2022

CVE-2022-2269 8 Aug 2022
The Website File Changes Monitor WordPress plugin before 1.8.3 does not sanitise and escape user input before using it in a SQL statement via an action available to users with the manage_options capability (by default admins), leading to an SQL injection
CVE-2022-2460 8 Aug 2022
The WPDating WordPress plugin through 7.1.9 does not properly escape user input before concatenating it to certain SQL queries, leading to multiple SQL injection vulnerabilities.
CVE-2022-2708 8 Aug 2022
A vulnerability, which was classified as critical, was found in SourceCodester Gym Management System. This affects an unknown part of the file login.php. The manipulation of the argument user_login with the input [email protected]' OR (SELECT 9084 FROM(SELECT COUNT(*),CONCAT(0x7178767871,(SELECT (ELT(9084=9084,1))),0x71767a6271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- dPvW leads to sql injection. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-205833 was assigned to this vulnerability.
CVE-2022-2707 8 Aug 2022
A vulnerability classified as critical was found in SourceCodester Online Class and Exam Scheduling System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/faculty_sched.php. The manipulation of the argument faculty with the input ' OR (SELECT 2078 FROM(SELECT COUNT(*),CONCAT(0x716a717071,(SELECT (ELT(2078=2078,1))),0x717a706a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- uYCM leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205831.
CVE-2022-2706 8 Aug 2022
A vulnerability classified as critical has been found in SourceCodester Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file /pages/class_sched.php. The manipulation of the argument class with the input '||(SELECT 0x684d6b6c WHERE 5993=5993 AND (SELECT 2096 FROM(SELECT COUNT(*),CONCAT(0x717a786b71,(SELECT (ELT(2096=2096,1))),0x717a626271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||' leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-205830 is the identifier assigned to this vulnerability.
CVE-2022-2705 8 Aug 2022
A vulnerability was found in SourceCodester Simple Student Information System. It has been rated as critical. This issue affects some unknown processing of the file admin/departments/manage_department.php. The manipulation of the argument id with the input -5756%27%20UNION%20ALL%20SELECT%20NULL,database(),user(),NULL,NULL,NULL,NULL--%20- leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205829 was assigned to this vulnerability.
CVE-2022-2703 8 Aug 2022
A vulnerability was found in SourceCodester Gym Management System. It has been classified as critical. This affects an unknown part of the component Exercises Module. The manipulation of the argument exer leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205827.
CVE-2022-2700 8 Aug 2022
A vulnerability classified as critical has been found in SourceCodester Gym Management System. This affects an unknown part of the component GET Parameter Handler. The manipulation of the argument day leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205821 was assigned to this vulnerability.
CVE-2022-2699 8 Aug 2022
A vulnerability was found in SourceCodester Simple E-Learning System. It has been rated as critical. Affected by this issue is some unknown functionality of the file /claire_blake. The manipulation of the argument phoneNumber leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205820.
CVE-2022-2697 8 Aug 2022
A vulnerability was found in SourceCodester Simple E-Learning System. It has been classified as critical. Affected is an unknown function of the file comment_frame.php. The manipulation of the argument post_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-205818 is the identifier assigned to this vulnerability.
CVE-2022-2693 6 Aug 2022
A vulnerability has been found in SourceCodester Electronic Medical Records System and classified as critical. This vulnerability affects unknown code of the file register.php of the component UPDATE Statement Handler. The manipulation of the argument pconsultation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205816.
CVE-2022-2688 6 Aug 2022
A vulnerability was found in SourceCodester Expense Management System. It has been rated as critical. This issue affects the function fetch_report_credit of the file report.php of the component POST Parameter Handler. The manipulation of the argument from/to leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-205811.
CVE-2022-2687 6 Aug 2022
A vulnerability, which was classified as critical, was found in SourceCodester Gym Management System. Affected is an unknown function. The manipulation of the argument user_pass leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-205734 is the identifier assigned to this vulnerability.
CVE-2022-2680 5 Aug 2022
A vulnerability classified as critical has been found in SourceCodester Church Management System 1.0. Affected is an unknown function of the file /login.php. The manipulation of the argument username with the input ' OR (SELECT 7064 FROM(SELECT COUNT(*),CONCAT(0x71627a7671,(SELECT (ELT(7064=7064,1))),0x716b707871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- jURL leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205668.
CVE-2022-2679 5 Aug 2022
A vulnerability was found in SourceCodester Interview Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /viewReport.php. The manipulation of the argument id with the input (UPDATEXML(9729,CONCAT(0x2e,0x716b707071,(SELECT (ELT(9729=9729,1))),0x7162766a71),7319)) leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205667.
CVE-2022-2676 5 Aug 2022
A vulnerability was found in SourceCodester Electronic Medical Records System and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument user_email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205664.
CVE-2022-2674 5 Aug 2022
A vulnerability was found in SourceCodester Best Fee Management System. It has been rated as critical. Affected by this issue is the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205658 is the identifier assigned to this vulnerability.
CVE-2022-2673 5 Aug 2022
A vulnerability was found in Rigatur Online Booking and Hotel Management System aff6409. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Request Handler. The manipulation of the argument email/pass leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205657 was assigned to this vulnerability.
CVE-2022-2672 5 Aug 2022
A vulnerability was found in SourceCodester Garage Management System. It has been classified as critical. Affected is an unknown function of the file createUser.php. The manipulation of the argument userName/uemail leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205656.
CVE-2022-2671 5 Aug 2022
A vulnerability was found in SourceCodester Garage Management System and classified as critical. This issue affects some unknown processing of the file removeUser.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205655.
CVE-2022-2667 5 Aug 2022
A vulnerability was found in SourceCodester Loan Management System and classified as critical. This issue affects some unknown processing of the file delete_lplan.php. The manipulation of the argument lplan_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205619.
CVE-2022-2665 5 Aug 2022
A vulnerability classified as critical was found in SourceCodester Simple E-Learning System. Affected by this vulnerability is an unknown functionality of the file classroom.php. The manipulation of the argument post_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205615.
CVE-2022-2656 4 Aug 2022
A vulnerability classified as critical has been found in SourceCodester Multi Language Hotel Management Software. Affected is an unknown function. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205596.
CVE-2022-2648 4 Aug 2022
A vulnerability was found in SourceCodester Multi Language Hotel Management Software. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument room_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205595.
CVE-2022-2644 4 Aug 2022
A vulnerability was found in SourceCodester Online Admission System and classified as critical. This issue affects some unknown processing of the component GET Parameter Handler. The manipulation of the argument eid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-205565 was assigned to this vulnerability.
CVE-2022-2643 4 Aug 2022
A vulnerability has been found in SourceCodester Online Admission System and classified as critical. This vulnerability affects unknown code of the component POST Parameter Handler. The manipulation of the argument shift leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this entry is VDB-205564.
CVE-2022-31197 3 Aug 2022
PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious column name that contains a statement terminator, e.g. `;`, could lead to SQL injection. This could lead to executing additional SQL commands as the application's JDBC user. User applications that do not invoke the `ResultSet.refreshRow()` method are not impacted. User application that do invoke that method are impacted if the underlying database that they are querying via their JDBC application may be under the control of an attacker. The attack requires the attacker to trick the user into executing SQL against a table name who's column names would contain the malicious SQL and subsequently invoke the `refreshRow()` method on the ResultSet. Note that the application's JDBC user and the schema owner need not be the same. A JDBC application that executes as a privileged user querying database schemas owned by potentially malicious less-privileged users would be vulnerable. In that situation it may be possible for the malicious user to craft a schema that causes the application to execute commands as the privileged user. Patched versions will be released as `42.2.26` and `42.4.1`. Users are advised to upgrade. There are no known workarounds for this issue.
