CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2019(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2019-15563 89 Sql 2019-08-26 2019-08-29
7.5
None Remote Low Not required Partial Partial Partial
Observational Health Data Sciences and Informatics (OHDSI) WebAPI before 2.7.2 allows SQL injection in FeatureExtractionService.java.
102 CVE-2019-15562 89 Sql Bypass 2019-08-26 2021-03-30
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** GORM before 1.9.10 allows SQL injection via incomplete parentheses. NOTE: Misusing Gorm by passing untrusted user input where Gorm expects trusted SQL fragments is a vulnerability in the application, not in Gorm.
103 CVE-2019-15561 89 Sql 2019-08-26 2019-08-28
7.5
None Remote Low Not required Partial Partial Partial
FlashLingo before 2019-06-12 allows SQL injection, related to flashlingo.js and db.js.
104 CVE-2019-15560 89 Sql 2019-08-26 2019-09-03
7.5
None Remote Low Not required Partial Partial Partial
The Reviews Module before 2019-06-14 for OpenSource Table allows SQL injection in database/index.js.
105 CVE-2019-15559 89 Sql 2019-08-26 2019-08-29
7.5
None Remote Low Not required Partial Partial Partial
DianoxDragon Hawn before 2019-07-10 allows SQL injection.
106 CVE-2019-15558 89 Sql 2019-08-26 2019-08-30
7.5
None Remote Low Not required Partial Partial Partial
XM^online 2 Common Utils and Endpoints 0.2.1 allows SQL injection, related to Constants.java, DropSchemaResolver.java, and SchemaChangeResolver.java.
107 CVE-2019-15557 89 Sql 2019-08-26 2019-09-03
7.5
None Remote Low Not required Partial Partial Partial
XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key.
108 CVE-2019-15556 89 Sql 2019-08-26 2019-08-28
7.5
None Remote Low Not required Partial Partial Partial
Pvanloon1983 social_network before 2019-07-03 allows SQL injection in includes/form_handlers/register_handler.php.
109 CVE-2019-15555 89 Sql 2019-08-26 2019-09-03
7.5
None Remote Low Not required Partial Partial Partial
FredReinink Wellness-app before 2019-06-19 allows SQL injection, related to dietTrack.php, exerciseGenerator.php, fitnessTrack.php, and server.php.
110 CVE-2019-15537 89 Sql 2019-08-23 2019-08-28
7.5
None Remote Low Not required Partial Partial Partial
The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php.
111 CVE-2019-15536 89 Sql 2019-08-23 2019-08-29
7.5
None Remote Low Not required Partial Partial Partial
The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via delete_records.
112 CVE-2019-15535 89 Sql 2019-08-23 2019-08-26
7.5
None Remote Low Not required Partial Partial Partial
Tasking Manager before 3.4.0 allows SQL Injection via custom SQL.
113 CVE-2019-15534 89 Sql 2019-08-26 2019-08-26
7.5
None Remote Low Not required Partial Partial Partial
Raml-Module-Builder 26.4.0 allows SQL Injection in PostgresClient.update.
114 CVE-2019-15533 89 Sql 2019-08-26 2019-08-30
7.5
None Remote Low Not required Partial Partial Partial
XENFCoreSharp before 2019-07-16 allows SQL injection in web/verify.php.
115 CVE-2019-15301 89 Exec Code Sql 2019-09-18 2019-09-19
7.5
None Remote Low Not required Partial Partial Partial
A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm'online CRM-System SDK 7.13 allows attackers to execute arbitrary SQL commands via the value parameter.
116 CVE-2019-15300 89 Sql 2019-11-27 2019-12-09
6.5
None Remote Low ??? Partial Partial Partial
A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query.
117 CVE-2019-15105 89 Sql 2019-08-16 2019-08-26
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in Zoho ManageEngine Application Manager through 14.2. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature.
118 CVE-2019-15104 89 Sql 2019-08-16 2019-08-26
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in Zoho ManageEngine OpManager through 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature.
119 CVE-2019-15025 89 Sql 2019-08-14 2019-08-20
7.5
None Remote Low Not required Partial Partial Partial
The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page.
120 CVE-2019-15016 89 Sql 2019-10-09 2020-02-17
6.5
None Remote Low ??? Partial Partial Partial
An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database.
121 CVE-2019-14968 89 Sql 2019-08-12 2019-08-15
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action.
122 CVE-2019-14966 89 Sql 2019-08-12 2019-08-16
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. There exists an authenticated SQL injection.
123 CVE-2019-14937 89 Sql 2019-08-17 2019-08-27
6.0
None Remote Medium ??? Partial Partial Partial
REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data.
124 CVE-2019-14801 89 Sql 2019-08-09 2019-08-14
7.5
None Remote Low Not required Partial Partial Partial
The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows email subscription SQL injection.
125 CVE-2019-14754 89 Sql 2019-08-08 2019-08-14
7.5
None Remote Low Not required Partial Partial Partial
Open-School 3.0, and Community Edition 2.3, allows SQL Injection via the index.php?r=students/students/document id parameter.
126 CVE-2019-14702 89 Sql 2019-08-06 2019-08-13
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. SQL injection vulnerabilities exist in 13 forms that are reachable through HTTPD. An attacker can, for example, create an admin account.
