Total
16279 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12600 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A |
| SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 2 of 3). | ||||
| CVE-2019-12599 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A |
| SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows SQL Injection. | ||||
| CVE-2019-12598 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A |
| SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 1 of 3). | ||||
| CVE-2019-12570 | 1 Xpertsol | 1 Server Status By Hostname\/ip | 2024-11-21 | N/A |
| A SQL injection vulnerability in the Xpert Solution "Server Status by Hostname/IP" plugin 4.6 for WordPress allows an authenticated user to execute arbitrary SQL commands via GET parameters. | ||||
| CVE-2019-12516 | 1 Slickquiz Project | 1 Slickquiz | 2024-11-21 | 8.8 High |
| The slickquiz plugin through 1.3.7.1 for WordPress allows SQL Injection by Subscriber users, as demonstrated by a /wp-admin/admin.php?page=slickquiz-scores&id= or /wp-admin/admin.php?page=slickquiz-edit&id= or /wp-admin/admin.php?page=slickquiz-preview&id= URI. | ||||
| CVE-2019-12465 | 1 Librenms | 1 Librenms | 2024-11-21 | 8.1 High |
| An issue was discovered in LibreNMS 1.50.1. A SQL injection flaw was identified in the ajax_rulesuggest.php file where the term parameter is used insecurely in a database query for showing columns of a table, as demonstrated by an ajax_rulesuggest.php?debug=1&term= request. | ||||
| CVE-2019-12385 | 1 Ampache | 1 Ampache | 2024-11-21 | N/A |
| An issue was discovered in Ampache through 3.9.1. The search engine is affected by a SQL Injection, so any user able to perform lib/class/search.class.php searches (even guest users) can dump any data contained in the database (sessions, hashed passwords, etc.). This may lead to a full compromise of admin accounts, when combined with the weak password generator algorithm used in the lostpassword functionality. | ||||
| CVE-2019-12374 | 1 Ivanti | 1 Landesk Management Suite | 2024-11-21 | N/A |
| A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll. | ||||
| CVE-2019-12372 | 1 Petraware | 1 Ptransformer Adc | 2024-11-21 | N/A |
| Petraware pTransformer ADC before 2.1.7.22827 allows SQL Injection via the User ID parameter to the login form. | ||||
| CVE-2019-12359 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.2 High |
| An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/ztliuyan_sendmail.php (when the attacker has admin authority) via the id parameter. | ||||
| CVE-2019-12358 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 8.8 High |
| An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendsms.php (when the attacker has dls_print authority) via a dlid cookie. | ||||
| CVE-2019-12357 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.2 High |
| An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/deluser.php (when the attacker has admin authority) via the id parameter. | ||||
| CVE-2019-12356 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 8.8 High |
| An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_download.php (when the attacker has dls_download authority) via the id parameter. | ||||
| CVE-2019-12355 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 8.8 High |
| An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_print.php (when the attacker has dls_print authority) via the id parameter. | ||||
| CVE-2019-12354 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.2 High |
| An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/showbad.php (when the attacker has admin authority) via the id parameter. | ||||
| CVE-2019-12353 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.2 High |
| An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/dl_sendmail.php (when the attacker has admin authority) via the id parameter. | ||||
| CVE-2019-12352 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 8.8 High |
| An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendmail.php (when the attacker has dls_print authority) via a dlid cookie. | ||||
| CVE-2019-12351 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 9.8 Critical |
| An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_print.php via an id parameter value with a trailing comma. | ||||
| CVE-2019-12350 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 9.8 Critical |
| An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_download.php via an id parameter value with a trailing comma. | ||||
| CVE-2019-12349 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 9.8 Critical |
| An issue was discovered in zzcms 2019. SQL Injection exists in /admin/dl_sendsms.php via the id parameter. | ||||