CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-89

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-6581 89 Sql 2018-02-02 2018-02-14
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, artist, or username parameter.
2 CVE-2018-6579 89 Sql 2018-02-02 2018-02-14
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for Joomla! via a view=products&uid= request.
3 CVE-2018-6578 89 Sql 2018-02-02 2018-02-14
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request.
4 CVE-2018-6577 89 Sql 2018-02-02 2018-02-14
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request.
5 CVE-2018-6576 89 Sql 2018-02-02 2018-02-14
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in Event Manager 1.0 via the event.php id parameter or the page.php slug parameter.
6 CVE-2018-6575 89 Sql 2018-02-02 2018-02-14
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the JEXTN Classified 1.0.0 component for Joomla! via a view=boutique&sid= request.
7 CVE-2018-6398 89 Sql 2018-01-30 2018-02-14
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the CP Event Calendar 3.0.1 component for Joomla! via the id parameter in a task=load action.
8 CVE-2018-6395 89 Sql 2018-01-30 2018-02-14
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla! via the id parameter in a view=load action.
9 CVE-2018-6393 89 Sql 2018-01-29 2018-02-15
6.5
None Remote Low Single system Partial Partial Partial
** DISPUTED ** FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... [or] run shell scripts ... once ... logged in to the administration interface; there is no need to try to find input validation errors."
10 CVE-2018-6382 89 Sql 2018-01-30 2018-02-15
4.6
None Local Low Not required Partial Partial Partial
MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address,
11 CVE-2018-6376 89 Sql 2018-01-30 2018-02-13
7.5
None Remote Low Not required Partial Partial Partial
In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.
12 CVE-2018-6367 89 Sql 2018-01-29 2018-02-14
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via the /chat_im/chat_window.php request_id parameter or the /search_events.php category parameter.
13 CVE-2018-6365 89 Sql 2018-01-29 2018-02-14
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in TSiteBuilder 1.0 via the id parameter to /site.php, /pagelist.php, or /page_new.php.
14 CVE-2018-6364 89 Sql 2018-01-29 2018-02-14
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list.php srch parameter.
15 CVE-2018-6363 89 Sql 2018-01-29 2018-02-14
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in Task Rabbit Clone 1.0 via the single_blog.php id parameter.
16 CVE-2018-6308 89 Sql 2018-01-25 2018-02-12
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and below via the track parameter to modules\Campaigns\Tracker.php and modules\Campaigns\utils.php, the default_currency_name parameter to modules\Configurator\controller.php and modules\Currencies\Currency.php, the duplicate parameter to modules\Contacts\ShowDuplicates.php, the mergecur parameter to modules\Currencies\index.php and modules\Opportunities\Opportunity.php, and the load_signed_id parameter to modules\Documents\Document.php.
17 CVE-2018-5988 89 Sql 2018-01-24 2018-02-07
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in Flexible Poll 1.2 via the id parameter to mobile_preview.php or index.php.
18 CVE-2018-5986 89 Sql 2018-01-24 2018-02-07
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in Easy Car Script 2014 via the s_order or s_row parameter to site_search.php.
19 CVE-2018-5985 89 Sql 2018-01-24 2018-02-07
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component for Joomla! via an r=site/login&company_id= request.
20 CVE-2018-5984 89 Sql 2018-01-24 2018-02-07
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the Tumder (An Arcade Games Platform) 2.1 component for Joomla! via the PATH_INFO to the category/ URI.
21 CVE-2018-5979 89 Sql 2018-01-24 2018-02-07
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat Script 1.5 via the login.php User field.
22 CVE-2018-5978 89 Sql 2018-01-24 2018-02-07
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via the login.php User field.
23 CVE-2018-5977 89 Sql 2018-01-24 2018-02-07
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in Affiligator Affiliate Webshop Management System 2.1.0 via a search/?q=&price_type=range&price= request.
24 CVE-2018-5973 89 Sql 2018-01-25 2018-02-09
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in Professional Local Directory Script 1.0 via the sellers_subcategories.php IndustryID parameter, or the suppliers.php IndustryID or CategoryID parameter.
25 CVE-2018-5972 89 Sql 2018-01-24 2018-02-08
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in Classified Ads CMS Quickad 4.0 via the keywords, placeid, cat, or subcat parameter to the listing URI.
