CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2019(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2017-18573 89 Sql 2019-08-22 2019-08-26
7.5
None Remote Low Not required Partial Partial Partial
The simple-login-log plugin before 1.1.2 for WordPress has SQL injection.
452 CVE-2017-18571 89 Sql 2019-08-22 2019-08-26
7.5
None Remote Low Not required Partial Partial Partial
The search-everything plugin before 8.1.7 for WordPress has SQL injection related to WordPress 4.7.x, a different vulnerability than CVE-2014-2316.
453 CVE-2017-18570 89 Sql 2019-08-22 2019-08-23
7.5
None Remote Low Not required Partial Partial Partial
The cforms2 plugin before 14.13 for WordPress has SQL injection in the tracking DB GUI via Delete Entries or Download Entries.
454 CVE-2017-18548 89 Sql 2019-08-16 2019-08-16
7.5
None Remote Low Not required Partial Partial Partial
The note-press plugin before 0.1.2 for WordPress has SQL injection.
455 CVE-2017-18515 89 Sql 2019-08-14 2019-08-16
7.5
None Remote Low Not required Partial Partial Partial
The wp-statistics plugin before 12.0.8 for WordPress has SQL injection.
456 CVE-2017-18514 89 Sql 2019-08-14 2020-01-07
7.5
None Remote Low Not required Partial Partial Partial
The simple-login-log plugin before 1.1.2 for WordPress has SQL injection.
457 CVE-2017-18406 89 Sql 2019-08-02 2019-08-12
5.0
None Remote Low Not required None Partial None
cPanel before 67.9999.103 allows SQL injection during eximstats processing (SEC-276).
458 CVE-2017-18362 89 Exec Code Sql 2019-02-05 2019-02-22
7.5
None Remote Low Not required Partial Partial Partial
ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all endpoints managed by the VSA server. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run arbitrary SQL queries, both read and write, without authentication.
459 CVE-2017-18346 89 Exec Code Sql 2019-07-03 2019-07-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in /wbg/core/_includes/authorization.inc.php in CMS Web-Gooroo through 2013-01-19 allows remote attackers to execute arbitrary SQL commands via the wbg_login parameter.
460 CVE-2017-16558 89 Sql 2019-04-25 2019-04-26
7.5
None Remote Low Not required Partial Partial Partial
Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.
461 CVE-2017-14851 89 Sql Bypass 2019-06-03 2019-06-04
7.5
None Remote Low Not required Partial Partial Partial
A SQL injection vulnerability exists in all Orpak SiteOmat versions prior to 2017-09-25. The vulnerability is in the login page, where the authentication validation process contains an insecure SELECT query. The attack allows for authentication bypass.
462 CVE-2017-12761 89 Sql 2019-05-09 2019-05-10
5.0
None Remote Low Not required Partial None None
http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by: SQL Injection. The impact is: Arbitrary File Download (remote). The component is: $file = $_GET['id'] in download.php. The attack vector is: http://speicher.example.com/envato/codecanyon/demo/web-file-explorer/download.php?id=WebExplorer/../config.php.
463 CVE-2017-12760 89 Exec Code Sql 2019-05-09 2019-05-10
6.5
None Remote Low ??? Partial Partial Partial
Ynet Interactive - http://demo.ynetinteractive.com/mobiketa/ Mobiketa 4.0 is affected by: SQL Injection. The impact is: Code execution (remote).
464 CVE-2017-12759 89 Exec Code Sql 2019-05-09 2019-05-13
7.5
None Remote Low Not required Partial Partial Partial
Ynet Interactive - http://demo.ynetinteractive.com/soa/ SOA School Management 3.0 is affected by: SQL Injection. The impact is: Code execution (remote).
465 CVE-2017-12758 89 Exec Code Sql 2019-05-09 2019-05-09
7.5
None Remote Low Not required Partial Partial Partial
https://www.joomlaextensions.co.in/ Joomla! Component Appointment 1.1 is affected by: SQL Injection. The impact is: Code execution (remote). The component is: com_appointment component.
466 CVE-2017-12757 89 Exec Code Sql 2019-05-09 2019-05-10
7.5
None Remote Low Not required Partial Partial Partial
Certain Ambit Technologies Pvt. Ltd products are affected by: SQL Injection. This affects iTech B2B Script 4.42i and Tech Business Networking Script 8.26i and Tech Caregiver Script 2.71i and Tech Classifieds Script 7.41i and Tech Dating Script 3.40i and Tech Freelancer Script 5.27i and Tech Image Sharing Script 4.13i and Tech Job Script 9.27i and Tech Movie Script 7.51i and Tech Multi Vendor Script 6.63i and Tech Social Networking Script 3.08i and Tech Travel Script 9.49. The impact is: Code execution (remote).
467 CVE-2017-11738 89 Sql 2019-05-23 2020-07-27
6.8
None Remote Medium Not required Partial Partial Partial
In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack.
468 CVE-2017-11559 89 Sql 2019-05-23 2019-05-24
5.0
None Remote Low Not required Partial None None
An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiKey' parameter of "/api/json/admin/getmailserversettings" and "/api/json/dashboard/gotoverviewlist" is vulnerable to a Blind SQL Injection attack.
469 CVE-2016-1000271 89 Sql 2019-02-04 2019-02-22
7.5
None Remote Low Not required Partial Partial Partial
Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an SQL injection in "/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events". This attack appears to be exploitable if the attacker can reach the web server.
470 CVE-2016-11000 89 Sql 2019-09-20 2019-09-20
7.5
None Remote Low Not required Partial Partial Partial
The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter.
471 CVE-2016-10951 89 Sql 2019-09-13 2019-09-16
6.5
None Remote Low ??? Partial Partial Partial
The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter.