127 CVE-2019-14695 89 Exec Code Sql 2019-08-06 2019-08-13
7.5
None Remote Low Not required Partial Partial Partial
A SQL injection vulnerability exists in the Sygnoos Popup Builder plugin before 3.45 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via com/libs/Table.php because Subscribers Table ordering is mishandled.
128 CVE-2019-14529 89 Sql 2019-08-02 2019-08-13
7.5
None Remote Low Not required Partial Partial Partial
OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php.
129 CVE-2019-14430 89 Sql 2019-08-20 2019-08-26
5.0
None Remote Low Not required Partial None None
plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows SQL Injection.
130 CVE-2019-14348 89 Sql 2019-08-05 2019-08-09
7.5
None Remote Low Not required Partial Partial Partial
The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via the joomsport_season/new-yorkers/?action=playerlist sid parameter.
131 CVE-2019-14314 89 Exec Code Sql 2019-08-27 2019-12-16
7.5
None Remote Low Not required Partial Partial Partial
A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.11 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via modules/nextgen_gallery_display/package.module.nextgen_gallery_display.php.
132 CVE-2019-14313 89 Exec Code Sql 2019-07-30 2019-08-13
10.0
None Remote Low Not required Complete Complete Complete
A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php.
133 CVE-2019-14266 89 Sql 2019-07-25 2019-07-29
6.5
None Remote Low ??? Partial Partial Partial
OpenSNS v6.1.0 allows SQL Injection via the index.php?s=/ucenter/Config/ uid parameter because of the getNeedQueryData function in Application/Common/Model/UserModel.class.php.
134 CVE-2019-14254 89 Sql 2019-09-18 2019-09-19
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the secure portal in Publisure 2.1.2. Because SQL queries are not well sanitized, there are multiple SQL injections in userAccFunctions.php functions. Using this, an attacker can access passwords and/or grant access to the user account "user" in order to become "Administrator" (for example).
135 CVE-2019-14234 89 Sql 2019-08-09 2019-08-28
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.
136 CVE-2019-14231 89 Exec Code Sql 2019-07-21 2019-07-23
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin before 1.2.2 for WordPress. One could exploit the points parameter in the ob_get_results ajax nopriv handler due to there being no sanitization prior to use in a SQL query in getResultByPointsTrivia. This allows an unauthenticated/unprivileged user to perform a SQL injection attack capable of remote code execution and information disclosure.
137 CVE-2019-14230 89 Exec Code Sql 2019-07-21 2019-07-23
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin before 1.2.7 for WordPress. One could exploit the id parameter in the set_count ajax nopriv handler due to there being no sanitization prior to use in a SQL query in saveQuestionVote. This allows an unauthenticated/unprivileged user to perform a SQL injection attack capable of remote code execution and information disclosure.
138 CVE-2019-13978 89 Sql 2019-07-19 2019-07-27
6.5
None Remote Low ??? Partial Partial Partial
Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request.
139 CVE-2019-13969 89 Sql 2019-07-19 2019-07-19
6.5
None Remote Low ??? Partial Partial Partial
Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1 request.
140 CVE-2019-13957 89 Sql 2019-10-02 2019-10-04
7.5
None Remote Low Not required Partial Partial Partial
In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter.
141 CVE-2019-13578 89 Exec Code Sql 2019-08-15 2019-08-22
7.5
None Remote Low Not required Partial Partial Partial
A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php.
142 CVE-2019-13575 89 Exec Code Sql 2019-07-18 2019-07-19
7.5
None Remote Low Not required Partial Partial Partial
A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/evf-entry-functions.php
143 CVE-2019-13573 89 Exec Code Sql 2019-07-17 2019-07-31
10.0
None Remote Low Not required Complete Complete Complete
A SQL injection vulnerability exists in the FolioVision FV Flowplayer Video Player plugin before 7.3.19.727 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.
144 CVE-2019-13572 89 Sql 2019-08-01 2019-08-13
7.5
None Remote Low Not required Partial Partial Partial
The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection.
145 CVE-2019-13571 89 Exec Code Sql 2019-07-29 2019-08-06
7.5
None Remote Low Not required Partial Partial Partial
A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.
146 CVE-2019-13570 89 Sql 2019-07-23 2019-07-31
6.5
None Remote Low ??? Partial Partial Partial
The AJdG AdRotate plugin before 5.3 for WordPress allows SQL Injection.
147 CVE-2019-13569 89 Exec Code Sql 2019-07-19 2019-07-31
10.0
None Remote Low Not required Complete Complete Complete
A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.
148 CVE-2019-13507 89 Sql 2019-07-11 2019-07-14
7.5
None Remote Low Not required Partial Partial Partial
hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection.
149 CVE-2019-13489 89 Sql 2019-07-10 2019-07-14
7.5
None Remote Low Not required Partial Partial Partial
Trape through 2019-05-08 has SQL injection via the data[2] variable in core/db.py, as demonstrated by the /bs t parameter.
150 CVE-2019-13462 89 Sql 2019-08-12 2019-08-15
6.4
None Remote Low Not required Partial Partial None
Lansweeper before 7.1.117.4 allows unauthenticated SQL injection.
Total number of vulnerabilities : 551   Page : 1 2 3 (This Page)4 5 6 7 8 9 10 11 12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.