Filtered by CWE-89
Total 16368 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-6805 1 S-cms 1 S-cms 2024-11-21 N/A
SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter.
CVE-2019-6798 1 Phpmyadmin 1 Phpmyadmin 2024-11-21 N/A
An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.
CVE-2019-6708 1 Phpshe 1 Phpshe 2024-11-21 N/A
PHPSHE 1.7 has SQL injection via the admin.php?mod=order state parameter.
CVE-2019-6707 1 Phpshe 1 Phpshe 2024-11-21 N/A
PHPSHE 1.7 has SQL injection via the admin.php?mod=product&act=state product_id[] parameter.
CVE-2019-6691 1 Phpwind 1 Phpwind 2024-11-21 N/A
phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb[] parameter, related to the "--backup database" option.
CVE-2019-6658 1 F5 1 Big-ip Advanced Firewall Manager 2024-11-21 4.3 Medium
On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a vulnerability in the AFM configuration utility may allow any authenticated BIG-IP user to run an SQL injection attack.
CVE-2019-6523 1 Advantech 1 Webaccess\/scada 2024-11-21 N/A
WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands.
CVE-2019-6506 1 Salesagility 1 Suitecrm 2024-11-21 N/A
SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL Injection.
CVE-2019-6497 1 Hotels Server Project 1 Hotels Server 2024-11-21 N/A
Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.
CVE-2019-6491 1 Risi 1 Gestao De Horarios 2024-11-21 N/A
RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection.
CVE-2019-6296 1 Skymoonlabs 1 Cleanto 2024-11-21 N/A
Cleanto 5.0 has SQL Injection via the assets/lib/export_ajax.php id parameter.
CVE-2019-6295 1 Skymoonlabs 1 Cleanto 2024-11-21 N/A
Cleanto 5.0 has SQL Injection via the assets/lib/service_method_ajax.php service_id parameter.
CVE-2019-6259 1 Icmsdev 1 Icms 2024-11-21 N/A
An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter.
CVE-2019-6127 1 Xiaocms 1 Xiaocms 2024-11-21 N/A
An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table[] SQL injection. This can be used for PHP code execution via "INTO OUTFILE" with a .php filename.
CVE-2019-6012 1 Tms-outsource 1 Wpdatatables Lite 2024-11-21 7.2 High
SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2019-5996 1 Panasonic 1 Video Insight Vms 2024-11-21 8.8 High
SQL injection vulnerability in the Video Insight VMS 7.3.2.5 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2019-5991 1 Cybozu 1 Garoon 2024-11-21 7.6 High
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2019-5934 1 Cybozu 1 Garoon 2024-11-21 N/A
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application 'logging'.
CVE-2019-5893 1 Nelson-it 1 Open Source Erp 2024-11-21 N/A
Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/query/data.xml query parameter.
CVE-2019-5722 1 Portier 1 Portier 2024-11-21 N/A
An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Due to a lack of user input validation in parameter handling, it has various SQL injections, including on the login form, and on the search form for a key ring number.