CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2019(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2019-7568 89 Sql 2019-02-07 2019-02-07
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in baijiacms V4 that can result in time-based blind SQL injection to get data via the cate parameter in an index.php?act=index request.
302 CVE-2019-7548 89 Sql 2019-02-06 2021-11-30
6.8
None Remote Medium Not required Partial Partial Partial
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
303 CVE-2019-7484 89 Sql 2019-12-19 2019-12-31
4.0
None Remote Low ??? Partial None None
Authenticated SQL Injection in SonicWall SMA100 allow user to gain read-only access to unauthorized resources using viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier.
304 CVE-2019-7481 89 Sql 2019-12-17 2021-09-14
5.0
None Remote Low Not required Partial None None
Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. This vulnerablity impacted SMA100 version 9.0.0.3 and earlier.
305 CVE-2019-7478 89 Sql 2019-12-31 2020-01-09
7.5
None Remote Low Not required Partial Partial Partial
A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulnerability affected GMS versions GMS 8.4, 8.5, 8.6, 8.7, 9.0 and 9.1.
306 CVE-2019-7316 89 Sql 2019-02-04 2020-10-07
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in CSS-TRICKS Chat2 through 2015-05-05. The userid parameter in jumpin.php has a SQL injection vulnerability.
307 CVE-2019-7164 89 Sql 2019-02-20 2021-12-03
7.5
None Remote Low Not required Partial Partial Partial
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
308 CVE-2019-7139 89 Sql 2019-04-10 2019-08-06
7.5
None Remote Low Not required Partial Partial Partial
An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
309 CVE-2019-7003 89 Exec Code Sql 2019-07-11 2019-10-09
6.4
None Remote Low Not required Partial Partial None
A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated.
310 CVE-2019-7001 89 Sql 2019-04-04 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affected versions of IP Office Contact Center include all 9.x and 10.x versions prior to 10.1.2.2.2-11201.1908. Unsupported versions not listed here were not evaluated.
311 CVE-2019-6805 89 Sql 2019-01-25 2019-01-25
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter.
312 CVE-2019-6798 89 Sql 2019-01-26 2019-01-28
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.
313 CVE-2019-6708 89 Sql 2019-01-23 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
PHPSHE 1.7 has SQL injection via the admin.php?mod=order state parameter.
314 CVE-2019-6707 89 Sql 2019-01-23 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
PHPSHE 1.7 has SQL injection via the admin.php?mod=product&act=state product_id[] parameter.
315 CVE-2019-6691 89 Sql 2019-01-23 2019-01-25
6.5
None Remote Low ??? Partial Partial Partial
phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb[] parameter, related to the "--backup database" option.
316 CVE-2019-6658 89 Sql 2019-11-01 2019-11-05
4.0
None Remote Low ??? Partial None None
On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a vulnerability in the AFM configuration utility may allow any authenticated BIG-IP user to run an SQL injection attack.
317 CVE-2019-6523 89 Sql 2019-02-05 2019-02-06
7.5
None Remote Low Not required Partial Partial Partial
WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands.
318 CVE-2019-6506 89 Sql 2019-04-02 2019-04-17
7.5
None Remote Low Not required Partial Partial Partial
SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL Injection.
319 CVE-2019-6497 89 Sql 2019-01-20 2019-01-23
7.5
None Remote Low Not required Partial Partial Partial
Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.
320 CVE-2019-6491 89 Sql 2019-03-21 2019-03-25
6.5
None Remote Low ??? Partial Partial Partial
RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection.
321 CVE-2019-6296 89 Sql 2019-01-15 2019-01-18
7.5
None Remote Low Not required Partial Partial Partial
Cleanto 5.0 has SQL Injection via the assets/lib/export_ajax.php id parameter.
322 CVE-2019-6295 89 Sql 2019-01-15 2019-01-18
7.5
None Remote Low Not required Partial Partial Partial
Cleanto 5.0 has SQL Injection via the assets/lib/service_method_ajax.php service_id parameter.
323 CVE-2019-6259 89 Sql 2019-01-14 2019-01-16
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter.
324 CVE-2019-6127 89 Exec Code Sql 2019-01-11 2019-01-23
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table[] SQL injection. This can be used for PHP code execution via "INTO OUTFILE" with a .php filename.
325 CVE-2019-6012 89 Exec Code Sql 2019-12-26 2020-01-03
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
326 CVE-2019-5996 89 Exec Code Sql 2019-09-12 2019-09-13
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the Video Insight VMS 7.3.2.5 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
327 CVE-2019-5991 89 Exec Code Sql 2019-09-12 2019-09-13
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
328 CVE-2019-5934 89 Exec Code Sql 2019-05-17 2019-05-20
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application 'logging'.
