CWE:
 

Tytuł
Data
Autor
Med.
Xinet Elegant 6 Asset Library Web Interface 6.1.655 SQL Injection
04.12.2019
hyp3rlinx
Med.
Computrols CBAS-Web 19.0.0 Blind SQL Injection
13.11.2019
LiquidWorm
Med.
SD.NET RIM 4.7.3c SQL Injection
06.11.2019
Fabian Mosch
Med.
thejshen Globitek CMS 1.4 SQL Injection
06.11.2019
Cakes
Med.
html5_snmp 1.11 SQL Injection
06.11.2019
Cakes
Med.
TheJshen contentManagementSystem 1.04 SQL Injection
03.11.2019
Cakes
Med.
WordPress Google Review Slider 6.1 SQL Injection
01.11.2019
Princy Edward
Med.
waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 SQL Injection
29.10.2019
Cakes
Med.
delpino73 Blue-Smiley-Organizer 1.32 SQL Injection
29.10.2019
Cakes
Med.
AUO SunVeillance Monitoring System 1.1.9e SQL Injection
26.10.2019
Luca.Chiou
Med.
WiKID Systems 2FA Enterprise Server 4.2.0-b2032 SQL Injection / XSS / CSRF
19.10.2019
Aaron Bishop
Med.
FFTC Agricultural Policy Articles SQLi
16.10.2019
Ali Abdollahi
Med.
Garuda Media SQL injection
15.10.2019
5TUP1D-BOY
Med.
BelajarBro SQL injection
15.10.2019
5TUP1D-BOY
Med.
UniSystems mfmcsmcategory Com_Statistic Greece SQL Injection
15.10.2019
KingSkrupellos
Med.
Reklamos Paslaugos InterLogo.lt SQL Injection
15.10.2019
KingSkrupellos
Med.
SNAPY SQL INJECTION
13.10.2019
5TUP1D-BOY
Med.
Joomla 1.5.15 Cactus 1.2.0 SQL Injection
12.10.2019
KingSkrupellos
Med.
Joomla Vemod News Mailer 1.0 SQL Injection
12.10.2019
KingSkrupellos
Med.
Joomla MisterEstate 1.5.26 SQL Injection
12.10.2019
KingSkrupellos
Med.
Joomla 1.5.26 Google Maps 1.0.4 SQL Injection
12.10.2019
KingSkrupellos
Med.
Joomla MediaLibrary 1.5.26 SQL Injection
12.10.2019
KingSkrupellos
Med.
Joomla 1.5.26 Mad4Joomla 1.1.x SQL Injection
12.10.2019
KingSkrupellos
Med.
Joomla SwPhotoGallery 1.5.26 SQL Injection
12.10.2019
KingSkrupellos
Med.
Joomla Sumoku 3.9.8 SQL Injection
12.10.2019
KingSkrupellos
Med.
Project By BehaveAdv.it SQL Injection
11.10.2019
KingSkrupellos
Med.
Credits DWD Web Agency XSS SQL Injection
11.10.2019
KingSkrupellos
Med.
Moduliti Creation De Site İnternet Professionnel XSS SQL Injection
11.10.2019
KingSkrupellos
Med.
Mauro Boldrini Editore SportWebSRL SQL Injection
11.10.2019
KingSkrupellos
Med.
Original WebDesign By B2H WebMastering Marco R. Capelli SQL Injection
11.10.2019
KingSkrupellos
Med.
Servizi Multimediali SQL Injection
11.10.2019
KingSkrupellos
Med.
Diseno y Desarrollo Servicios para Empresarios XSS SQL Injection
11.10.2019
KingSkrupellos
Med.
France Petites Cites Caractere des Pays de la Loire XSS SQL Injection
11.10.2019
KingSkrupellos
Med.
MotionDesign WebHosting Portugal XSS SQL Injection
09.10.2019
KingSkrupellos
Med.
8Volante Siti İnternet Brescia SQL Injection
09.10.2019
KingSkrupellos
Med.
Library of China Science and Technology University SQL Injection
09.10.2019
KingSkrupellos
Med.
Realizzato da CityNetGroup SQL Injection
09.10.2019
KingSkrupellos
Med.
Realisation Pascale Moise XSS SQL Injection
09.10.2019
KingSkrupellos
Med.
Acktel Creavite Web Solutions XSS SQL Injection
09.10.2019
KingSkrupellos
Med.
TamTamSRL Agenzia Pubblicitaria Catania WebDesign XSS SQL Injection
08.10.2019
KingSkrupellos
Med.
vBulletin 5.5.4 SQL Injection
08.10.2019
EgiX
Med.
Realizzato da MDAWeb MDA Informatica ItalyGov XSS SQL Injection
07.10.2019
KingSkrupellos
Med.
Thailand Union Library Management 6.2 XSS SQL Injection
07.10.2019
KingSkrupellos
Med.
Sponsored By Norway Developed By Neocom Macedonia SQL Injection
07.10.2019
KingSkrupellos
Med.
Croft Institute for International Studies University of Mississippi SQL Injection
07.10.2019
KingSkrupellos
Med.
TharrosNet Italy Web Agency SQL Injection
07.10.2019
KingSkrupellos
Med.
LabCollector 5.423 SQL Injection
04.10.2019
Carlos Avila
Med.
Detrix EDMS 1.2.3.1505 SQL Injection
03.10.2019
Burov Konstantin
Med.
citecodecrashers Pic-A-Point 1.1 SQL Injection
29.09.2019
Cakes
Med.
eBrigade SQL Injection
27.09.2019
David Haintz
Med.
inoERP 4.15 SQL Injection
27.09.2019
Semen Alexandrovich Ly...
High
Piwigo 2.9.5 Cross Site Scripting / SQL Injection / Command Execution
24.09.2019
