CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2019(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2019-12149 89 Exec Code Sql 2019-06-11 2019-06-12
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in silverstripe/restfulserver module 1.0.x before 1.0.9, 2.0.x before 2.0.4, and 2.1.x before 2.1.2 and silverstripe/registry module 2.1.x before 2.1.1 and 2.2.x before 2.2.1 allows attackers to execute arbitrary SQL commands.
202 CVE-2019-11984 89 Exec Code Sql 2019-06-05 2019-06-07
9.0
None Remote Low ??? Complete Complete Complete
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
203 CVE-2019-11979 89 Exec Code Sql 2019-06-05 2019-06-07
9.0
None Remote Low ??? Complete Complete Complete
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
204 CVE-2019-11978 89 Exec Code Sql 2019-06-05 2019-06-07
9.0
None Remote Low ??? Complete Complete Complete
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
205 CVE-2019-11977 89 Exec Code Sql 2019-06-05 2019-06-07
9.0
None Remote Low ??? Complete Complete Complete
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
206 CVE-2019-11976 89 Exec Code Sql 2019-06-05 2019-06-07
9.0
None Remote Low ??? Complete Complete Complete
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
207 CVE-2019-11975 89 Exec Code Sql 2019-06-05 2019-06-07
9.0
None Remote Low ??? Complete Complete Complete
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
208 CVE-2019-11974 89 Exec Code Sql 2019-06-05 2019-06-07
9.0
None Remote Low ??? Complete Complete Complete
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
209 CVE-2019-11973 89 Exec Code Sql 2019-06-05 2019-06-07
9.0
None Remote Low ??? Complete Complete Complete
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
210 CVE-2019-11972 89 Exec Code Sql 2019-06-05 2019-06-07
9.0
None Remote Low ??? Complete Complete Complete
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
211 CVE-2019-11971 89 Exec Code Sql 2019-06-05 2019-06-07
9.0
None Remote Low ??? Complete Complete Complete
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
212 CVE-2019-11970 89 Exec Code Sql 2019-06-05 2019-06-07
9.0
None Remote Low ??? Complete Complete Complete
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
213 CVE-2019-11880 89 Sql 2019-05-22 2019-05-23
5.0
None Remote Low Not required Partial None None
CommSy through 8.6.5 has SQL Injection via the cid parameter. This is fixed in 9.2.
214 CVE-2019-11821 89 Exec Code Sql 2019-06-30 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter.
215 CVE-2019-11768 89 Sql 2019-06-05 2019-06-14
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature.
216 CVE-2019-11678 89 Sql 2019-05-02 2019-05-03
7.5
None Remote Low Not required Partial Partial Partial
The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection.
217 CVE-2019-11625 89 Sql +Info 2019-04-30 2019-05-01
4.0
None Remote Low ??? Partial None None
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/emailingRequest.php. A remote background administrator privilege user (or a user with permission to manage emailing) could exploit the vulnerability to obtain database sensitive information.
218 CVE-2019-11623 89 Sql +Info 2019-04-30 2019-05-01
4.0
None Remote Low ??? Partial None None
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=siteweb. A remote background administrator privilege user (or a user with permission to manage configuration siteweb) could exploit the vulnerability to obtain database sensitive information.
219 CVE-2019-11622 89 Sql +Info 2019-04-30 2019-05-01
4.0
None Remote Low ??? Partial None None
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. A remote background administrator privilege user (or a user with permission to manage modulecategory) could exploit the vulnerability to obtain database sensitive information via modulecategory_edit_titre.
220 CVE-2019-11621 89 Sql +Info 2019-04-30 2019-05-01
4.0
None Remote Low ??? Partial None None
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=network. A remote background administrator privilege user (or a user with permission to manage network configuration) could exploit the vulnerability to obtain database sensitive information.
221 CVE-2019-11620 89 Sql +Info 2019-04-30 2019-05-01
4.0
None Remote Low ??? Partial None None
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. A remote background administrator privilege user (or a user with permission to manage modulecategory) could exploit the vulnerability to obtain database sensitive information via modulecategory_add_titre.
222 CVE-2019-11619 89 Sql +Info 2019-04-30 2019-05-01
4.0
None Remote Low ??? Partial None None
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=analytics. A remote background administrator privilege user (or a user with permission to manage configuration analytics) could exploit the vulnerability to obtain database sensitive information.
223 CVE-2019-11614 89 Sql +Info 2019-04-30 2019-05-01
5.0
None Remote Low Not required Partial None None
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/commentView.php. A remote unauthorized attacker could exploit the vulnerability to obtain database sensitive information.
224 CVE-2019-11613 89 Sql +Info 2019-04-30 2019-05-01
4.0
None Remote Low ??? Partial None None
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/contactView.php. A remote normal registered user could exploit the vulnerability to obtain database sensitive information.
225 CVE-2019-11600 89 Exec Code Sql 2019-05-13 2019-05-14
6.8
None Remote Medium Not required Partial Partial Partial
A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access.
226 CVE-2019-11567 89 Sql 2019-04-27 2019-04-29
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in AikCms v2.0. There is a SQL Injection vulnerability via $_GET['del'], as demonstrated by an admin/page/system/nav.php?del= URI.