472 CVE-2016-10950 89 Sql 2019-09-13 2019-09-16
6.5
None Remote Low ??? Partial Partial Partial
The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter.
473 CVE-2016-10949 89 Sql 2019-09-13 2019-09-16
6.8
None Remote Medium Not required Partial Partial Partial
The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization.
474 CVE-2016-10947 89 Sql 2019-09-13 2019-09-13
6.5
None Remote Low ??? Partial Partial Partial
The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin.
475 CVE-2016-10943 89 Sql 2019-09-13 2019-09-13
6.5
None Remote Low ??? Partial Partial Partial
The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter.
476 CVE-2016-10942 89 Sql CSRF 2019-09-13 2019-09-13
7.5
None Remote Low Not required Partial Partial Partial
The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF.
477 CVE-2016-10940 89 Sql 2019-09-13 2019-09-13
6.5
None Remote Low ??? Partial Partial Partial
The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter.
478 CVE-2016-10939 89 Sql 2019-09-13 2019-09-13
6.5
None Remote Low ??? Partial Partial Partial
The xtremelocator plugin 1.5 for WordPress has SQL injection via the id parameter.
479 CVE-2016-10921 89 Sql 2019-08-22 2019-08-26
7.5
None Remote Low Not required Partial Partial Partial
The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL injection.
480 CVE-2016-10917 89 Sql 2019-08-22 2019-08-26
7.5
None Remote Low Not required Partial Partial Partial
The search-everything plugin before 8.1.6 for WordPress has SQL injection related to empty search strings, a different vulnerability than CVE-2014-2316.
481 CVE-2016-10916 89 Sql 2019-08-22 2019-08-26
7.5
None Remote Low Not required Partial Partial Partial
The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319.
482 CVE-2016-10909 89 Sql 2019-08-21 2019-08-21
7.5
None Remote Low Not required Partial Partial Partial
The booking-calendar-contact-form plugin before 1.0.24 for WordPress has SQL injection.
483 CVE-2016-10904 89 Sql 2019-08-16 2019-08-21
7.5
None Remote Low Not required Partial Partial Partial
The olimometer plugin before 2.57 for WordPress has SQL injection.
484 CVE-2016-10889 89 Sql 2019-08-14 2019-08-16
7.5
None Remote Low Not required Partial Partial Partial
The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name.
485 CVE-2016-10888 89 Sql 2019-08-14 2019-08-19
7.5
None Remote Low Not required Partial Partial Partial
The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues.
486 CVE-2016-10887 89 Sql 2019-08-14 2019-08-19
7.5
None Remote Low Not required Partial Partial Partial
The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPress has multiple SQL injection issues.
487 CVE-2016-10839 89 Sql 2019-08-01 2019-08-13
5.5
None Remote Low ??? Partial Partial None
cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usernames (SEC-71).
488 CVE-2016-10817 89 Sql 2019-08-01 2019-08-06
10.0
None Remote Low Not required Complete Complete Complete
cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123).
489 CVE-2016-10755 89 Sql 2019-05-24 2019-05-29
4.0
None Remote Low ??? Partial None None
AbanteCart 1.2.8 allows SQL Injection via the source_language parameter to admin/controller/pages/localisation/language.php and core/lib/language_manager.php, or via POST data to admin/controller/pages/tool/backup.php and admin/model/tool/backup.php.
490 CVE-2016-10754 89 Sql 2019-05-24 2019-05-29
6.5
None Remote Low ??? Partial Partial Partial
modules/Calendar/Activity.php in Vtiger CRM 6.5.0 allows SQL injection via the contactidlist parameter.
491 CVE-2016-10753 502 Sql 2019-05-24 2019-05-29
6.5
None Remote Low ??? Partial Partial Partial
e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.
492 CVE-2016-8898 89 Sql 2019-05-24 2019-05-28
7.5
None Remote Low Not required Partial Partial Partial
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php.
493 CVE-2016-8897 89 Sql 2019-05-23 2019-05-24
7.5
None Remote Low Not required Partial Partial Partial
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php.
494 CVE-2015-9496 89 Sql 2019-10-22 2019-10-24
6.5
None Remote Low ??? Partial Partial Partial
The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring.
495 CVE-2015-9467 89 Sql 2019-10-10 2019-10-11
7.5
None Remote Low Not required Partial Partial Partial
The broken-link-manager plugin before 0.5.0 for WordPress has wpslDelURL or wpslEditURL SQL injection via the url parameter.
496 CVE-2015-9466 89 Sql 2019-10-10 2019-10-17
7.5
None Remote Low Not required Partial Partial Partial
The wti-like-post plugin before 1.4.3 for WordPress has WtiLikePostProcessVote SQL injection via the HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED, HTTP_FORWARDED_FOR, or HTTP_FORWARDED variable.
497 CVE-2015-9465 89 Sql 2019-10-10 2019-10-15
6.5
None Remote Low ??? Partial Partial Partial
The yet-another-stars-rating plugin before 0.9.1 for WordPress has yasr_get_multi_set_values_and_field SQL injection via the set_id parameter.
498 CVE-2015-9462 89 Sql 2019-10-10 2019-10-15
6.5
None Remote Low ??? Partial Partial Partial
The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_category_page SQL injection via the cat_id parameter.
499 CVE-2015-9461 89 Sql 2019-10-10 2019-10-11
6.5
None Remote Low ??? Partial Partial Partial
The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_portfolio_item_page SQL injection via the item_id parameter.
500 CVE-2015-9460 89 Sql 2019-10-10 2019-10-15
6.5
None Remote Low ??? Partial Partial Partial
The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter.
Total number of vulnerabilities : 551   Page : 1 2 3 4 5 6 7 8 9 10 (This Page)11 12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.