James Bercegay
Med.
DIGIT CENTRIS 4 ERP SQL Injection
20.09.2019
n1x_
Med.
Hospital-Management 1.26 SQL Injection
19.09.2019
Cakes
Med.
CollegeManagementSystem-CMS 1.3 batch SQL Injection
17.09.2019
Cakes
Med.
Cabrera Propiedades (Blind SQL Injection)
15.09.2019
intrackeable
Med.
WordPress Plugin Photo Gallery 1.5.34 SQL Injection
14.09.2019
MTK
Med.
Laprida Gobierno Municipal (SQL Injection)
13.09.2019
intrackeable
Med.
Dolibarr ERP-CRM 10.0.1 SQL Injection
10.09.2019
Metin Yunus Kandemir
Med.
Selio - Real Estate Directory SQL Injection & Persistent XSS
09.09.2019
SubversA
Med.
Enigma NMS 65.0.0 SQL Injection
09.09.2019
Mark Cross
Med.
Nexos - Real Estate WordPress Theme SQL Injection & Persistent XSS
08.09.2019
SubversA
Med.
HarmanYayıncılık SQL Injection
01.09.2019
KingSkrupellos
Med.
Skabu Tverrbygda Espedalenil Steil.No SQL Injection
01.09.2019
KingSkrupellos
Med.
Coelmo Generating Sets Company XSS SQL Injection
01.09.2019
KingSkrupellos
Med.
Joomla 2.5.28 Com_JomEstate Real Estate Components 4.1 SQL Injection
30.08.2019
KingSkrupellos
Med.
X-Cart DesignHouse MonarchDigitalMedia MagicAngel SQL Injection
29.08.2019
KingSkrupellos
Med.
Joomla 1.0.15 Easy GuestBook Com_EasyGB Components 1.0 SQL Injection
29.08.2019
KingSkrupellos
Med.
PicoTwist XSS SQL Injection
29.08.2019
KingSkrupellos
Med.
Mockup Studio Agencia Digital Mexico XSS SQL Injection
29.08.2019
KingSkrupellos
Med.
AsilNet Web Design SQL Injection
29.08.2019
KingSkrupellos
Med.
Jobberbase 2.0 CMS jobs-in SQL Injection
28.08.2019
Naren Jangra
Med.
Plexo Torresoft Alex Torres Software 2.0 XSS SQL Injection
26.08.2019
KingSkrupellos
Med.
Nova Systems Software Logistica GhidoProduction SQL Injection
25.08.2019
KingSkrupellos
Med.
Joomla 1.5.26 Com_AlphaContent Components 3.x SQL Injection
25.08.2019
KingSkrupellos
Med.
Joomla 1.5.26 Com_EstateAgent Components 3.x SQL Injection
25.08.2019
KingSkrupellos
Med.
Joomla 1.5.26 Com_OrgChart Components 1.0.0 XSS SQL Injection
25.08.2019
KingSkrupellos
Med.
Joomla 1.5.26 Com_FireBoard Components 1.1.3 SQL Injection
25.08.2019
KingSkrupellos
Med.
Sercop Via dei Cornaggia XSS SQL Injection
25.08.2019
KingSkrupellos
Med.
Mambo Miro International Infoerbe XSS SQL Injection
25.08.2019
KingSkrupellos
Med.
PSPCommunication Caldaie D'Alessandro Com_Comnetwork XSS SQL Injection
25.08.2019
KingSkrupellos
Med.
Realschule Niederpleis Sankt Augustin SQL Injection
23.08.2019
KingSkrupellos
Med.
Phenodata University of Southampton High Energy Physics Database SQL Injection
23.08.2019
KingSkrupellos
Med.
OneSource Consultoria Informatica Coimbra Portugal XSS SQL Injection
22.08.2019
KingSkrupellos
Med.
Acquario di Cala Gonone L'Acquario della Sardegna Italia SQL Injection
22.08.2019
KingSkrupellos
Med.
Weingut Oskar und Doris Bastian Brauneberg Germany XSS SQL Injection
22.08.2019
KingSkrupellos
Med.
Wikindx 5.8.2 Virtual Research Environment Library Manager SQL Injection
22.08.2019
KingSkrupellos
Med.
MDMarine Insurance Agent Orillia Canada XSS SQL Injection
22.08.2019
KingSkrupellos
Med.
Desarrollado por eMasters Constultores Internet Technology XSS SQL Injection
22.08.2019
KingSkrupellos
Low
Burlington Soccer League XSS SQL Injection
22.08.2019
KingSkrupellos
Med.
Universite de Moncton Edmunston Shippagan Canada SQL Injection
22.08.2019
KingSkrupellos
Med.
Optronics Fibra Optica eCommerce Mexico XSS SQL Injection
22.08.2019
KingSkrupellos
Med.
KBPublisher 6.0.2.1 SQL Injection
22.08.2019
Pedro Andujar
Med.
Produzione Izdelava MMvisual SQL Injection
22.08.2019
KingSkrupellos
Med.
Systeme De Gestion Du Site CMS Realise Par ANG-Web SQL Injection
21.08.2019
KingSkrupellos
Med.
Fragolan Linking People D-Gen CMS SQL Injection
21.08.2019
KingSkrupellos
Med.
Italian Institute for Genomic Medicine IIGM SQL Injection
20.08.2019
KingSkrupellos
Med.
Associazione LignanoNelTerzoMillennio SQL Injection
20.08.2019
KingSkrupellos
Med.
AutoDromoRiccardoPalettiVaranodeMelegari SQL Injection
20.08.2019
KingSkrupellos
Med.
YouPHPTube 7.2 userCreate.json.php SQL Injection
20.08.2019
Fabian Mosch