CVE-2022-35864 3 Aug 2022
This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPopupSubQueryDetails endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16690.
CVE-2022-34872 3 Aug 2022
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of Virtual Metrics. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16336.
CVE-2022-34871 3 Aug 2022
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of poller resources. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-16335.
CVE-2022-2272 3 Aug 2022
This vulnerability allows remote attackers to bypass authentication on affected installations of Sante PACS Server 3.0.4. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the login endpoint. When parsing the username element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17331.
CVE-2022-31181 1 Aug 2022
PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users unable to upgrade may delete the MySQL Smarty cache feature.
CVE-2022-1950 1 Aug 2022
The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection
CVE-2022-2577 29 Jul 2022
A vulnerability classified as critical was found in SourceCodester Garage Management System 1.0. This vulnerability affects unknown code of the file /edituser.php. The manipulation of the argument id with the input -2'%20UNION%20select%2011,user(),333,444--+ leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2022-27613 28 Jul 2022
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors.
CVE-2022-33965 25 Jul 2022
Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osamaesh WP Visitor Statistics plugin <= 5.7 at WordPress.
CVE-2022-33960 22 Jul 2022
Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress.
CVE-2022-30998 22 Jul 2022
Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in WooPlugins.co's Homepage Product Organizer for WooCommerce plugin <= 1.1 at WordPress.
CVE-2022-2142 22 Jul 2022
The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information.
CVE-2022-2137 22 Jul 2022
The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information
CVE-2022-2136 22 Jul 2022
The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information.
CVE-2022-2135 22 Jul 2022
The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information.
CVE-2022-32246 12 Jul 2022
SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impact on confidentiality and integrity of the application
CVE-2022-1057 11 Jul 2022
The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection
CVE-2022-31058 29 Jun 2022
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.95 Tuleap does not sanitize properly user inputs when constructing the SQL query to retrieve data for the tracker reports. An attacker with the capability to create a new tracker can execute arbitrary SQL queries. Users are advised to upgrade. There is no known workaround for this issue.
CVE-2022-31061 28 Jun 2022
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
CVE-2022-31101 28 Jun 2022
prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue.
CVE-2022-31092 27 Jun 2022
Pimcore is an Open Source Data & Experience Management Platform. Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results based on one or more columns which should be quoted by default. The actual issue is that quoting is not done properly in both cases, so there's the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the listing classes. This issue has been resolved in version 10.4.4. Users are advised to upgrade or to apple the patch manually. There are no known workarounds for this issue.
CVE-2022-1905 20 Jun 2022
The Events Made Easy WordPress plugin before 2.2.81 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
CVE-2022-1472 20 Jun 2022
The Better Find and Replace WordPress plugin before 1.3.6 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection

2021

CVE-2021-24957 25 Apr 2022
The Advanced Page Visit Counter WordPress plugin through 5.0.8 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenticated user, leading to a SQL injection
CVE-2021-25070 28 Mar 2022
The Block Bad Bots WordPress plugin before 6.88 does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issue
CVE-2021-25068 28 Mar 2022
The Sync WooCommerce Product feed to Google Shopping WordPress plugin through 1.2.4 uses the 'feed_id' POST parameter which is not properly sanitized for use in a SQL statement, leading to a SQL injection vulnerability in the admin dashboard
CVE-2021-25064 28 Mar 2022
The Wow Countdowns WordPress plugin through 3.1.2 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection.
CVE-2021-25007 14 Mar 2022
The MOLIE WordPress plugin through 0.5 does not validate and escape a post parameter before using in a SQL statement, leading to an SQL Injection
CVE-2021-24959 14 Mar 2022
The WP Email Users WordPress plugin through 1.7.6 does not escape the data_raw parameter in the weu_selected_users_1 AJAX action, available to any authenticated users, allowing them to perform SQL injection attacks.
CVE-2021-24952 7 Mar 2022
The Conversios.io WordPress plugin before 4.6.2 does not sanitise, validate and escape the sync_progressive_data parameter for the tvcajax_product_sync_bantch_wise AJAX action before using it in a SQL statement, allowing any authenticated user to perform SQL injection attacks.
CVE-2021-24778 7 Mar 2022
The test parameter of the xmlfeed in the Tradetracker-Store WordPress plugin before 4.6.60 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
CVE-2021-24864 28 Feb 2022
The WP Cloudy, weather plugin WordPress plugin before 4.4.9 does not escape the post_id parameter before using it in a SQL statement in the admin dashboard, leading to a SQL Injection issue
CVE-2021-25069 21 Feb 2022
The Download Manager WordPress plugin before 3.2.34 does not sanitise and escape the package_ids parameter before using it in a SQL statement, leading to a SQL injection, which can also be exploited to cause a Reflected Cross-Site Scripting issue
CVE-2021-25114 7 Feb 2022
The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape the discount_code in one of its REST route (available to unauthenticated users) before using it in a SQL statement, leading to a SQL injection
CVE-2021-24928 7 Feb 2022
The Rearrange Woocommerce Products WordPress plugin before 3.0.8 does not have proper access controls in the save_all_order AJAX action, nor validation and escaping when inserting user data in SQL statement, leading to an SQL injection, and allowing any authenticated user, such as subscriber, to modify arbitrary post content (for example with an XSS payload), as well as exfiltrate any data by copying it to another post.
CVE-2021-43927 7 Feb 2022
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.
CVE-2021-43926 7 Feb 2022
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.
CVE-2021-43925 7 Feb 2022
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.
CVE-2021-4088 24 Jan 2022
SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead to remote code execution on the ePO server with privilege escalation.
CVE-2021-25076 24 Jan 2022
The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting
CVE-2021-25045 24 Jan 2022
The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issue
CVE-2021-24865 24 Jan 2022
The Advanced Custom Fields: Extended WordPress plugin before 0.8.8.7 does not validate the order and orderby parameters before using them in a SQL statement, leading to a SQL Injection issue
CVE-2021-24858 24 Jan 2022
The Cookie Notification Plugin for WordPress plugin before 1.0.9 does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin dashboard, leading to an authenticated SQL Injection
CVE-2021-25037 17 Jan 2022
The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was discovered during an internal audit by the Jetpack Scan team, and could grant attackers access to privileged information from the affected site’s database (e.g., usernames and hashed passwords).
CVE-2021-25054 10 Jan 2022
The WPcalc WordPress plugin through 2.1 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection vulnerability.
CVE-2021-24949 10 Jan 2022
The "WP Search Filters" widget of The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection
CVE-2021-24862 10 Jan 2022
The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue
CVE-2021-44161 (v3: 8.8) 29 Dec 2021
Changing MOTP (Mobile One Time Password) system’s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication.
