CWE:
 

Tytuł
Data
Autor
Med.
eLection 2.0 id SQL Injection
27.02.2020
J3rryBl4nks
Med.
eLection 2.0 SQL Injection
24.02.2020
J3rryBl4nks
Med.
ATutor 2.2.4 SQL Injection
24.02.2020
Andrey Stoykov
Med.
SOPlanning 1.45 users SQL Injection
17.02.2020
J3rryBl4nks, Homebrewe...
Med.
phpMyChat Plus 1.98 SQL Injection
15.02.2020
J3rryBl4nks
Med.
PackWeb Formap E-learning 1.0 SQL Injection
11.02.2020
Amel Bouziane-Leblond
Med.
QuickDate 1.3.2 SQL Injection
11.02.2020
Ihsan Sencan
Med.
TicketAgenten Germany XSS SQL Injection
31.01.2020
KingSkrupellos
Med.
Daiwa-Cormoran Sportartikel-Vertrieb GmbH XSS SQL Injection
31.01.2020
KingSkrupellos
Med.
DTMobilien GmBH Credit Agency XSS SQL Injection
31.01.2020
KingSkrupellos
Med.
BimBamBanana Gadgets Online Shopping XSS SQL Injection
31.01.2020
KingSkrupellos
Med.
Ozeki Messaging Software Products Hungary XSS SQL Injection
31.01.2020
KingSkrupellos
Med.
Antikvariat-Susice XSS SQL Injection
31.01.2020
KingSkrupellos
Med.
Rukovoditel Project Management CRM 2.5.2 filters SQL Injection
30.01.2020
Fatih Çelik
Med.
Octeth Oempro 4.8 SQL Injection
30.01.2020
Bruno de Barros Bulle
Med.
Webtareas 2.0 SQL Injection
25.01.2020
Greg Priest
Med.
JamJam Informationssysteme Böblingen Voegele-Reisen XSS SQL Injection
24.01.2020
KingSkrupellos
Med.
Stempel-Bestellen OnlineShop Deutschland SQL Injection
23.01.2020
KingSkrupellos
Med.
Kuenstlernachlaesse-Mannheim XSS SQL Injection
23.01.2020
KingSkrupellos
Med.
Shopsystem WebanOS SQL Injection
23.01.2020
KingSkrupellos
Med.
NitroPowered WebGallery SQL Injection
23.01.2020
KingSkrupellos
Med.
Guangzhou China Enonomic Bidding Co Ltd XSS SQL Injection
23.01.2020
KingSkrupellos
Med.
Spvgg Oedheim SportVerein SQL Injection
23.01.2020
KingSkrupellos
Med.
ECTouch ECShop v2.7.3 SQL Injection
22.01.2020
KingSkrupellos
Med.
WordPress WP Fanzone 3.1 SQL Injection
22.01.2020
KingSkrupellos
Med.
Balikesir Üniversitesi SQL İnjection
22.01.2020
Furkan Özer
Med.
Hong Kong Government Public Libraries SQL Injection
21.01.2020
KingSkrupellos
Med.
EuroTur Travel Agency Argentina XSS SQL Injection
21.01.2020
KingSkrupellos
Med.
Jakob Carlsen Tilde XSS SQL Injection
21.01.2020
KingSkrupellos
Med.
Built with WordPress and WP FanZone Themes 3.1 SQL Injection
21.01.2020
KingSkrupellos
Med.
DiscoWorld Electronics Store Denmark SQL Injection
21.01.2020
KingSkrupellos
Med.
Fjerne Naboer Administreres Af Spor Media XSS SQL Injection
21.01.2020
KingSkrupellos
Med.
İstanbul Technical University Ottoman Architecture Texts Archives SQL Injection
20.01.2020
KingSkrupellos
Med.
Powered by myIT-School Education System HongKong XSS SQL Injection
20.01.2020
KingSkrupellos
Med.
ATS4 Internetowy System Planowia Zajec SQL Injection
19.01.2020
KingSkrupellos
Med.
National Cheng Kung University Computer and Internet Architecture Laboratory XSS SQL Injection
19.01.2020
KingSkrupellos
Med.
Cankırı Belediyesi SQL İnjection
14.01.2020
Furkan Özer
Med.
MD-WEBMARKETING - SQL Injection vulnerability
12.01.2020
Unkn0wn
Med.
Bilkent University Communications Theory and Applications Research SQL Injection
12.01.2020
Furkan Özer
Med.
Hostel Management System 2.0 id SQL Injection
11.01.2020
FULLSHADE
Med.
Campus De La Rivera Argentina SQL Injection
10.01.2020
KingSkrupellos
Med.
Vieux Montreal Quebec SQL Injection
10.01.2020
KingSkrupellos
Med.
Facultad de Ciencias Jurídicas y Sociales Universidad Nacional del Litoral UNL Argentina SQL Injection
10.01.2020
KingSkrupellos
Med.
La Universidad Nacional Tecnológica de Lima Sur Untels Peru XSS SQL Injection
10.01.2020
KingSkrupellos
Med.
Mariano Moreno Instituto Superior Córdoba SQL Injection
10.01.2020
KingSkrupellos
Med.
Centro Universitario de Idiomas Cui Argentina SQL Injection
10.01.2020
KingSkrupellos
Med.
afyon kocatepe üniversitesi SQL injection
09.01.2020
Furkan Özer
Low
ÇANAKKALE ONSEKİZ MART ÜNİVERSİTESİ Cross Site Scripting