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2019-12-04
Medium
CVE-2013-2745

Vendor: Minidlna project
Software: Minidlna
 

 
An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0

 
2019-12-03
Medium
CVE-2019-5109

Vendor: Formalms
Software: Formalms
 

 
Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.

 
Medium
CVE-2019-5110

Vendor: Formalms
Software: Formalms
 

 
Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.

 
Medium
CVE-2019-5111

Vendor: Formalms
Software: Formalms
 

 
Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_cat was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.

 
Medium
CVE-2019-5112

Vendor: Formalms
Software: Formalms
 

 
Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_status was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.

 
2019-12-02
Medium
CVE-2019-19016

Vendor: Titanhq
Software: Webtitan
 

 
An issue was discovered in TitanHQ WebTitan before 5.18. Some functions, such as /history-x.php, of the administration interface are vulnerable to SQL Injection through the results parameter. This could be used by an attacker to extract sensitive information from the appliance database.

 
2019-11-27
Medium
CVE-2019-15300

Vendor: Centreon
Software: Centreon web
 

 
A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query.

 
2019-11-26
Medium
CVE-2011-1933

Vendor: Jifty\
Software: \
 

 
SQL injection vulnerability in Jifty::DBI before 0.68.

 
Medium
CVE-2011-1939

Vendor: ZEND
Software: Zend framework
 

 
SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6.

 
Medium
CVE-2011-3583

Vendor: Typo3
Software: Typo3
 

 
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top