26 CVE-2018-5960 89 Sql 2018-01-21 2018-02-12
6.5
None Remote Low Single system Partial Partial Partial
Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of organizer.php or admin_boxes.ajax.php in the `Categories - Edit` module.
27 CVE-2018-5778 89 Exec Code Sql 2018-01-24 2018-02-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Multiple SQL injection vulnerabilities are present in the legacy .ASP pages, which could allow attackers to execute arbitrary SQL commands via unspecified vectors.
28 CVE-2018-5697 89 Sql 2018-01-13 2018-02-01
6.5
None Remote Low Single system Partial Partial Partial
Icy Phoenix 2.2.0.105 allows SQL injection via an unapprove request to admin_kb_art.php or the order parameter to admin_jr_admin.php, related to functions_kb.php.
29 CVE-2018-5696 89 Sql 2018-01-13 2018-02-01
7.5
None Remote Low Not required Partial Partial Partial
The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL injection via the `advertiser_status` and `status_select` parameters to index.php.
30 CVE-2018-5695 89 Sql 2018-01-13 2018-02-01
6.5
None Remote Low Single system Partial Partial Partial
The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection via the order or sort parameter to the wpjb-job or wpjb-alerts module, with a request to wp-admin/admin.php.
31 CVE-2018-5443 89 Sql 2018-01-24 2018-02-09
5.0
None Remote Low Not required Partial None None
A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. WebAccess/SCADA does not properly sanitize its inputs for SQL commands.
32 CVE-2018-5374 89 Sql 2018-01-12 2018-01-24
6.5
None Remote Low Single system Partial Partial Partial
The Dbox 3D Slider Lite plugin through 1.2.2 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter).
33 CVE-2018-5373 89 Sql 2018-01-12 2018-01-24
6.5
None Remote Low Single system Partial Partial Partial
The Smooth Slider plugin through 2.8.6 for WordPress has SQL Injection via smooth-slider.php (trid parameter).
34 CVE-2018-5372 89 Sql 2018-01-12 2018-01-24
6.5
None Remote Low Single system Partial Partial Partial
The Testimonial Slider plugin through 1.2.4 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter).
35 CVE-2018-5315 89 Sql 2018-01-12 2018-01-29
7.5
None Remote Low Not required Partial Partial Partial
The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter to event.php.
36 CVE-2018-5211 89 Sql 2018-01-09 2018-01-31
7.5
None Remote Low Not required Partial Partial Partial
PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack on the page ajax.php with the parameter playlist.
37 CVE-2018-3811 89 Exec Code Sql 2018-01-01 2018-01-16
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. The saveGoogleAdWords() function in smartgooglecode.php did not use prepared statements and did not sanitize the $_POST["oId"] variable before passing it as input into the SQL query.
38 CVE-2017-1002028 89 Sql 2017-09-14 2017-09-20
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query.
39 CVE-2017-1002027 89 Sql 2017-09-14 2017-09-20
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rk_user_list.php.
40 CVE-2017-1002026 89 Sql 2017-09-14 2017-09-20
6.5
None Remote Low Single system Partial Partial Partial
Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement.
41 CVE-2017-1002025 89 Sql 2017-09-14 2017-09-21
6.5
None Remote Low Single system Partial Partial Partial
Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement.
42 CVE-2017-1002023 89 Sql 2017-09-14 2017-09-21
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php
43 CVE-2017-1002022 89 Sql 2017-09-14 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query.
44 CVE-2017-1002021 89 Sql 2017-09-14 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query.
45 CVE-2017-1002020 89 Sql 2017-09-14 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query.
46 CVE-2017-1002019 89 Sql 2017-09-14 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this allows for blind SQL injection via the event parameter.
47 CVE-2017-1002018 89 Sql 2017-09-14 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this allows for blind SQL injection via the event parameter.
48 CVE-2017-1002015 89 Sql 2017-09-14 2017-09-20
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter.
49 CVE-2017-1002014 89 Sql 2017-09-14 2017-09-20
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter.
50 CVE-2017-1002013 89 Sql 2017-09-14 2017-09-20
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php.
Total number of vulnerabilities : 4802   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.