CVE-2021-43851 (v3: 8.1) 22 Dec 2021
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. SQL injection vulnerability exist in multiple files in Time Tracker version 1.19.33.5606 and prior due to not properly checking of the "group" and "status" parameters in POST requests. Group parameter is posted along when navigating between organizational subgroups (groups.php file). Status parameter is used in multiple files to change a status of an entity such as making a project, task, or user inactive. This issue has been patched in version 1.19.33.5607. An upgrade is highly recommended. If an upgrade is not practical, introduce ttValidStatus function as in the latest version and start using it user input check blocks wherever status field is used. For groups.php fix, introduce ttValidInteger function as in the latest version and use it in the access check block in the file.
CVE-2021-24849 21 Dec 2021
The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections
CVE-2021-24846 21 Dec 2021
The get_query() function of the Ni WooCommerce Custom Order Status WordPress plugin before 1.9.7, used by the niwoocos_ajax AJAX action, available to all authenticated users, does not properly sanitise the sort parameter before using it in a SQL statement, leading to an SQL injection, exploitable by any authenticated users, such as subscriber
CVE-2021-24750 21 Dec 2021
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks
CVE-2021-41262 (v3: 8.8) 16 Dec 2021
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to SQL injection attacks by users with "member" privilege. Users are advised to upgrade to version 0.9.6 as soon as possible. There are no known workarounds.
CVE-2021-43806 (v3: 8.8) 15 Dec 2021
Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly user settings when constructing the SQL query to browse and search commits in the CVS repositories. A authenticated malicious user with read access to a CVS repository could execute arbitrary SQL queries. Tuleap instances without an active CVS repositories are not impacted. The following versions contain the fix: Tuleap Community Edition 13.2.99.155, Tuleap Enterprise Edition 13.1-7, and Tuleap Enterprise Edition 13.2-6.
CVE-2021-42945 (v3: 9.8) 15 Dec 2021
A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclassid parameter in /admin/ask.php.
CVE-2021-43830 (v3: 7.4) 14 Dec 2021
OpenProject is a web-based project management software. OpenProject versions >= 12.0.0 are vulnerable to a SQL injection in the budgets module. For authenticated users with the "Edit budgets" permission, the request to reassign work packages to another budget unsufficiently sanitizes user input in the `reassign_to_id` parameter. The vulnerability has been fixed in version 12.0.4. Versions prior to 12.0.0 are not affected. If you're upgrading from an older version, ensure you are upgrading to at least version 12.0.4. If you are unable to upgrade in a timely fashion, the following patch can be applied: https://github.com/opf/openproject/pull/9983.patch
CVE-2021-43822 (v3: 8.5) 13 Dec 2021
Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API (PHPCR) using a relational database to persist data. In affected versions users can provoke SQL injections if they can specify a node name or query. Upgrade to version 1.7.4 to resolve this issue. If that is not possible, you can escape all places where `$property` is used to filter `sv:name` in the class `Jackalope\Transport\DoctrineDBAL\Query\QOMWalker`: `XPath::escape($property)`. Node names and xpaths can contain `"` or `;` according to the JCR specification. The jackalope component that translates the query object model into doctrine dbal queries does not properly escape the names and paths, so that a accordingly crafted node name can lead to an SQL injection. If queries are never done from user input, or if you validate the user input to not contain `;`, you are not affected.
CVE-2021-24951 13 Dec 2021
The LearnPress WordPress plugin before 4.1.4 does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Injections issues
CVE-2021-24861 13 Dec 2021
The Quotes Collection WordPress plugin through 2.5.2 does not validate and escape the bulkcheck parameter before using it in a SQL statement, leading to a SQL injection
CVE-2021-24848 13 Dec 2021
The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPress plugin through 2.7, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL statement, leading to an SQL injection
CVE-2021-24747 13 Dec 2021
The SEO Booster WordPress plugin through 3.7 allows for authenticated SQL injection via the "fn_my_ajaxified_dataloader_ajax" AJAX request as the $_REQUEST['order'][0]['dir'] parameter is not properly escaped leading to blind and error-based SQL injections.
CVE-2021-3817 9 Dec 2021
wbce_cms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
CVE-2021-43789 (v3: 7.5) 7 Dec 2021
PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop prior to 1.7.8.2 are vulnerable to blind SQL injection using search filters with `orderBy` and `sortOrder` parameters. The problem is fixed in version 1.7.8.2.
CVE-2021-29114 (v3: 9.8) 7 Dec 2021
A SQL injection vulnerability in feature services provided by Esri ArcGIS Server 10.9 and below allows a remote, unauthenticated attacker to impact the confidentiality, integrity and availability of targeted services via specifically crafted queries.
CVE-2021-24943 6 Dec 2021
The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the event_id in the rtec_send_unregister_link AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL injection.
CVE-2021-24931 6 Dec 2021
The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an SQL injection.
CVE-2021-24866 6 Dec 2021
The WP Data Access WordPress plugin before 5.0.0 does not properly sanitise and escape the backup_date parameter before using it a SQL statement, leading to a SQL injection issue and could allow arbitrary table deletion
CVE-2021-43035 (v3: 9.8) 6 Dec 2021
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Two unauthenticated SQL injection vulnerabilities were discovered, allowing arbitrary SQL queries to be injected and executed under the postgres superuser account. Remote code execution was possible, leading to full access to the postgres user account.
CVE-2021-41679 (v3: 9.8) 30 Nov 2021
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/grades/InputFinalGrades.php, period parameter.
CVE-2021-41678 (v3: 9.8) 30 Nov 2021
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/users/Staff.php, staff{TITLE] parameter.
CVE-2021-41677 (v3: 9.8) 30 Nov 2021
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/functions/GetStuListFnc.php &Grade= parameter.
CVE-2021-24889 (v3: 7.2) 29 Nov 2021
The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks
CVE-2021-24860 (v3: 7.2) 29 Nov 2021
The BSK PDF Manager WordPress plugin before 3.1.2 does not validate and escape the orderby and order parameters before using them in a SQL statement, leading to a SQL injection issue

2020

CVE-2020-35012 1 Dec 2021
The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to an SQL Injection
CVE-2020-21133 (v3: 9.8) 12 Jul 2021
SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpassword.php?lang=cn&a=dovalid.
CVE-2020-21132 (v3: 9.8) 12 Jul 2021
SQL Injection vulnerability in Metinfo 7.0.0beta in index.php.
CVE-2020-21131 (v3: 7.2) 12 Jul 2021
SQL Injection vulnerability in MetInfo 7.0.0beta via admin/?n=language&c=language_web&a=doAddLanguage.
CVE-2020-15153 30 Apr 2021
Ampache before version 4.2.2 allows unauthenticated users to perform SQL injection. Refer to the referenced GitHub Security Advisory for details and a workaround. This is fixed in version 4.2.2 and the development branch.
CVE-2020-35337 (v3: 9.8) 24 Mar 2021
ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands.
CVE-2020-35329 (v3: 6.5) 4 Mar 2021
Courier Management System 1.0 1.0 is affected by SQL Injection via 'MULTIPART street '.
CVE-2020-36002 (v3: 7.5) 17 Feb 2021
Seat-Reservation-System 1.0 has a SQL injection vulnerability in index.php in the id and file parameters where attackers can obtain sensitive database information.
CVE-2020-36003 (v3: 7.5) 17 Feb 2021
The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases.
CVE-2020-18713 (v3: 9.8) 5 Feb 2021
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php
CVE-2020-18714 (v3: 9.8) 5 Feb 2021
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordModel.php's getdata function.
