not need any authentication.
7 CVE-2019-9693 89 Sql 2019-03-11 2019-03-12
6.5
None Remote Low ??? Partial Partial Partial
In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id), _AdjustNameSeq (parameter shownumber), _Updatepicture (parameter picture_id), and _Deletepicture (parameter picture_id).
8 CVE-2019-9626 89 Sql 2019-03-07 2019-03-07
7.5
None Remote Low Not required Partial Partial Partial
PHPSHE 1.7 allows module/index/cart.php pintuan_id SQL Injection to index.php.
9 CVE-2019-9615 89 Sql 2019-03-06 2019-03-07
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in OFCMS before 1.1.3. It allows admin/system/generate/create?sql= SQL injection, related to SystemGenerateController.java.
10 CVE-2019-9594 89 Sql 2019-03-06 2019-03-07
7.5
None Remote Low Not required Partial Partial Partial
BlueCMS 1.6 allows SQL Injection via the user_id parameter in an uploads/admin/user.php?act=edit request.
11 CVE-2019-9568 89 Sql 2019-03-04 2019-03-07
4.0
None Remote Low ??? Partial None None
The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has SQL Injection via the wp-admin/admin.php?page=forminator-entries entry[] parameter if the attacker has the delete permission.
12 CVE-2019-9566 89 Sql 2019-03-04 2019-03-05
7.5
None Remote Low Not required Partial Partial Partial
FlarumChina v0.1.0-beta.7C has SQL injection via a /?q= request.
13 CVE-2019-9204 89 Exec Code Sql 2019-03-28 2019-04-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands.
14 CVE-2019-9165 89 Exec Code Sql 2019-03-28 2019-04-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id.
15 CVE-2019-9083 89 Sql 2019-03-21 2019-03-25
7.5
None Remote Low Not required Partial Partial Partial
SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanager/main.php dbsel parameter. NOTE: This product is discontinued.
16 CVE-2019-9053 89 Sql 2019-03-26 2019-04-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
17 CVE-2019-6491 89 Sql 2019-03-21 2019-03-25
6.5
None Remote Low ??? Partial Partial Partial
RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection.
18 CVE-2019-5722 89 Sql 2019-03-21 2019-03-22
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Due to a lack of user input validation in parameter handling, it has various SQL injections, including on the login form, and on the search form for a key ring number.
19 CVE-2019-4032 89 Sql 2019-03-05 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-ForceID: 155998.
20 CVE-2018-20678 89 Sql 2019-03-28 2019-03-28
6.5
None Remote Low ??? Partial Partial Partial
LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search.
21 CVE-2018-20556 89 Exec Code Sql 2019-03-21 2019-05-09
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the booking_id parameter.
22 CVE-2018-19513 532 Sql 2019-03-21 2019-03-22
5.0
None Remote Low Not required Partial None None
In Webgalamb through 7.0, log files are exposed to the internet with predictable files/logs/sql_error_log/YYYY-MM-DD-sql_error_log.log filenames. The log file could contain sensitive client data (email addresses) and also facilitates exploitation of SQL injection errors.
23 CVE-2018-19510 89 Sql 2019-03-21 2019-03-21
7.5
None Remote Low Not required Partial Partial Partial
subscriber.php in Webgalamb through 7.0 is vulnerable to SQL injection via the Client-IP HTTP request header.
24 CVE-2018-18798 89 Sql 2019-03-21 2019-03-28
7.5
None Remote Low Not required Partial Partial Partial
Attendance Monitoring System 1.0 has SQL Injection via the 'id' parameter to student/index.php?view=view, event/index.php?view=view, and user/index.php?view=view.
25 CVE-2018-17988 89 Sql 2019-03-07 2021-08-20
7.5
None Remote Low Not required Partial Partial Partial
LayerBB 1.1.1 and 1.1.3 has SQL Injection via the search.php search_query parameter.
26 CVE-2018-17420 89 Sql 2019-03-07 2019-03-08
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywords parameter.
27 CVE-2018-17416 89 Sql 2019-03-07 2019-03-08
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid parameter.
28 CVE-2018-17415 89 Sql 2019-03-07 2019-03-08
6.5
None Remote Low ??? Partial Partial Partial
zzcms V8.3 has a SQL injection in /user/zs_elite.php via the id parameter.
29 CVE-2018-17414 89 Sql 2019-03-07 2019-03-08
6.5
None Remote Low ??? Partial Partial Partial
zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass parameter.
30 CVE-2018-17412 89 Sql 2019-03-07 2019-03-08
7.5
None Remote Low Not required Partial Partial Partial
zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For HTTP header.
31 CVE-2018-16809 89 Sql 2019-03-07 2019-03-08
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.
32 CVE-2018-6330 89 Sql 2019-03-28 2019-03-28
6.5
None Remote Low ??? Partial Partial Partial
Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.
Total number of vulnerabilities : 32   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.