08.01.2020
Furkan Özer
Med.
Dairy Farm Shop Management System 1.0 SQL Injection
07.01.2020
Chris Inzinga
Med.
elaniin CMS 1.0 SQL Injection
07.01.2020
riamloo
Med.
Complaint Management System 4.0 cid SQL injection
06.01.2020
FULLSHADE
Med.
cera-intranet-community-theme SQL Injection
06.01.2020
Mehmet EMIROGLU
Med.
Wave - Powerful Freelance Marketplace System SQL Injection
06.01.2020
Mehmet EMIROGLU
Med.
Karakuzu ERP Management Web 5.7.0 SQL Injection
04.01.2020
Hakan Taskopru
Med.
BloodX 1.0 SQL Injection
04.01.2020
riamloo
Med.
Hospital Management System 4.0 SQL Injection
02.01.2020
Metin Yunus Kandemir
Med.
Shopping Portal ProVersion 3.0 SQL Injection
01.01.2020
Metin Yunus Kandemir
Med.
Wave 2.0 SQL Injection
31.12.2019
Mehmet Emiroglu
Med.
Thrive Smart Home 1.1 SQL Injection
31.12.2019
LiquidWorm
Med.
elearning-script 1.0 SQL Injection
31.12.2019
riamloo
Med.
Cera Intranet Community Theme 1.0.1 SQL Injection
31.12.2019
Mehmet Emiroglu
Med.
seabreezeconsulting sql injection vulnerability
25.12.2019
Gama Security Team
Med.
82webmaster sql injection vulnerability
24.12.2019
Gama Security Team
Med.
DasanSoft XSS SQL Injection
16.12.2019
KingSkrupellos
Med.
DasanSoftKorea XSS SQL Injection
16.12.2019
KingSkrupellos
Med.
Grupo Comercial Yazbek XSS SQL Injection
16.12.2019
KingSkrupellos
Med.
DSehiBox XSS SQL Injection
13.12.2019
KingSkrupellos
Med.
Nippon-Ring Services Co Ltd Jrva SQL Injection
11.12.2019
KingSkrupellos
Low
OldWeb Universite Degli Studi Del Molise Italy XSS SQL Injection
11.12.2019
KingSkrupellos
Med.
Xinet Elegant 6 Asset Library Web Interface 6.1.655 SQL Injection
04.12.2019
hyp3rlinx
Med.
Computrols CBAS-Web 19.0.0 Blind SQL Injection
13.11.2019
LiquidWorm
Med.
SD.NET RIM 4.7.3c SQL Injection
06.11.2019
Fabian Mosch
Med.
thejshen Globitek CMS 1.4 SQL Injection
06.11.2019
Cakes
Med.
html5_snmp 1.11 SQL Injection
06.11.2019
Cakes
Med.
TheJshen contentManagementSystem 1.04 SQL Injection
03.11.2019
Cakes
Med.
WordPress Google Review Slider 6.1 SQL Injection
01.11.2019
Princy Edward
Med.
waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 SQL Injection
29.10.2019
Cakes
Med.
delpino73 Blue-Smiley-Organizer 1.32 SQL Injection
29.10.2019
Cakes
Med.
AUO SunVeillance Monitoring System 1.1.9e SQL Injection
26.10.2019
Luca.Chiou
Med.
WiKID Systems 2FA Enterprise Server 4.2.0-b2032 SQL Injection / XSS / CSRF
19.10.2019
Aaron Bishop
Med.
FFTC Agricultural Policy Articles SQLi
16.10.2019
Ali Abdollahi
Med.
Garuda Media SQL injection
15.10.2019
5TUP1D-BOY
Med.
BelajarBro SQL injection
15.10.2019
5TUP1D-BOY
Med.
UniSystems mfmcsmcategory Com_Statistic Greece SQL Injection
15.10.2019
KingSkrupellos
Med.
Reklamos Paslaugos InterLogo.lt SQL Injection
15.10.2019
KingSkrupellos
Med.
SNAPY SQL INJECTION
13.10.2019
5TUP1D-BOY
Med.
Joomla 1.5.15 Cactus 1.2.0 SQL Injection
12.10.2019
KingSkrupellos
Med.
Joomla Vemod News Mailer 1.0 SQL Injection
12.10.2019
KingSkrupellos
Med.
Joomla MisterEstate 1.5.26 SQL Injection
12.10.2019
KingSkrupellos
Med.
Joomla 1.5.26 Google Maps 1.0.4 SQL Injection
12.10.2019
KingSkrupellos
Med.
Joomla MediaLibrary 1.5.26 SQL Injection
12.10.2019
KingSkrupellos
Med.
Joomla 1.5.26 Mad4Joomla 1.1.x SQL Injection
12.10.2019
KingSkrupellos
Med.
Joomla SwPhotoGallery 1.5.26 SQL Injection
12.10.2019
KingSkrupellos
Med.
Joomla Sumoku 3.9.8 SQL Injection
12.10.2019
KingSkrupellos
Med.
Project By BehaveAdv.it SQL Injection
11.10.2019
KingSkrupellos
Med.
Credits DWD Web Agency XSS SQL Injection
11.10.2019
KingSkrupellos
Med.
Moduliti Creation De Site İnternet Professionnel XSS SQL Injection
11.10.2019
KingSkrupellos
Med.
Mauro Boldrini Editore SportWebSRL SQL Injection
11.10.2019
KingSkrupellos
Med.
Original WebDesign By B2H WebMastering Marco R. Capelli SQL Injection
11.10.2019
KingSkrupellos
Med.
Servizi Multimediali SQL Injection
11.10.2019
KingSkrupellos