CVE-2020-18716 (v3: 9.8) 5 Feb 2021
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php.
CVE-2020-35666 (v3: 8.8) 23 Dec 2020
Steedos Platform through 1.21.24 allows NoSQL injection because the /api/collection/findone implementation in server/packages/steedos_base.js mishandles req.body validation, as demonstrated by MongoDB operator attacks such as an X-User-Id[$ne]=1 value.
CVE-2020-13968 (v3: 9.8) 23 Dec 2020
CRK Business Platform <= 2019.1 allows can inject SQL statements against the DB on any path using the 'strSessao' parameter.
CVE-2020-28070 (v3: 9.8) 23 Dec 2020
SourceCodester Alumni Management System 1.0 is affected by SQL injection causing arbitrary remote code execution from GET input in view_event.php via the 'id' parameter.
CVE-2020-28073 (v3: 9.8) 23 Dec 2020
SourceCodester Library Management System 1.0 is affected by SQL Injection allowing an attacker to bypass the user authentication and impersonate any user on the system.
CVE-2020-28074 (v3: 9.8) 23 Dec 2020
SourceCodester Online Health Care System 1.0 is affected by SQL Injection which allows a potential attacker to bypass the authentication system and become an admin.
CVE-2020-25608 (v3: 7.2) 18 Dec 2020
The SAS portal of Mitel MiCollab before 9.2 could allow an attacker to access user credentials due to improper input validation, aka SQL Injection.
CVE-2020-35378 (v3: 9.8) 14 Dec 2020
SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute arbitrary SQL commands and bypass authentication via the username and password fields.
CVE-2020-35382 (v3: 7.2) 14 Dec 2020
SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user.
CVE-2020-24400 9 Nov 2020
Magento versions 2.4.0 and 2.3.5 (and earlier) are affected by an SQL Injection vulnerability that could lead to sensitive information disclosure. This vulnerability could be exploited by an authenticated user with permissions to the product listing page to read data from the database.
CVE-2020-23945 (v3: 7.5) 27 Oct 2020
A SQL injection vulnerability exists in Victor CMS V1.0 in the cat_id parameter of the category.php file. This parameter can be used by sqlmap to obtain data information in the database.
CVE-2020-15792 15 Oct 2020
A vulnerability has been identified in Desigo Insight (All versions). The web service does not properly apply input validation for some query parameters in a reserved area. This could allow an authenticated attacker to retrieve data via a content-based blind SQL injection attack.
CVE-2020-15226 7 Oct 2020
In GLPI before version 9.5.2, there is a SQL Injection in the API's search function. Not only is it possible to break the SQL syntax, but it is also possible to utilise a UNION SELECT query to reflect sensitive information such as the current database version, or database user. The most likely scenario for this vulnerability is with someone who has an API account to the system. The issue is patched in version 9.5.2. A proof-of-concept with technical details is available in the linked advisory.
CVE-2020-15176 7 Oct 2020
In GLPI before version 9.5.2, when supplying a back tick in input that gets put into a SQL query,the application does not escape or sanitize allowing for SQL Injection to occur. Leveraging this vulnerability an attacker is able to exfiltrate sensitive information like passwords, reset tokens, personal details, and more. The issue is patched in version 9.5.2
CVE-2020-15160 25 Sep 2020
PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerable to a blind SQL Injection attack in the Catalog Product edition page with location parameter. The problem is fixed in 1.7.6.8
CVE-2020-17463 (v3: 9.8) 13 Aug 2020
FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.
CVE-2020-15616 28 Jul 2020
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the package parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9706.
CVE-2020-15617 28 Jul 2020
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the status parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9708.
CVE-2020-15618 28 Jul 2020
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the username parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9717.
CVE-2020-15619 28 Jul 2020
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the type parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9723.
CVE-2020-15620 28 Jul 2020
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the id parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9741.
CVE-2020-15621 28 Jul 2020
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the email parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9711.
CVE-2020-15622 28 Jul 2020
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the search parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9712.
CVE-2020-15624 28 Jul 2020
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_new_account.php. When parsing the domain parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9727.
CVE-2020-15625 28 Jul 2020
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_add_mailbox.php. When parsing the username parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9729.
CVE-2020-15626 28 Jul 2020
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the term parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9730.
CVE-2020-15627 28 Jul 2020
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the account parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9738.
CVE-2020-15628 28 Jul 2020
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the user parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9710.
CVE-2020-15713 (v3: 8.8) 28 Jul 2020
rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.php script using the sortBy parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database.
CVE-2020-15714 (v3: 8.8) 28 Jul 2020
rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.crud.php script using the custom_Location parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database.
CVE-2020-10546 (v3: 9.8) 4 Jun 2020
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE-2020-10547 (v3: 9.8) 4 Jun 2020
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE-2020-10548 (v3: 9.8) 4 Jun 2020
rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE-2020-10549 (v3: 9.8) 4 Jun 2020
rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE-2020-3339 (v3: 5.4) 3 Jun 2020
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain and modify sensitive information that is stored in the underlying database.
CVE-2020-4035 3 Jun 2020
In WatermelonDB (NPM package "@nozbe/watermelondb") before versions 0.15.1 and 0.16.2, a maliciously crafted record ID can exploit a SQL Injection vulnerability in iOS adapter implementation and cause the app to delete all or selected records from the database, generally causing the app to become unusable. This may happen in apps that don't validate IDs (valid IDs are `/^[a-zA-Z0-9_-.]+$/`) and use Watermelon Sync or low-level `database.adapter.destroyDeletedRecords` method. The integrity risk is low due to the fact that maliciously deleted records won't synchronize, so logout-login will restore all data, although some local changes may be lost if the malicious deletion causes the sync process to fail to proceed to push stage. No way to breach confidentiality with this vulnerability is known. Full exploitation of SQL Injection is mitigated, because it's not possible to nest an insert/update query inside a delete query in SQLite, and it's not possible to pass a semicolon-separated second query. There's also no known practicable way to breach confidentiality by selectively deleting records, because those records will not be synchronized. It's theoretically possible that selective record deletion could cause an app to behave insecurely if lack of a record is used to make security decisions by the app. This is patched in versions 0.15.1, 0.16.2, and 0.16.1-fix
CVE-2020-8967 (v3: 9.8) 1 Jun 2020
There is an improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability in php files of GESIO ERP. GESIO ERP all versions prior to 11.2 allows malicious users to retrieve all database information.
CVE-2020-6241 (v3: 8.8) 12 May 2020
SAP Adaptive Server Enterprise, version 16.0, allows an authenticated user to execute crafted database queries to elevate privileges of users in the system, leading to SQL Injection.
CVE-2020-12766 (v3: 9.8) 9 May 2020
Gnuteca 3.8 allows action=main:search:simpleSearch SQL Injection via the exemplaryStatusId parameter.

2019

CVE-2019-19286 14 Dec 2020
A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow SQL injection attacks if an attacker is able to modify content of particular web pages.
CVE-2019-4680 (v3: 8.8) 20 Oct 2020
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.2.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171733.
CVE-2019-20842 (v3: 7.2) 19 Jun 2020
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There is SQL injection by admins via SearchAllChannels.
