Total
16292 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-13573 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability exists in the FolioVision FV Flowplayer Video Player plugin before 7.3.19.727 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system. | ||||
| CVE-2019-13572 | 1 Adenion | 1 Blog2social | 2024-11-21 | 9.8 Critical |
| The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection. | ||||
| CVE-2019-13571 | 1 Vsourz | 1 Advanced Cf7 Db | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system. | ||||
| CVE-2019-13570 | 1 Ajdg | 1 Adrotate | 2024-11-21 | N/A |
| The AJdG AdRotate plugin before 5.3 for WordPress allows SQL Injection. | ||||
| CVE-2019-13569 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-11-21 | N/A |
| A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system. | ||||
| CVE-2019-13507 | 1 Hidea | 1 Az Admin | 2024-11-21 | N/A |
| hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection. | ||||
| CVE-2019-13489 | 1 Trape Project | 1 Trape | 2024-11-21 | N/A |
| Trape through 2019-05-08 has SQL injection via the data[2] variable in core/db.py, as demonstrated by the /bs t parameter. | ||||
| CVE-2019-13462 | 1 Lansweeper | 1 Lansweeper | 2024-11-21 | N/A |
| Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. | ||||
| CVE-2019-13447 | 1 Sertek | 1 Xpare | 2024-11-21 | N/A |
| An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could access the backend database via SQL injection. | ||||
| CVE-2019-13413 | 1 Boiteasite | 1 Rencontre | 2024-11-21 | 9.8 Critical |
| The Rencontre plugin before 3.1.3 for WordPress allows SQL Injection via inc/rencontre_widget.php. | ||||
| CVE-2019-13409 | 1 Topmeeting | 1 Topmeeting | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability was discovered in TOPMeeting before version 8.8 (2019/08/19). An attacker can use a union based injection query string though a search meeting room feature to get databases schema and username/password. | ||||
| CVE-2019-13375 | 2 Dlink, Microsoft | 2 Central Wifimanager, Windows | 2024-11-21 | N/A |
| A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. The vulnerability does not need any authentication. | ||||
| CVE-2019-13373 | 2 Dlink, Microsoft | 2 Central Wifimanager, Windows | 2024-11-21 | N/A |
| An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL. | ||||
| CVE-2019-13292 | 1 Weberp | 1 Weberp | 2024-11-21 | N/A |
| A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks. | ||||
| CVE-2019-13275 | 1 Veronalabs | 1 Wp Statistics | 2024-11-21 | N/A |
| An issue was discovered in the VeronaLabs wp-statistics plugin before 12.6.7 for WordPress. The v1/hit endpoint of the API, when the non-default "use cache plugin" setting is enabled, is vulnerable to unauthenticated blind SQL Injection. | ||||
| CVE-2019-13191 | 1 Mapsolutions | 1 Intramaps | 2024-11-21 | N/A |
| A SQL injection vulnerability in IntraMaps MapControl 8 allows attackers to execute arbitrary SQL commands via the /ApplicationEngine/Search/Refine/Set page. | ||||
| CVE-2019-13086 | 1 Cszcms | 1 Csz Cms | 2024-11-21 | N/A |
| core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrf_csz parameter. | ||||
| CVE-2019-13079 | 1 Quest | 1 Kace Systems Management Appliance | 2024-11-21 | 8.8 High |
| Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /adminui/history_log.php. The affected parameter is TYPE_NAME. | ||||
| CVE-2019-13078 | 1 Quest | 1 Kace Systems Management Appliance | 2024-11-21 | 8.8 High |
| Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /common/user_profile.php. The affected parameter is sort_column. | ||||
| CVE-2019-13076 | 1 Quest | 1 Kace Systems Management Appliance | 2024-11-21 | 8.8 High |
| Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /userui/ticket_list.php, and affected parameters are order[0][column] and order[0][dir]. | ||||