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2020-02-27
Medium
CVE-2019-4669

Vendor: IBM
Software: Business pro...
 

 
IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0 through 8.6.0.0 CF2018.03, and IBM Business Automation Workflow 18.0.0.1 through 19.0.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171254.

 
2020-02-26
Medium
CVE-2019-19986

Vendor: Seling
Software: Visual acces...
 

 
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. An attacker without authentication is able to execute arbitrary SQL SELECT statements by injecting the HTTP (POST or GET) parameter persoid into /tools/VamPersonPhoto.php. The SQL Injection type is Error-based (this means that relies on error messages thrown by the database server to obtain information about the structure of the database).

 
Medium
CVE-2019-4597

Vendor: IBM
Software: Sterling b2b...
 

 
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 167880.

 
Medium
CVE-2019-4598

Vendor: IBM
Software: Sterling b2b...
 

 
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 167881.

 
2020-02-24
Low
CVE-2020-1937

Vendor: Apache
Software: Kylin
 

 
Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries.

 
2020-02-22
Medium
CVE-2020-9340

Vendor: Fauzantrif election project
Software: Fauzantrif e...
 

 
fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandidat.php id parameter.

 
2020-02-20
Medium
CVE-2013-2018

Vendor: Berkeley
Software: Boinc
 

 
Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

 
Medium
CVE-2019-4752

Vendor: IBM
Software: Emptoris spe...
 

 
IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 173348.

 
Medium
CVE-2020-9318

Vendor: Red-gate
Software: Sql monitor
 

 
Red Gate SQL Monitor 9.0.13 through 9.2.14 allows an administrative user to perform a SQL injection attack by configuring the SNMP alert settings in the UI. This is fixed in 9.2.15.

 
2020-02-19
Medium
CVE-2014-9612

Vendor: Netsweeper
Software: Netsweeper
 

 
SQL injection vulnerability in remotereporter/load_logfiles.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to execute arbitrary SQL commands via the server parameter.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top