CVE-2019-18866 (v3: 7.5) 7 May 2020
Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3.00r4 allows a user to extract arbitrary data from the rkc database.
CVE-2019-20730 (v3: 9.8) 16 Apr 2020
Certain NETGEAR devices are affected by SQL injection. This affects D3600 before 1.0.0.68, D6000 before 1.0.0.68, D6200 before 1.1.00.28, D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7000v2 before 1.0.0.74, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DC112A before 1.0.0.40, EX8000 before 1.0.0.118, JR6150 before 1.0.1.18, R6050 before 1.0.1.18, R6220 before 1.1.0.66, R6250 before 1.0.4.26, R6300v2 before 1.0.4.24, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.44, R6700v2 before 1.2.0.16, R6800 before 1.2.0.16, R6900v2 before 1.2.0.16, R6900 before 1.0.1.44, R7000 before 1.0.9.26, R6900P before 1.3.0.20, R7000P before 1.3.0.20, R7100LG before 1.0.0.40, R7300DST before 1.0.0.62, R7500 before 1.0.0.118, R7500v2 before 1.0.3.26, R7800 before 1.0.2.40, R7900 before 1.0.2.10, R8000 before 1.0.4.12, R7900P before 1.3.0.10, R8000P before 1.3.0.10, R8300 before 1.0.2.116, R8500 before 1.0.2.116, R8900 before 1.0.3.6, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.102, WNDR3700v5 before 1.1.0.54, WNDR4300v1 before 1.0.2.98, WNDR4300v2 before 1.0.0.56, and WNDR4500v3 before 1.0.0.56.
CVE-2019-19094 (v3: 7.6) 2 Apr 2020
Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database.
CVE-2019-7755 (v3: 8.8) 30 Mar 2020
In webERP 4.15, the Import Bank Transactions function fails to sanitize the content of imported MT940 bank statement files, resulting in the execution of arbitrary SQL queries, aka SQL Injection.
CVE-2019-20576 (v3: 9.8) 24 Mar 2020
An issue was discovered on Samsung mobile devices with P(9.0) software. The MemorySaver Content Provider allows SQL injection. The Samsung ID is SVE-2019-14365 (August 2019).
CVE-2019-20591 (v3: 7.8) 24 Mar 2020
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Gear VR Service Content Provider. The Samsung ID is SVE-2019-14058 (July 2019).
CVE-2019-20592 (v3: 7.8) 24 Mar 2020
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Story Video Editor Content Provider. The Samsung ID is SVE-2019-14062 (July 2019).
CVE-2019-20613 (v3: 8.1) 24 Mar 2020
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is time-based SQL injection in Contacts. The Samsung ID is SVE-2018-13452 (March 2019).
CVE-2019-20573 (v3: 7.8) 24 Mar 2020
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the RCS Content Provider. The Samsung IDs are SVE-2019-14059, SVE-2019-14685 (August 2019).
CVE-2019-20574 (v3: 7.8) 24 Mar 2020
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Wi-Fi history Content Provider. The Samsung ID is SVE-2019-14061 (August 2019).
CVE-2019-19026 (v3: 4.9) 20 Mar 2020
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform.
CVE-2019-19029 (v3: 7.2) 20 Mar 2020
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform.
CVE-2019-16065 (v3: 8.8) 19 Mar 2020
A remote SQL injection web vulnerability was discovered in the Enigma NMS 65.0.0 and prior web application that allows an attacker to execute SQL commands to expose and compromise the web server, expose database tables and values, and potentially execute system-based commands as the mysql user. This affects the search_pattern value of the manage_hosts_short.cgi script.
CVE-2019-16012 (v3: 8.1) 19 Mar 2020
A vulnerability in the web UI of Cisco SD-WAN Solution vManage software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web UI improperly validates SQL values. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on, or return values from, the underlying database as well as the operating system.
CVE-2019-19212 (v3: 9.8) 16 Mar 2020
Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen).
CVE-2019-19209 (v3: 7.5) 16 Mar 2020
Dolibarr ERP/CRM before 10.0.3 allows SQL Injection.
CVE-2019-19292 (v3: 8.8) 10 Mar 2020
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) contains an SQL injection vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to read or modify the CCS database and potentially execute administrative database operations or operating system commands.
CVE-2019-17647 (v3: 9.8) 5 Mar 2020
An issue was discovered in Centreon before 2.8.30, 18.10.8, 19.04.5, and 19.10.2. SQL Injection exists via the include/monitoring/status/Hosts/xml/hostXML.php instance parameter.
CVE-2019-20107 (v3: 8.8) 5 Mar 2020
Multiple SQL injection vulnerabilities in TestLink through 1.9.19 allows remote authenticated users to execute arbitrary SQL commands via the (1) tproject_id parameter to keywordsView.php; the (2) req_spec_id parameter to reqSpecCompareRevisions.php; the (3) requirement_id parameter to reqCompareVersions.php; the (4) build_id parameter to planUpdateTC.php; the (5) tplan_id parameter to newest_tcversions.php; the (6) tplan_id parameter to tcCreatedPerUserGUI.php; the (7) tcase_id parameter to tcAssign2Tplan.php; or the (8) testcase_id parameter to tcCompareVersions.php. Authentication is often easy to achieve: a guest account, that can execute this attack, can be created by anyone in the default configuration.
CVE-2019-19607 (v3: 9.8) 2 Mar 2020
A SQL injection vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the session parameter. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts.
CVE-2019-19608 (v3: 9.8) 2 Mar 2020
A SQL injection vulnerability in in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the registeredList.cgi page. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts.
CVE-2019-4669 (v3: 6.3) 27 Feb 2020
IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0 through 8.6.0.0 CF2018.03, and IBM Business Automation Workflow 18.0.0.1 through 19.0.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171254.
CVE-2019-4597 (v3: 6.3) 26 Feb 2020
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 167880.
CVE-2019-4598 (v3: 6.3) 26 Feb 2020
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 167881.
CVE-2019-19986 (v3: 7.5) 26 Feb 2020
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. An attacker without authentication is able to execute arbitrary SQL SELECT statements by injecting the HTTP (POST or GET) parameter persoid into /tools/VamPersonPhoto.php. The SQL Injection type is Error-based (this means that relies on error messages thrown by the database server to obtain information about the structure of the database).
CVE-2019-4752 (v3: 8.8) 20 Feb 2020
IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 173348.
CVE-2019-20059 (v3: 8.8) 10 Feb 2020
payment_manage.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.4 directly insert values from the sSortDir_0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection. NOTE: this issue exists because of an incomplete fix for CVE-2019-19732.
CVE-2019-20447 (v3: 9.8) 5 Feb 2020
Jobberbase 2.0 has SQL injection via the PATH_INFO to the jobs-in endpoint.
CVE-2019-15622 (v3: 2.4) 4 Feb 2020
Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries.
CVE-2019-12619 (v3: 6.5) 26 Jan 2020
A vulnerability in the web interface for Cisco SD-WAN Solution vManage could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data.
CVE-2019-17357 (v3: 6.5) 21 Jan 2020
Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery.
CVE-2019-20179 (v3: 8.8) 9 Jan 2020
SOPlanning 1.45 has SQL injection via the user_list.php "by" parameter.
CVE-2019-4651 (v3: 9.8) 9 Jan 2020
IBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170962.