329 CVE-2019-5893 89 Sql 2019-01-10 2019-01-17
7.5
None Remote Low Not required Partial Partial Partial
Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/query/data.xml query parameter.
330 CVE-2019-5722 89 Sql 2019-03-21 2019-03-22
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Due to a lack of user input validation in parameter handling, it has various SQL injections, including on the login form, and on the search form for a key ring number.
331 CVE-2019-5720 89 Sql 2019-01-08 2019-01-30
7.5
None Remote Low Not required Partial Partial Partial
includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in the reference field that can allow the attacker to grab the entire database of the application via the void_transaction.php filterType parameter.
332 CVE-2019-5715 89 Sql 2019-04-11 2019-04-12
7.5
None Remote Low Not required Partial Partial Partial
All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject.
333 CVE-2019-5488 89 Sql 2019-01-07 2019-02-14
5.0
None Remote Low Not required Partial None None
EARCLINK ESPCMS-P8 has SQL injection in the install_pack/index.php?ac=Member&at=verifyAccount verify_key parameter. install_pack/espcms_public/espcms_db.php may allow retrieving sensitive information from the ESPCMS database.
334 CVE-2019-5476 89 Exec Code Sql 2019-08-07 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
An SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (running on https://lookup.nextcloud.com) caused unauthenticated users to be able to execute arbitrary SQL commands.
335 CVE-2019-5454 89 Sql 2019-07-30 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query is executed requiring to resetup the account.
336 CVE-2019-5151 89 DoS Exec Code Sql File Inclusion 2019-10-31 2019-11-04
7.5
None Remote Low Not required Partial Partial Partial
An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could potentially further lead to code execution. An attacker can send an HTTP request to trigger this vulnerability.
337 CVE-2019-5150 89 DoS Exec Code Sql File Inclusion 2019-10-31 2019-11-06
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. When the "VideoTags" plugin is enabled, a specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could potentially further lead to code execution. An attacker can send an HTTP request to trigger this vulnerability.
338 CVE-2019-5123 89 Sql 2019-10-25 2019-10-30
6.5
None Remote Low ??? Partial Partial Partial
Specially crafted web requests can cause SQL injections in YouPHPTube 7.6. An attacker can send a web request with Parameter dir in /objects/pluginSwitch.json.php.
339 CVE-2019-5122 89 Sql 2019-10-25 2019-10-30
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with Parameter name in /objects/pluginSwitch.json.php.
340 CVE-2019-5121 89 Sql 2019-10-25 2019-10-30
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with Parameter uuid in /objects/pluginSwitch.json.php
341 CVE-2019-5120 89 Sql 2019-10-25 2019-10-30
6.5
None Remote Low ??? Partial Partial Partial
An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configurations, access the underlying operating system.
342 CVE-2019-5119 89 Sql 2019-10-25 2019-10-30
6.5
None Remote Low ??? Partial Partial Partial
An exploitable SQL injection vulnerability exist in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configurations, access the underlying operating system.
343 CVE-2019-5117 89 Sql 2019-10-25 2019-10-30
6.5
None Remote Low ??? Partial Partial Partial
Exploitable SQL injection vulnerabilities exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configuration, access the underlying operating system.
344 CVE-2019-5116 89 Sql 2019-10-25 2019-10-30
6.5
None Remote Low ??? Partial Partial Partial
An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause a SQL injection. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configuration, access the underlying operating system.
345 CVE-2019-5114 89 Sql 2019-10-25 2019-10-30
6.5
None Remote Low ??? Partial Partial Partial
An exploitable SQL injection vulnerability exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and,in certain configuration, access the underlying operating system.
346 CVE-2019-5112 89 Sql 2019-12-03 2019-12-04
6.5
None Remote Low ??? Partial Partial Partial
Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_status was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.
347 CVE-2019-5111 89 Sql 2019-12-03 2019-12-04
6.5
None Remote Low ??? Partial Partial Partial
Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_cat was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.
348 CVE-2019-5110 89 Sql 2019-12-03 2019-12-04
6.5
None Remote Low ??? Partial Partial Partial
Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.
349 CVE-2019-5109 89 Sql 2019-12-03 2019-12-04
6.5
None Remote Low ??? Partial Partial Partial
Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.
350 CVE-2019-5070 89 Sql 2019-09-05 2019-09-06
6.4
None Remote Low Not required Partial Partial None
An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Specially crafted web request to login page can cause SQL injections, resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required.
Total number of vulnerabilities : 551   Page : 1 2 3 4 5 6 7 (This Page)8 9 10 11 12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.