227 CVE-2019-11518 89 Sql 2019-04-25 2019-04-27
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in SEMCMS 3.8. SEMCMS_Inquiry.php allows AID[] SQL Injection because the class.phpmailer.php inject_check_sql protection mechanism is incomplete.
228 CVE-2019-11512 89 Sql 2019-07-09 2019-07-10
7.5
None Remote Low Not required Partial Partial Partial
Contao 4.x allows SQL Injection. Fixed in Contao 4.4.39 and Contao 4.7.5.
229 CVE-2019-11469 89 Sql 2019-04-23 2019-04-26
10.0
None Remote Low Not required Complete Complete Complete
Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the "Execute Program Action(s)" feature.
230 CVE-2019-11452 89 Sql 2019-04-22 2019-04-22
6.5
None Remote Low ??? Partial Partial Partial
whatsns 4.0 allows index.php?admin_category/remove.html cid[] SQL injection.
231 CVE-2019-11451 89 Sql 2019-04-22 2019-04-22
6.5
None Remote Low ??? Partial Partial Partial
whatsns 4.0 allows index.php?inform/add.html qid SQL injection.
232 CVE-2019-11450 89 Sql 2019-04-22 2019-04-22
7.5
None Remote Low Not required Partial Partial Partial
whatsns 4.0 allows index.php?question/ajaxadd.html title SQL injection.
233 CVE-2019-11448 89 Sql 2019-04-22 2019-05-06
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text to a .vbs file.
234 CVE-2019-11363 89 Exec Code Sql 2019-08-29 2019-09-03
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to execute arbitrary SQL commands via the AgentConsole/UserGroupQuery.php ShowUser parameter.
235 CVE-2019-11362 89 Sql 2019-04-20 2019-04-22
7.5
None Remote Low Not required Partial Partial Partial
app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL injection via the Post:doReward score paramter, as demonstrated by the /do/reward/3 URI.
236 CVE-2019-11196 89 +Priv Sql Bypass 2019-04-12 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
An authentication bypass vulnerability in all versions of ValuePLUS Integrated University Management System (IUMS) allows unauthenticated, remote attackers to gain administrator privileges via the Teachers Web Panel (TWP) User ID or Password field. If exploited, the attackers could perform any actions with administrator privileges (e.g., enumerate/delete all the students' personal information or modify various settings).
237 CVE-2019-11057 89 Exec Code Sql 2019-05-17 2020-11-10
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands.
238 CVE-2019-10916 89 Sql 2019-05-14 2021-10-28
9.0
None Remote Low ??? Complete Complete Complete
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An attacker with access to the project file could run arbitrary system commands with the privileges of the local database server. The vulnerability could be exploited by an attacker with access to the project file. The vulnerability does impact the confidentiality, integrity, and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.
239 CVE-2019-10913 79 Sql XSS 2019-05-16 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. This is related to symfony/http-foundation.
240 CVE-2019-10910 89 Exec Code Sql 2019-05-16 2021-09-29
7.5
None Remote Low Not required Partial Partial Partial
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection.
241 CVE-2019-10866 89 Sql 2019-05-23 2019-08-03
7.5
None Remote Low Not required Partial Partial Partial
In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function get_labels_parameters in the file form-maker/admin/models/Submissions_fm.php with a crafted value of the /models/Submissioc parameter.
242 CVE-2019-10852 89 Sql 2019-05-23 2019-11-12
6.5
None Remote Low ??? Partial Partial Partial
Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=start_pulling&id= substring.
243 CVE-2019-10766 89 Sql 2019-11-19 2019-11-20
7.5
None Remote Low Not required Partial Partial Partial
Pixie versions 1.0.x before 1.0.3, and 2.0.x before 2.0.2 allow SQL Injection in the limit() function due to improper sanitization.
244 CVE-2019-10763 89 Sql 2019-11-18 2020-03-18
4.0
None Remote Low ??? Partial None None
pimcore/pimcore before 6.3.0 is vulnerable to SQL Injection. An attacker with limited privileges (classes permission) can achieve a SQL injection that can lead in data leakage. The vulnerability can be exploited via 'id', 'storeId', 'pageSize' and 'tables' parameters, using a payload for trigger a time based or error based sql injection.
245 CVE-2019-10762 89 Sql 2019-10-30 2019-11-01
7.5
None Remote Low Not required Partial Partial Partial
columnQuote in medoo before 1.7.5 allows remote attackers to perform a SQL Injection due to improper escaping.
246 CVE-2019-10757 89 Sql 2019-10-08 2019-10-15
7.5
None Remote Low Not required Partial Partial Partial
knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB.
247 CVE-2019-10752 89 Sql 2019-10-17 2019-10-21
7.5
None Remote Low Not required Partial Partial Partial
Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite.
248 CVE-2019-10749 89 Sql 2019-10-29 2019-10-31
7.5
None Remote Low Not required Partial Partial Partial
sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect.
249 CVE-2019-10748 89 Sql 2019-10-29 2019-10-31
7.5
None Remote Low Not required Partial Partial Partial
Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects.
250 CVE-2019-10708 89 Sql 2019-04-02 2019-04-03
7.5
None Remote Low Not required Partial Partial Partial
S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter.
Total number of vulnerabilities : 551   Page : 1 2 3 4 5 (This Page)6 7 8 9 10 11 12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.