Security Vulnerabilities, CVEs, Published In January 2019 (Sql injection)

SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter.

An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.

PHPSHE 1.7 has SQL injection via the admin.php?mod=order state parameter.

PHPSHE 1.7 has SQL injection via the admin.php?mod=product&act=state product_id[] parameter.

phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb[] parameter, related to the "--backup database" option.

Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.

Cleanto 5.0 has SQL Injection via the assets/lib/export_ajax.php id parameter.

Cleanto 5.0 has SQL Injection via the assets/lib/service_method_ajax.php service_id parameter.

An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter.

An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table[] SQL injection. This can be used for PHP code execution via "INTO OUTFILE" with a .php filename.

Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/query/data.xml query parameter.

includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in the reference field that can allow the attacker to grab the entire database of the application via the void_transaction.php filterType parameter.

EARCLINK ESPCMS-P8 has SQL injection in the install_pack/index.php?ac=Member&at=verifyAccount verify_key parameter. install_pack/espcms_public/espcms_db.php may allow retrieving sensitive information from the ESPCMS database.

An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/ProductAction.class.php allows blind SQL Injection via the id[0] parameter to the /product URI.

inxedu through 2018-12-24 has a SQL Injection vulnerability that can lead to information disclosure via the deleteFaveorite/ PATH_INFO. The vulnerable code location is com.inxedu.os.edu.controller.user.UserController#deleteFavorite (aka deleteFavorite in com/inxedu/os/edu/controller/user/UserController.java), where courseFavoritesService.deleteCourseFavoritesById is mishandled during use of MyBatis. NOTE: UserController.java has a spelling variation in an annotation: a @RequestMapping("/deleteFaveorite/{ids}") line followed by a "public ModelAndView deleteFavorite" line.

Simply-Blog through 2019-01-01 has SQL Injection via the admin/deleteCategories.php delete parameter.

A SQL injection vulnerability in NeDi before 1.7Cp3 allows any user to execute arbitrary SQL read commands via the query.php component.

In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter.

CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature.

The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php.

Shopware before 5.4.3 allows SQL Injection by remote authenticated users, aka SW-21404.

SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter.

An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter.

Multiple SQL injection vulnerabilities in Plikli CMS 4.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to join_group.php or (2) comment_id parameter to story.php.

In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows attackers to execute SQL code.