CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2019(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2018-18018 89 Sql 2019-04-15 2019-04-16
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter.
402 CVE-2018-17988 89 Sql 2019-03-07 2021-08-20
7.5
None Remote Low Not required Partial Partial Partial
LayerBB 1.1.1 and 1.1.3 has SQL Injection via the search.php search_query parameter.
403 CVE-2018-17843 89 Sql 2019-05-24 2019-05-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection exists in ADD Clicking MLM Software 1.0, Binary MLM Software 1.0, Level MLM Software 1.0, Singleleg MLM Software 1.0, Autopool MLM Software 1.0, Investment MLM Software 1.0, Bidding MLM Software 1.0, Moneyorder MLM Software 1.0, Repurchase MLM Software 1.0, and Gift MLM Software 1.0 via the member/readmsg.php msg_id parameter, the member/tree.php pid parameter, or the member/downline.php m_id parameter.
404 CVE-2018-17842 89 Sql 2019-06-19 2020-04-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection exists in Scriptzee Hotel Booking Engine 1.0 via the hotels h_room_type parameter.
405 CVE-2018-17841 89 Sql 2019-06-19 2019-06-20
7.5
None Remote Low Not required Partial Partial Partial
SQL injection exists in Scriptzee Flippa Marketplace Clone 1.0 via the site-search sortBy or sortDir parameter.
406 CVE-2018-17840 89 Sql 2019-06-19 2019-06-20
7.5
None Remote Low Not required Partial Partial Partial
SQL injection exists in Scriptzee Education Website 1.0 via the college_list.html subject, city, or country parameter.
407 CVE-2018-17542 89 Sql 2019-02-11 2019-10-09
5.0
None Remote Low Not required Partial None None
SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request.
408 CVE-2018-17420 89 Sql 2019-03-07 2019-03-08
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywords parameter.
409 CVE-2018-17416 89 Sql 2019-03-07 2019-03-08
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid parameter.
410 CVE-2018-17415 89 Sql 2019-03-07 2019-03-08
6.5
None Remote Low ??? Partial Partial Partial
zzcms V8.3 has a SQL injection in /user/zs_elite.php via the id parameter.
411 CVE-2018-17414 89 Sql 2019-03-07 2019-03-08
6.5
None Remote Low ??? Partial Partial Partial
zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass parameter.
412 CVE-2018-17412 89 Sql 2019-03-07 2019-03-08
7.5
None Remote Low Not required Partial Partial Partial
zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For HTTP header.
413 CVE-2018-17399 89 Sql 2019-06-19 2019-06-20
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the Jimtawl 2.2.7 component for Joomla! via the id parameter.
414 CVE-2018-17398 89 Sql 2019-06-19 2019-06-20
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the AMGallery 1.2.3 component for Joomla! via the filter_category_id parameter.
415 CVE-2018-17393 89 Sql 2019-06-19 2019-06-20
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in HealthNode Hospital Management System 1.0 via the id parameter to dashboard/Patient/info.php or dashboard/Patient/patientdetails.php.
416 CVE-2018-17388 89 Sql 2019-06-19 2019-06-20
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in Twilio WEB To Fax Machine System 1.0 via the email or password parameter to login_check.php, or the id parameter to add_email.php or edit_content.php.
417 CVE-2018-17386 89 Sql 2019-06-19 2019-06-21
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the Micro Deal Factory 2.4.0 component for Joomla! via the id parameter, or the PATH_INFO to mydeals/ or listdeals/.
418 CVE-2018-17381 89 Sql 2019-06-19 2019-06-20
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the Dutch Auction Factory 2.0.2 component for Joomla! via the filter_order_Dir or filter_order parameter.
419 CVE-2018-17374 89 Sql 2019-06-19 2019-06-20
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the Auction Factory 4.5.5 component for Joomla! via the filter_order_Dir or filter_order parameter.
420 CVE-2018-17181 89 Sql 2019-05-17 2019-05-20
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in OpenEMR before 5.0.1 Patch 7. SQL Injection exists in the SaveAudit function in /portal/lib/paylib.php and the portalAudit function in /portal/lib/appsql.class.php.
421 CVE-2018-17179 89 Sql 2019-05-17 2019-05-20
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL Injection in the make_task function in /interface/forms/eye_mag/php/taskman_functions.php via /interface/forms/eye_mag/taskman.php.
422 CVE-2018-17048 89 Sql 2019-05-16 2019-05-17
5.0
None Remote Low Not required Partial None None
admin/Lib/Action/FpluginAction.class.php in FDCMS (aka Fangfa Content Manage System) 4.2 allows SQL Injection.
423 CVE-2018-16809 89 Sql 2019-03-07 2019-03-08
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.
424 CVE-2018-16803 89 Exec Code Sql 2019-01-10 2020-01-16
10.0
None Remote Low Not required Complete Complete Complete
In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows attackers to execute SQL code.
425 CVE-2018-16251 89 Sql 2019-06-20 2019-06-21
4.0
None Remote Low ??? Partial None None
A "search for user discovery" injection issue exists in Creatiwity wityCMS 0.6.2 via the "Utilisateur" menu. No input parameters are filtered, e.g., the /admin/user/users Nickname, email, firstname, lastname, and groupe parameters.
