CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2019(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
501 CVE-2015-9458 89 Sql CSRF 2019-10-10 2019-10-11
6.5
None Remote Low ??? Partial Partial Partial
The searchterms-tagging-2 plugin through 1.535 for WordPress has SQL injection via the pk_stt2_db_get_popular_terms count parameter exploitable via CSRF.
502 CVE-2015-9457 89 Sql 2019-10-10 2019-10-16
6.5
None Remote Low ??? Partial Partial Partial
The pretty-link plugin before 1.6.8 for WordPress has PrliLinksController::list_links SQL injection via the group parameter.
503 CVE-2015-9454 89 Sql 2019-10-07 2019-10-10
6.5
None Remote Low ??? Partial Partial Partial
The smooth-slider plugin before 2.7 for WordPress has SQL Injection via the wp-admin/admin.php?page=smooth-slider-admin current_slider_id parameter.
504 CVE-2015-9452 89 Sql 2019-10-07 2019-10-08
7.5
None Remote Low Not required Partial Partial Partial
The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter.
505 CVE-2015-9451 89 Sql 2019-10-07 2019-10-08
7.5
None Remote Low Not required Partial Partial Partial
The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_mailchimp pmfb_tid parameter.
506 CVE-2015-9450 89 Sql 2019-10-07 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_cc pmfb_tid parameter.
507 CVE-2015-9449 89 Sql 2019-09-26 2019-09-26
6.5
None Remote Low ??? Partial Partial Partial
The microblog-poster plugin before 1.6.2 for WordPress has SQL Injection via the wp-admin/options-general.php?page=microblogposter.php account_id parameter.
508 CVE-2015-9448 89 Sql 2019-09-26 2019-09-26
6.5
None Remote Low ??? Partial Partial Partial
The sendpress plugin before 1.2 for WordPress has SQL Injection via the wp-admin/admin.php?page=sp-queue listid parameter.
509 CVE-2015-9447 352 Sql CSRF 2019-09-26 2019-09-27
4.3
None Remote Medium Not required None Partial None
The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin.php galleryid or id parameters.
510 CVE-2015-9446 89 Sql 2019-09-26 2019-09-26
6.5
None Remote Low ??? Partial Partial Partial
The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php.
511 CVE-2015-9445 352 Sql CSRF 2019-09-26 2019-09-26
6.8
None Remote Medium Not required Partial Partial Partial
The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation.
512 CVE-2015-9400 89 Sql 2019-09-20 2019-09-20
6.5
None Remote Low ??? Partial Partial Partial
The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection.
513 CVE-2015-9399 89 Sql 2019-09-20 2019-09-20
6.5
None Remote Low ??? Partial Partial Partial
The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection.
514 CVE-2015-9398 89 Sql 2019-09-20 2019-09-20
6.5
None Remote Low ??? Partial Partial Partial
The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection.
515 CVE-2015-9395 89 Sql 2019-09-20 2019-09-20
6.5
None Remote Low ??? Partial Partial Partial
The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action.
516 CVE-2015-9353 89 Sql 2019-08-28 2019-09-09
6.5
None Remote Low ??? Partial Partial Partial
The gigpress plugin before 2.3.11 for WordPress has SQL injection in the admin area, a different vulnerability than CVE-2015-4066.
517 CVE-2015-9352 89 Sql 2019-08-27 2019-08-28
7.5
None Remote Low Not required Partial Partial Partial
The wp-polls plugin before 2.72 for WordPress has SQL injection.
518 CVE-2015-9344 89 Sql 2019-08-27 2019-09-04
7.5
None Remote Low Not required Partial Partial Partial
The link-log plugin before 2.1 for WordPress has SQL injection.
519 CVE-2015-9335 89 Sql 2019-08-22 2019-08-26
7.5
None Remote Low Not required Partial Partial Partial
The limit-attempts plugin before 1.1.1 for WordPress has SQL injection during IP address handling.
520 CVE-2015-9334 89 Sql 2019-08-22 2019-08-29
7.5
None Remote Low Not required Partial Partial Partial
The email-newsletter plugin through 20.15 for WordPress has SQL injection.
521 CVE-2015-9333 89 Sql 2019-08-22 2019-09-30
7.5
None Remote Low Not required Partial Partial Partial
The cforms2 plugin before 14.6.10 for WordPress has SQL injection.
522 CVE-2015-9330 89 Sql 2019-08-20 2019-08-22
7.5
None Remote Low Not required Partial Partial Partial
The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection.