CVE-2019-20361 (v3: 9.8) 8 Jan 2020
There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).
CVE-2019-15984 (v3: 7.2) 6 Jan 2020
Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.
CVE-2019-15985 (v3: 7.2) 6 Jan 2020
Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.
CVE-2019-20337 (v3: 7.2) 5 Jan 2020
In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.php news_id parameter is vulnerable to SQL Injection.
CVE-2019-7478 (v3: 9.8) 31 Dec 2019
A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulnerability affected GMS versions GMS 8.4, 8.5, 8.6, 8.7, 9.0 and 9.1.
CVE-2019-19732 (v3: 7.2) 30 Dec 2019
translation_manage_text.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 directly insert values from the aSortDir_0 and/or sSortDir_0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection.
CVE-2019-19734 (v3: 8.8) 30 Dec 2019
_account_move_file_in_folder.ajax.php in MFScripts YetiShare 3.5.2 directly inserts values from the fileIds parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection.
CVE-2019-6012 (v3: 7.2) 26 Dec 2019
SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2019-18234 (v3: 9.8) 23 Dec 2019
Equinox Control Expert all versions, is vulnerable to an SQL injection attack, which may allow an attacker to remotely execute arbitrary code.
CVE-2019-17527 (v3: 9.8) 19 Dec 2019
dataForDepandantField in models/custormfields.php in the JS JOBS FREE extension before 1.2.7 for Joomla! allows SQL Injection via the index.php?option=com_jsjobs&task=customfields.getfieldtitlebyfieldandfieldfo child parameter.
CVE-2019-7484 (v3: 6.5) 19 Dec 2019
Authenticated SQL Injection in SonicWall SMA100 allow user to gain read-only access to unauthorized resources using viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier.
CVE-2019-8600 (v3: 9.8) 18 Dec 2019
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A maliciously crafted SQL query may lead to arbitrary code execution.
CVE-2019-19846 (v3: 9.8) 18 Dec 2019
In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.
CVE-2019-19850 (v3: 7.2) 17 Dec 2019
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backend user who has administrator privileges.

2018

CVE-2018-14502 (v3: 9.8) 10 Mar 2020
controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters.
CVE-2018-16356 (v3: 9.8) 2 Mar 2020
An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter.
CVE-2018-16357 (v3: 9.8) 2 Mar 2020
An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order parameter.
CVE-2018-7282 (v3: 9.8) 6 Dec 2019
The username parameter of the TITool PrintMonitor solution during the login request is vulnerable to and/or time-based blind SQLi.
CVE-2018-21021 (v3: 8.8) 8 Oct 2019
img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter.
CVE-2018-21022 (v3: 8.8) 8 Oct 2019
makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter.
CVE-2018-21003 (v3: 9.8) 27 Aug 2019
The buddyforms plugin before 2.2.8 for WordPress has SQL injection.
CVE-2018-21004 (v3: 9.8) 27 Aug 2019
The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection.
CVE-2018-20887 (v3: 9.8) 1 Aug 2019
cPanel before 74.0.0 allows SQL injection during database backups (SEC-420).
CVE-2018-11772 (v3: 7.2) 29 Jul 2019
Apache VCL versions 2.1 through 2.5 do not properly validate cookie input when determining what node (if any) was previously selected in the privilege tree. The cookie data is then used in an SQL statement. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of security seem to protect against malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech.
CVE-2018-11774 (v3: 7.2) 29 Jul 2019
Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of security seem to protect against malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech.
CVE-2018-13442 (v3: 8.8) 16 Jul 2019
SolarWinds Network Performance Monitor 12.3 allows SQL Injection via the /api/ActiveAlertsOnThisEntity/GetActiveAlerts TriggeringObjectEntityNames parameter.
CVE-2018-12250 (v3: 7.2) 3 Jul 2019
An issue was discovered in Elite CMS Pro 2.01. In /admin/add_sidebar.php, the ?page= parameter is vulnerable to SQL injection.
CVE-2018-15868 (v3: 9.8) 21 Jun 2019
SQL injection vulnerability in ChronoScan version 1.5.4.3 and earlier allows an unauthenticated attacker to execute arbitrary SQL commands via the wcr_machineid cookie.
CVE-2018-16116 (v3: 8.8) 20 Jun 2019
SQL injection vulnerability in AccountStatus.jsp in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary SQL commands via the "username" GET parameter.
CVE-2018-15892 (v3: 4.3) 20 Jun 2019
FreePBX 13 and 14 has SQL Injection in the DISA module via the hangup variable on the /admin/config.php?display=disa&view=form page.
CVE-2018-16251 (v3: 4.3) 20 Jun 2019
A "search for user discovery" injection issue exists in Creatiwity wityCMS 0.6.2 via the "Utilisateur" menu. No input parameters are filtered, e.g., the /admin/user/users Nickname, email, firstname, lastname, and groupe parameters.
CVE-2018-17374 (v3: 9.8) 19 Jun 2019
SQL Injection exists in the Auction Factory 4.5.5 component for Joomla! via the filter_order_Dir or filter_order parameter.
CVE-2018-17381 (v3: 9.8) 19 Jun 2019
SQL Injection exists in the Dutch Auction Factory 2.0.2 component for Joomla! via the filter_order_Dir or filter_order parameter.
CVE-2018-17386 (v3: 9.8) 19 Jun 2019
SQL Injection exists in the Micro Deal Factory 2.4.0 component for Joomla! via the id parameter, or the PATH_INFO to mydeals/ or listdeals/.
CVE-2018-17388 (v3: 9.8) 19 Jun 2019
SQL Injection exists in Twilio WEB To Fax Machine System 1.0 via the email or password parameter to login_check.php, or the id parameter to add_email.php or edit_content.php.
CVE-2018-17393 (v3: 9.8) 19 Jun 2019
SQL Injection exists in HealthNode Hospital Management System 1.0 via the id parameter to dashboard/Patient/info.php or dashboard/Patient/patientdetails.php.
CVE-2018-17398 (v3: 9.8) 19 Jun 2019
SQL Injection exists in the AMGallery 1.2.3 component for Joomla! via the filter_category_id parameter.
CVE-2018-17399 (v3: 9.8) 19 Jun 2019
SQL Injection exists in the Jimtawl 2.2.7 component for Joomla! via the id parameter.
CVE-2018-17840 (v3: 9.8) 19 Jun 2019
SQL injection exists in Scriptzee Education Website 1.0 via the college_list.html subject, city, or country parameter.
CVE-2018-17841 (v3: 9.8) 19 Jun 2019
SQL injection exists in Scriptzee Flippa Marketplace Clone 1.0 via the site-search sortBy or sortDir parameter.
CVE-2018-17842 (v3: 9.8) 19 Jun 2019
SQL injection exists in Scriptzee Hotel Booking Engine 1.0 via the hotels h_room_type parameter.
CVE-2018-18757 (v3: 9.8) 19 Jun 2019
Open Faculty Evaluation System 5.6 for PHP 5.6 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18758.
CVE-2018-18758 (v3: 9.8) 19 Jun 2019
Open Faculty Evaluation System 7 for PHP 7 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18757.
CVE-2018-20469 (v3: 9.8) 17 Jun 2019
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to h2 SQL injection. This can be exploited to inject SQL queries and run standard h2 system functions.