426 CVE-2018-16188 89 Exec Code Sql 2019-01-09 2019-02-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
427 CVE-2018-16175 89 Exec Code Sql 2019-01-09 2019-01-11
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the LearnPress prior to version 3.1.0 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.
428 CVE-2018-16137 89 Sql 2019-05-13 2019-05-15
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in the Web Management Console in IPBRICK OS 6.3. There are multiple SQL injections.
429 CVE-2018-16116 89 Exec Code Sql 2019-06-20 2019-06-24
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in AccountStatus.jsp in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary SQL commands via the "username" GET parameter.
430 CVE-2018-15892 89 Sql 2019-06-20 2019-06-24
6.0
None Remote Medium ??? Partial Partial Partial
FreePBX 13 and 14 has SQL Injection in the DISA module via the hangup variable on the /admin/config.php?display=disa&view=form page.
431 CVE-2018-15868 89 Exec Code Sql 2019-06-21 2019-06-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ChronoScan version 1.5.4.3 and earlier allows an unauthenticated attacker to execute arbitrary SQL commands via the wcr_machineid cookie.
432 CVE-2018-14874 89 Sql 2019-04-30 2019-05-03
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. Input passed through the code parameter in three pages as collaterals/colexe3t.jsp and /references/refsuppu.jsp and /references/refbranu.jsp is mishandled before being used in SQL queries, allowing SQL injection with an authenticated session.
433 CVE-2018-13792 89 Exec Code Sql 2019-02-10 2020-09-10
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCapture before 12 Release 2 allow an attacker to execute arbitrary SQL commands via the mask, sortOrder, filter, or Order parameter.
434 CVE-2018-13442 89 Sql 2019-07-16 2019-07-18
6.5
None Remote Low ??? Partial Partial Partial
SolarWinds Network Performance Monitor 12.3 allows SQL Injection via the /api/ActiveAlertsOnThisEntity/GetActiveAlerts TriggeringObjectEntityNames parameter.
435 CVE-2018-13045 89 Exec Code Sql 2019-01-02 2019-01-09
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the "Bazar" page in Yeswiki Cercopitheque 2018-06-19-1 and earlier allows attackers to execute arbitrary SQL commands via the "id" parameter.
436 CVE-2018-12295 89 Exec Code Sql 2019-05-13 2019-05-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3.15.1 allows attackers to execute arbitrary SQL commands via the dirId URL parameter.
437 CVE-2018-12250 89 Sql 2019-07-03 2019-07-05
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in Elite CMS Pro 2.01. In /admin/add_sidebar.php, the ?page= parameter is vulnerable to SQL injection.
438 CVE-2018-11801 89 Exec Code Sql 2019-06-11 2019-06-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on a m_center data related table.
439 CVE-2018-11800 89 Exec Code Sql 2019-06-11 2019-06-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table.
440 CVE-2018-11774 89 Sql 2019-07-29 2019-08-07
6.5
None Remote Low ??? Partial Partial Partial
Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of security seem to protect against malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech.
441 CVE-2018-11772 89 +Priv Sql 2019-07-29 2019-08-07
6.5
None Remote Low ??? Partial Partial Partial
Apache VCL versions 2.1 through 2.5 do not properly validate cookie input when determining what node (if any) was previously selected in the privilege tree. The cookie data is then used in an SQL statement. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of security seem to protect against malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech.
442 CVE-2018-7841 89 Exec Code Sql 2019-05-22 2019-05-23
7.5
None Remote Low Not required Partial Partial Partial
A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered.
443 CVE-2018-7282 89 Sql 2019-12-06 2019-12-18
7.5
None Remote Low Not required Partial Partial Partial
The username parameter of the TITool PrintMonitor solution during the login request is vulnerable to and/or time-based blind SQLi.
444 CVE-2018-6330 89 Sql 2019-03-28 2019-03-28
6.5
None Remote Low ??? Partial Partial Partial
Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.
445 CVE-2018-5404 89 Sql +Info 2019-06-03 2019-10-09
4.0
None Remote Low ??? Partial None None
The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. An authenticated remote attacker could leverage Blind SQL injections to obtain sensitive data.
446 CVE-2018-4056 89 Sql Bypass 2019-02-05 2019-02-20
7.5
None Remote Low Not required Partial Partial Partial
An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server administrator web portal. An attacker can log in via the external interface of the TURN server to trigger this vulnerability.
447 CVE-2018-1994 89 Sql 2019-04-10 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 154494.
448 CVE-2017-18614 89 Sql 2019-09-13 2019-09-16
9.3
None Remote Medium Not required Complete Complete Complete
The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter.
449 CVE-2017-18602 89 Sql 2019-09-10 2019-09-10
6.5
None Remote Low ??? Partial Partial Partial
The examapp plugin 1.0 for WordPress has SQL injection via the wp-admin/admin.php?page=examapp_UserResult id parameter.
450 CVE-2017-18597 89 Sql 2019-09-10 2019-09-10
6.5
None Remote Low ??? Partial Partial Partial
The jtrt-responsive-tables plugin before 4.1.2 for WordPress has SQL Injection via the admin/class-jtrt-responsive-tables-admin.php tableId parameter.
Total number of vulnerabilities : 551   Page : 1 2 3 4 5 6 7 8 9 (This Page)10 11 12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.