There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request.
Max CVSS
7.2
EPSS Score
0.88%
Published
2018-12-03
Updated
2018-12-27
FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application.
Max CVSS
7.5
EPSS Score
0.39%
Published
2018-12-28
Updated
2019-01-30
HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "id_utente_mod" parameter in gestione_utenti.php file that can result in An attacker can dump all the database records of backend webserver. This attack appear to be exploitable via the attack can be done by anyone via specially crafted sql query passed to the "id_utente_mod=1" parameter.
Max CVSS
9.8
EPSS Score
0.21%
Published
2018-12-20
Updated
2019-01-07
phpIPAM version 1.3.2 contains a CWE-89 vulnerability in /app/admin/nat/item-add-submit.php that can result in SQL Injection.. This attack appear to be exploitable via Rough user, exploiting the vulnerability to access information he/she does not have access to.. This vulnerability appears to have been fixed in 1.4.
Max CVSS
9.8
EPSS Score
0.15%
Published
2018-12-20
Updated
2019-01-08
WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions*.php scripts that can result in Database Read via Blind SQL Injection. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f.
Max CVSS
8.8
EPSS Score
0.12%
Published
2018-12-20
Updated
2019-01-07
zzcms version 8.3 and earlier contains a SQL Injection vulnerability in zt/top.php line 5 that can result in could be attacked by sql injection in zzcms in nginx. This attack appear to be exploitable via running zzcms in nginx.
Max CVSS
9.8
EPSS Score
0.15%
Published
2018-08-20
Updated
2018-10-12
LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters.
Max CVSS
8.8
EPSS Score
0.08%
Published
2018-08-20
Updated
2018-10-16
Battelle V2I Hub 3.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the tmx/TmxCtl/src/lib/PluginStatus.cpp and TmxControl::user_info() function, which could allow the attacker to view, add, modify or delete information in the back-end database.
Max CVSS
9.8
EPSS Score
0.15%
Published
2018-12-28
Updated
2019-01-11
Battelle V2I Hub 2.5.1 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to /api/PluginStatusActions.php and /status/pluginStatus.php using the jtSorting or id parameter, which could allow the attacker to view, add, modify or delete information in the back-end database.
Max CVSS
7.2
EPSS Score
0.11%
Published
2018-12-28
Updated
2019-01-11
OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database. This attack appear to be exploitable via By sending crafted requests it is possible to gain database access. This vulnerability appears to have been fixed in 2.4.1.
Max CVSS
6.5
EPSS Score
0.07%
Published
2018-06-26
Updated
2018-08-20
Trovebox version <= 4.0.0-rc6 contains a SQL Injection vulnerability in album component that can result in SQL code injection. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed.
Max CVSS
8.8
EPSS Score
0.09%
Published
2018-06-26
Updated
2018-08-17
Pradeep Makone wordpress Support Plus Responsive Ticket System version 9.0.2 and earlier contains a SQL Injection vulnerability in the function to get tickets, the parameter email in cookie was injected that can result in filter the parameter. This attack appear to be exploitable via web site, without login. This vulnerability appears to have been fixed in 9.0.3 and later.
Max CVSS
9.8
EPSS Score
0.15%
Published
2018-03-14
Updated
2018-04-13
Security Onion Solutions Squert version 1.1.1 through 1.6.7 contains a SQL Injection vulnerability in .inc/callback.php that can result in execution of SQL commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the sensors parameter, used in ec(). This vulnerability appears to have been fixed in 1.7.0.
Max CVSS
9.8
EPSS Score
0.19%
Published
2018-02-09
Updated
2018-02-28
WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893.
Max CVSS
9.8
EPSS Score
0.15%
Published
2018-12-28
Updated
2019-01-09
user/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass.
Max CVSS
9.8
EPSS Score
0.13%
Published
2018-12-28
Updated
2019-01-10
Administrator/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass.
Max CVSS
9.8
EPSS Score
0.13%
Published
2018-12-28
Updated
2019-01-28
CrashFix 1.0.4 has SQL Injection via the User[status] parameter. This is related to actionIndex in UserController.php, and the protected\models\User.php search() function.
Max CVSS
9.8
EPSS Score
0.15%
Published
2018-12-27
Updated
2019-01-08
An issue was discovered in S-CMS 1.0. It allows SQL Injection via the js/pic.php P_id parameter.
Max CVSS
9.8
EPSS Score
0.21%
Published
2018-12-26
Updated
2018-12-31
An issue was discovered in S-CMS 1.0. It allows SQL Injection via the wap_index.php?type=newsinfo S_id parameter.
Max CVSS
9.8
EPSS Score
0.21%
Published
2018-12-26
Updated
2018-12-31
An issue was discovered in S-CMS 3.0. It allows SQL Injection via the bank/callback1.php P_no field.
Max CVSS
9.8
EPSS Score
0.21%
Published
2018-12-26
Updated
2018-12-30
Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section.
Max CVSS
9.8
EPSS Score
2.89%
Published
2018-12-21
Updated
2021-05-04
Chamilo LMS version 1.11.8 contains a main/inc/lib/CoursesAndSessionsCatalog.class.php SQL injection, allowing users with access to the sessions catalogue (which may optionally be made public) to extract and/or modify database information.
Max CVSS
8.1
EPSS Score
0.06%
Published
2018-12-21
Updated
2019-01-07
Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API.
Max CVSS
9.8
EPSS Score
1.83%
Published
2018-12-17
Updated
2021-05-04
A SQL injection issue was discovered in ERPNext 10.x and 11.x through 11.0.3-beta.29. This attack is only available to a logged-in user; however, many ERPNext sites allow account creation via the web. No special privileges are needed to conduct the attack. By calling a JavaScript function that calls a server-side Python function with carefully chosen arguments, a SQL attack can be carried out which allows SQL queries to be constructed to return any columns from any tables in the database. This is related to /api/resource/Item?fields= URIs, frappe.get_list, and frappe.call.
Max CVSS
7.5
EPSS Score
0.12%
Published
2018-12-11
Updated
2019-01-02
S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by the /1/?type=productinfo&S_id=140 URI.
Max CVSS
7.5
EPSS Score
0.22%
Published
2018-12-10
Updated
2018-12-30
504 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!