CVE-2018-11800 (v3: 9.8) 11 Jun 2019
SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table.
CVE-2018-11801 (v3: 9.8) 11 Jun 2019
SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on a m_center data related table.
CVE-2018-20091 (v3: 9.9) 7 Jun 2019
An SQL injection vulnerability was found in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. This would allow any authenticated user to run arbitrary queries against CDSW's internal database. The database contains user contact information, encrypted CDSW passwords (in the case of local authentication), API keys, and stored Kerberos keytabs.
CVE-2018-5404 (v3: 6.5) 3 Jun 2019
The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. An authenticated remote attacker could leverage Blind SQL injections to obtain sensitive data.
CVE-2018-17843 (v3: 9.8) 24 May 2019
SQL injection exists in ADD Clicking MLM Software 1.0, Binary MLM Software 1.0, Level MLM Software 1.0, Singleleg MLM Software 1.0, Autopool MLM Software 1.0, Investment MLM Software 1.0, Bidding MLM Software 1.0, Moneyorder MLM Software 1.0, Repurchase MLM Software 1.0, and Gift MLM Software 1.0 via the member/readmsg.php msg_id parameter, the member/tree.php pid parameter, or the member/downline.php m_id parameter.
CVE-2018-7841 (v3: 9.8) 22 May 2019
A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered.
CVE-2018-17179 (v3: 9.8) 17 May 2019
An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL Injection in the make_task function in /interface/forms/eye_mag/php/taskman_functions.php via /interface/forms/eye_mag/taskman.php.
CVE-2018-17181 (v3: 9.8) 17 May 2019
An issue was discovered in OpenEMR before 5.0.1 Patch 7. SQL Injection exists in the SaveAudit function in /portal/lib/paylib.php and the portalAudit function in /portal/lib/appsql.class.php.
CVE-2018-17048 (v3: 7.5) 16 May 2019
admin/Lib/Action/FpluginAction.class.php in FDCMS (aka Fangfa Content Manage System) 4.2 allows SQL Injection.
CVE-2018-18800 (v3: 9.8) 14 May 2019
The Tubigan "Welcome to our Resort" 1.0 software allows SQL Injection via index.php?p=accomodation&q=[SQL], index.php?p=rooms&q=[SQL], or admin/login.php.
CVE-2018-16137 (v3: 8.8) 13 May 2019
An issue was discovered in the Web Management Console in IPBRICK OS 6.3. There are multiple SQL injections.
CVE-2018-12295 (v3: 9.8) 13 May 2019
SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3.15.1 allows attackers to execute arbitrary SQL commands via the dirId URL parameter.
CVE-2018-14874 (v3: 8.8) 30 Apr 2019
An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. Input passed through the code parameter in three pages as collaterals/colexe3t.jsp and /references/refsuppu.jsp and /references/refbranu.jsp is mishandled before being used in SQL queries, allowing SQL injection with an authenticated session.
CVE-2018-18285 (v3: 9.8) 25 Apr 2019
SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the login interface. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts.
CVE-2018-18286 (v3: 9.8) 25 Apr 2019
SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the changepwd interface. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts.
CVE-2018-18251 (v3: 9.8) 24 Apr 2019
Deltek Vision 7.x before 7.6 permits the execution of any attacker supplied SQL statement through a custom RPC over HTTP protocol. The Vision system relies on the client binary to enforce security rules and integrity of SQL statements and other content being sent to the server. Client HTTP calls can be manipulated by one of several means to execute arbitrary SQL statements (similar to SQLi) or possibly have unspecified other impact via this custom protocol. To perform these attacks an authenticated session is first required. In some cases client calls are obfuscated by encryption, which can be bypassed due to hard-coded keys and an insecure key rotation protocol. Impacts may include remote code execution in some deployments; however, the vendor states that this cannot occur when the installation documentation is heeded.
CVE-2018-18018 (v3: 9.8) 15 Apr 2019
SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter.
CVE-2018-1994 (v3: 9.8) 10 Apr 2019
IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 154494.
CVE-2018-20505 (v3: 7.5) 3 Apr 2019
SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).
CVE-2018-20678 (v3: 8.8) 28 Mar 2019
LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search.

2017

CVE-2017-20143 22 Jul 2022
A vulnerability, which was classified as critical, has been found in Itech Movie Portal Script 7.36. This issue affects some unknown processing of the file /film-rating.php. The manipulation of the argument v leads to sql injection (Error). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2017-20142 22 Jul 2022
A vulnerability classified as critical was found in Itech Movie Portal Script 7.36. This vulnerability affects unknown code of the file /artist-display.php. The manipulation of the argument act leads to sql injection (Union). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2017-20141 22 Jul 2022
A vulnerability classified as critical has been found in Itech Movie Portal Script 7.36. This affects an unknown part of the file /movie.php. The manipulation of the argument f leads to sql injection (Union). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2017-20139 22 Jul 2022
A vulnerability was found in Itech Movie Portal Script 7.36. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /show_news.php. The manipulation of the argument id with the input AND (SELECT 1222 FROM(SELECT COUNT(*),CONCAT(0x71786b7a71,(SELECT (ELT(1222=1222,1))),0x717a627871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) leads to sql injection (Error). The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2017-14807 (v3: 8.1) 27 Jan 2020
An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data. This issue affects: SUSE Studio onsite susestudio-ui-server version 1.3.17-56.6.3 and prior versions.
CVE-2017-18614 (v3: 8.1) 13 Sep 2019
The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter.
CVE-2017-18602 (v3: 8.8) 10 Sep 2019
The examapp plugin 1.0 for WordPress has SQL injection via the wp-admin/admin.php?page=examapp_UserResult id parameter.
CVE-2017-18597 (v3: 8.8) 10 Sep 2019
The jtrt-responsive-tables plugin before 4.1.2 for WordPress has SQL Injection via the admin/class-jtrt-responsive-tables-admin.php tableId parameter.
CVE-2017-18570 (v3: 9.8) 22 Aug 2019
The cforms2 plugin before 14.13 for WordPress has SQL injection in the tracking DB GUI via Delete Entries or Download Entries.
CVE-2017-18571 (v3: 9.8) 22 Aug 2019
The search-everything plugin before 8.1.7 for WordPress has SQL injection related to WordPress 4.7.x, a different vulnerability than CVE-2014-2316.
CVE-2017-18573 (v3: 9.8) 22 Aug 2019
The simple-login-log plugin before 1.1.2 for WordPress has SQL injection.
CVE-2017-18548 (v3: 9.8) 16 Aug 2019
The note-press plugin before 0.1.2 for WordPress has SQL injection.
CVE-2017-18514 (v3: 9.8) 14 Aug 2019
The simple-login-log plugin before 1.1.2 for WordPress has SQL injection.
CVE-2017-18515 (v3: 9.8) 14 Aug 2019
The wp-statistics plugin before 12.0.8 for WordPress has SQL injection.
CVE-2017-18406 (v3: 7.5) 2 Aug 2019
cPanel before 67.9999.103 allows SQL injection during eximstats processing (SEC-276).
CVE-2017-18346 (v3: 9.8) 3 Jul 2019
SQL injection vulnerability in /wbg/core/_includes/authorization.inc.php in CMS Web-Gooroo through 2013-01-19 allows remote attackers to execute arbitrary SQL commands via the wbg_login parameter.