523 CVE-2015-9326 89 Sql 2019-08-16 2019-08-21
7.5
None Remote Low Not required Partial Partial Partial
The wp-business-intelligence-lite plugin before 1.6.3 for WordPress has SQL injection.
524 CVE-2015-9325 89 Sql 2019-08-16 2019-08-21
7.5
None Remote Low Not required Partial Partial Partial
The visitors-online plugin before 0.4 for WordPress has SQL injection.
525 CVE-2015-9324 89 Sql 2019-08-16 2021-11-02
7.5
None Remote Low Not required Partial Partial Partial
The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection.
526 CVE-2015-9323 89 Sql 2019-08-16 2019-08-21
7.5
None Remote Low Not required Partial Partial Partial
The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.
527 CVE-2015-9316 89 Sql 2019-08-14 2019-08-19
7.5
None Remote Low Not required Partial Partial Partial
The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request via the poll_id parameter.
528 CVE-2015-9315 89 Sql 2019-08-14 2019-08-16
7.5
None Remote Low Not required Partial Partial Partial
The newstatpress plugin before 1.0.1 for WordPress has SQL injection.
529 CVE-2015-9313 89 Sql 2019-08-14 2019-08-16
7.5
None Remote Low Not required Partial Partial Partial
The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element.
530 CVE-2015-9310 89 Sql 2019-08-14 2019-08-19
7.5
None Remote Low Not required Partial Partial Partial
The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues.
531 CVE-2015-9301 89 Sql 2019-08-13 2019-09-09
7.5
None Remote Low Not required Partial Partial Partial
The liveforms plugin before 3.2.0 for WordPress has SQL injection.
532 CVE-2015-5591 89 Exec Code Sql 2019-12-31 2020-01-06
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in Zenphoto before 1.4.9 allow remote administrators to execute arbitrary SQL commands.
533 CVE-2015-4615 89 Sql 2019-02-15 2019-02-19
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables
534 CVE-2015-3424 89 Exec Code Sql 2019-12-09 2019-12-11
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to execute arbitrary SQL commands via the SIDX parameter.
535 CVE-2015-0270 89 Sql 2019-10-25 2019-10-30
7.5
None Remote Low Not required Partial Partial Partial
Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter.
536 CVE-2014-10387 89 Sql 2019-08-22 2019-08-26
7.5
None Remote Low Not required Partial Partial Partial
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection.
537 CVE-2014-10379 89 Sql 2019-08-21 2019-08-22
7.5
None Remote Low Not required Partial Partial Partial
The duplicate-post plugin before 2.6 for WordPress has SQL injection.
538 CVE-2014-10376 89 Sql 2019-08-16 2019-08-21
7.5
None Remote Low Not required Partial Partial Partial
The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection.
539 CVE-2014-7257 89 Sql 2019-12-11 2019-12-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in DBD::PgPP 0.05 and earlier
540 CVE-2013-5743 89 Sql 2019-12-11 2019-12-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.
541 CVE-2013-2745 89 Sql 2019-12-04 2019-12-10
7.5
None Remote Low Not required Partial Partial Partial
An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0
542 CVE-2013-2738 89 Sql 2019-11-01 2019-11-04
7.5
None Remote Low Not required Partial Partial Partial
minidlna has SQL Injection that may allow retrieval of arbitrary files
543 CVE-2013-2091 89 Exec Code Sql 2019-11-20 2019-11-21
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php.
544 CVE-2012-6719 89 Sql 2019-08-28 2019-08-28
7.5
None Remote Low Not required Partial Partial Partial
The sharebar plugin before 1.2.2 for WordPress has SQL injection.
545 CVE-2011-3584 89 Sql 2019-11-26 2019-12-05
7.5
None Remote Low Not required Partial Partial Partial
The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input.
546 CVE-2011-3583 89 Sql 2019-11-26 2019-12-05
7.5
None Remote Low Not required Partial Partial Partial
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.
547 CVE-2011-2936 89 Sql 2019-11-12 2019-11-12
7.5
None Remote Low Not required Partial Partial Partial
Elgg through 1.7.10 has a SQL injection vulnerability
548 CVE-2011-1939 89 Sql 2019-11-26 2019-12-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6.
549 CVE-2011-1933 89 Sql 2019-11-26 2020-01-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Jifty::DBI before 0.68.
550 CVE-2010-3662 89 Sql 2019-11-04 2019-11-05
6.5
None Remote Low ??? Partial Partial Partial
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend.
Total number of vulnerabilities : 551   Page : 1 2 3 4 5 6 7 8 9 10 11 (This Page)12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.