Total
16361 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19876 | 1 Br-automation | 1 Industrial Automation Aprol | 2024-11-21 | 9.8 Critical |
| An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An EnMon PHP script was vulnerable to SQL injection, a different vulnerability than CVE-2019-10006. | ||||
| CVE-2019-19850 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 7.2 High |
| An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backend user who has administrator privileges. | ||||
| CVE-2019-19846 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 9.8 Critical |
| In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors. | ||||
| CVE-2019-19740 | 1 Octeth | 1 Oempro | 2024-11-21 | 9.8 Critical |
| Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignID in Campaign.Get is vulnerable. | ||||
| CVE-2019-19734 | 1 Mfscripts | 1 Yetishare | 2024-11-21 | 8.8 High |
| _account_move_file_in_folder.ajax.php in MFScripts YetiShare 3.5.2 directly inserts values from the fileIds parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection. | ||||
| CVE-2019-19732 | 1 Mfscripts | 1 Yetishare | 2024-11-21 | 7.2 High |
| translation_manage_text.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 directly insert values from the aSortDir_0 and/or sSortDir_0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection. | ||||
| CVE-2019-19650 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 8.8 High |
| Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function. | ||||
| CVE-2019-19649 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function. | ||||
| CVE-2019-19608 | 1 Mitel | 1 Micollab Audio\, Web \& Video Conferencing | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability in in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the registeredList.cgi page. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts. | ||||
| CVE-2019-19607 | 1 Mitel | 1 Micollab Audio\, Web \& Video Conferencing | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the session parameter. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts. | ||||
| CVE-2019-19499 | 2 Grafana, Redhat | 2 Grafana, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations. | ||||
| CVE-2019-19292 | 1 Siemens | 2 Sinvr 3 Central Control Server, Sinvr 3 Video Server | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an SQL injection vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to read or modify the CCS database and potentially execute administrative database operations or operating system commands. | ||||
| CVE-2019-19286 | 1 Siemens | 1 Xhq | 2024-11-21 | 7.2 High |
| A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow SQL injection attacks if an attacker is able to modify content of particular web pages. | ||||
| CVE-2019-19250 | 1 Opentrade Project | 1 Opentrade | 2024-11-21 | 9.8 Critical |
| OpenTrade before 2019-11-23 allows SQL injection, related to server/modules/api/v1.js and server/utils.js. | ||||
| CVE-2019-19242 | 5 Canonical, Oracle, Redhat and 2 more | 5 Ubuntu Linux, Mysql Workbench, Enterprise Linux and 2 more | 2024-11-21 | 5.9 Medium |
| SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c. | ||||
| CVE-2019-19209 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 7.5 High |
| Dolibarr ERP/CRM before 10.0.3 allows SQL Injection. | ||||
| CVE-2019-19207 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 8.8 High |
| rConfig 3.9.2 allows devices.php?searchColumn= SQL injection. | ||||
| CVE-2019-19113 | 1 Newbee-mall Project | 1 Newbee-mall | 2024-11-21 | 9.8 Critical |
| main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?goodsCategoryId=&keyword= SQL Injection. | ||||
| CVE-2019-19094 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 7.6 High |
| Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database. | ||||
| CVE-2019-19029 | 2 Linuxfoundation, Pivotal | 2 Harbor, Vmware Harbor Registry | 2024-11-21 | 7.2 High |
| Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform. | ||||