Total
16351 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-14900 | 3 Hibernate, Quarkus, Redhat | 17 Hibernate Orm, Quarkus, Build Of Quarkus and 14 more | 2024-11-21 | 6.5 Medium |
| A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. | ||||
| CVE-2019-14801 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2024-11-21 | N/A |
| The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows email subscription SQL injection. | ||||
| CVE-2019-14754 | 1 Open-school | 1 Open-school | 2024-11-21 | N/A |
| Open-School 3.0, and Community Edition 2.3, allows SQL Injection via the index.php?r=students/students/document id parameter. | ||||
| CVE-2019-14702 | 1 Microdigital | 6 Mdc-n2190v, Mdc-n2190v Firmware, Mdc-n4090 and 3 more | 2024-11-21 | N/A |
| An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. SQL injection vulnerabilities exist in 13 forms that are reachable through HTTPD. An attacker can, for example, create an admin account. | ||||
| CVE-2019-14695 | 1 Sygnoos | 1 Popup Builder | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability exists in the Sygnoos Popup Builder plugin before 3.45 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via com/libs/Table.php because Subscribers Table ordering is mishandled. | ||||
| CVE-2019-14529 | 1 Open-emr | 1 Openemr | 2024-11-21 | 9.8 Critical |
| OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php. | ||||
| CVE-2019-14430 | 1 Youphptube | 1 Youphptube | 2024-11-21 | N/A |
| plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows SQL Injection. | ||||
| CVE-2019-14348 | 1 Beardev | 1 Joomsport | 2024-11-21 | N/A |
| The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via the joomsport_season/new-yorkers/?action=playerlist sid parameter. | ||||
| CVE-2019-14314 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | N/A |
| A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.11 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via modules/nextgen_gallery_display/package.module.nextgen_gallery_display.php. | ||||
| CVE-2019-14313 | 1 10web | 1 Photo Gallery | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php. | ||||
| CVE-2019-14266 | 1 Opensns | 1 Opensns | 2024-11-21 | N/A |
| OpenSNS v6.1.0 allows SQL Injection via the index.php?s=/ucenter/Config/ uid parameter because of the getNeedQueryData function in Application/Common/Model/UserModel.class.php. | ||||
| CVE-2019-14254 | 1 Publisure | 1 Publisure | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the secure portal in Publisure 2.1.2. Because SQL queries are not well sanitized, there are multiple SQL injections in userAccFunctions.php functions. Using this, an attacker can access passwords and/or grant access to the user account "user" in order to become "Administrator" (for example). | ||||
| CVE-2019-14234 | 4 Debian, Djangoproject, Fedoraproject and 1 more | 4 Debian Linux, Django, Fedora and 1 more | 2024-11-21 | N/A |
| An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function. | ||||
| CVE-2019-14231 | 1 Onionbuzz | 1 Onionbuzz | 2024-11-21 | N/A |
| An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin before 1.2.2 for WordPress. One could exploit the points parameter in the ob_get_results ajax nopriv handler due to there being no sanitization prior to use in a SQL query in getResultByPointsTrivia. This allows an unauthenticated/unprivileged user to perform a SQL injection attack capable of remote code execution and information disclosure. | ||||
| CVE-2019-14230 | 1 Onionbuzz | 1 Onionbuzz | 2024-11-21 | N/A |
| An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin before 1.2.7 for WordPress. One could exploit the id parameter in the set_count ajax nopriv handler due to there being no sanitization prior to use in a SQL query in saveQuestionVote. This allows an unauthenticated/unprivileged user to perform a SQL injection attack capable of remote code execution and information disclosure. | ||||
| CVE-2019-13978 | 1 Ovidentia | 1 Ovidentia | 2024-11-21 | N/A |
| Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request. | ||||
| CVE-2019-13969 | 1 Metinfo | 1 Metinfo | 2024-11-21 | N/A |
| Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1 request. | ||||
| CVE-2019-13957 | 1 Umbraco | 1 Umbraco | 2024-11-21 | 9.8 Critical |
| In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter. | ||||
| CVE-2019-13578 | 1 Givewp | 1 Givewp | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php. | ||||
| CVE-2019-13575 | 1 Wpeverest | 1 Everest Forms | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/evf-entry-functions.php | ||||