CVE-2017-14851 (v3: 9.8) 3 Jun 2019
A SQL injection vulnerability exists in all Orpak SiteOmat versions prior to 2017-09-25. The vulnerability is in the login page, where the authentication validation process contains an insecure SELECT query. The attack allows for authentication bypass.
CVE-2017-11559 (v3: 7.5) 23 May 2019
An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiKey' parameter of "/api/json/admin/getmailserversettings" and "/api/json/dashboard/gotoverviewlist" is vulnerable to a Blind SQL Injection attack.
CVE-2017-11738 (v3: 8.1) 23 May 2019
In Zoho ManageEngine Application Manager 13.1 Build 13100, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack.
CVE-2017-12757 (v3: 9.8) 9 May 2019
Certain Ambit Technologies Pvt. Ltd products are affected by: SQL Injection. This affects iTech B2B Script 4.42i and Tech Business Networking Script 8.26i and Tech Caregiver Script 2.71i and Tech Classifieds Script 7.41i and Tech Dating Script 3.40i and Tech Freelancer Script 5.27i and Tech Image Sharing Script 4.13i and Tech Job Script 9.27i and Tech Movie Script 7.51i and Tech Multi Vendor Script 6.63i and Tech Social Networking Script 3.08i and Tech Travel Script 9.49. The impact is: Code execution (remote).
CVE-2017-12758 (v3: 9.8) 9 May 2019
https://www.joomlaextensions.co.in/ Joomla! Component Appointment 1.1 is affected by: SQL Injection. The impact is: Code execution (remote). The component is: com_appointment component.
CVE-2017-12759 (v3: 9.8) 9 May 2019
Ynet Interactive - http://demo.ynetinteractive.com/soa/ SOA School Management 3.0 is affected by: SQL Injection. The impact is: Code execution (remote).
CVE-2017-12760 (v3: 8.8) 9 May 2019
Ynet Interactive - http://demo.ynetinteractive.com/mobiketa/ Mobiketa 4.0 is affected by: SQL Injection. The impact is: Code execution (remote).
CVE-2017-12761 (v3: 7.5) 9 May 2019
http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by: SQL Injection. The impact is: Arbitrary File Download (remote). The component is: $file = $_GET['id'] in download.php. The attack vector is: http://speicher.example.com/envato/codecanyon/demo/web-file-explorer/download.php?id=WebExplorer/../config.php.
CVE-2017-16558 (v3: 9.8) 25 Apr 2019
Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.
CVE-2017-18362 (v3: 9.8) 5 Feb 2019
ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all endpoints managed by the VSA server. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run arbitrary SQL queries, both read and write, without authentication.
CVE-2017-10936 (v3: 7.5) 25 Jul 2018
SQL injection vulnerability in all versions prior to V4.01.01 of the ZTE ZXCDN-SNS product allows remote attackers to execute arbitrary SQL commands via the aoData parameter, resulting in the disclosure of database information.
CVE-2017-10937 (v3: 7.5) 25 Jul 2018
SQL injection vulnerability in all versions prior to V2.01.05.09 of the ZTE ZXIPTV-UCM product allows remote attackers to execute arbitrary SQL commands via the opertype parameter, resulting in the disclosure of database information.
CVE-2017-3181 (v3: 9.8) 24 Jul 2018
Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The following products and versions are affected: TIBCO Spotfire Analyst 7.7.0 TIBCO Spotfire Connectors 7.6.0 TIBCO Spotfire Deployment Kit 7.7.0 TIBCO Spotfire Desktop 7.6.0 TIBCO Spotfire Desktop 7.7.0 TIBCO Spotfire Desktop Developer Edition 7.7.0 TIBCO Spotfire Desktop Language Packs 7.6.0 TIBCO Spotfire Desktop Language Packs 7.7.0 The following components are affected: TIBCO Spotfire Client TIBCO Spotfire Web Player Client
CVE-2017-11088 (v3: 9.8) 6 Jul 2018
Improper Input Validation in Linux io-prefetch in Snapdragon Mobile and Snapdragon Wear, A SQL injection vulnerability exists in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 835, SD 845.
CVE-2017-18287 (v3: 9.8) 12 Jun 2018
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the POST user_search parameter.
CVE-2017-18288 (v3: 9.8) 12 Jun 2018
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET game parameter.
CVE-2017-18289 (v3: 9.8) 12 Jun 2018
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exist in ladder/stats.php via the GET type parameter.
CVE-2017-18290 (v3: 9.8) 12 Jun 2018
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET sort_direction parameter.
CVE-2017-18291 (v3: 9.8) 12 Jun 2018
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET user parameter.
CVE-2017-1722 (v3: 6.3) 26 Apr 2018
IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 134811.
CVE-2017-17902 (v3: 9.8) 22 Apr 2018
SQL Injection exists in Kliqqi CMS 3.5.2 via the randkey parameter of a new story at the pligg/story.php?title= URI.
CVE-2017-9839 (v3: 8.8) 11 Apr 2018
Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php (type parameter).
CVE-2017-18260 (v3: 8.8) 11 Apr 2018
Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities in versions through 7.0.0 via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka search_statut parameter).
CVE-2017-11509 (v3: 8.8) 28 Mar 2018
An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement.
CVE-2017-0914 (v3: 7.5) 21 Mar 2018
Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclosure of all data in a GitLab instance's database.
CVE-2017-15367 (v3: 9.8) 7 Mar 2018
Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an attacker to access the Bacula database and, depending on configuration, escalate privileges on the server.
CVE-2017-9426 (v3: 9.8) 26 Feb 2018
ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection via the imageId parameter in a facetag.changeTag or facetag.listTags action.
CVE-2017-18194 (v3: 9.8) 22 Feb 2018
SQL injection vulnerability in users/signup.php in the "signup" component in HamayeshNegar CMS allows a remote attacker to execute arbitrary SQL commands via the "utype" parameter.
CVE-2017-5810 (v3: 9.8) 15 Feb 2018
A remote sql injection vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
CVE-2017-5812 (v3: 7.5) 15 Feb 2018
A remote sql information disclosure vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
CVE-2017-5814 (v3: 9.8) 15 Feb 2018
A remote sql injection authentication bypass in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
CVE-2017-15329 (v3: 8.8) 15 Feb 2018
Huawei UMA V200R001C00 has a SQL injection vulnerability in the operation and maintenance module. An attacker logs in to the system as a common user and sends crafted HTTP requests that contain malicious SQL statements to the affected system. Due to a lack of input validation on HTTP requests that contain user-supplied input, successful exploitation may allow the attacker to execute arbitrary SQL queries.
CVE-2017-17652 (v3: 9.8) 8 Feb 2018
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup Count method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4238.
CVE-2017-17653 (v3: 9.8) 8 Feb 2018
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupOptionSet Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4286.

2016

CVE-2016-11023 (v3: 9.8) 30 Mar 2020
odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE: this product is apparently discontinued.
CVE-2016-11024 (v3: 9.8) 30 Mar 2020
odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: this product is apparently discontinued.
CVE-2016-11018 (v3: 9.8) 21 Jan 2020
An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php. The affected function is huge_it_image_gallery_ajax_callback().
CVE-2016-11000 (v3: 9.8) 20 Sep 2019
The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter.
CVE-2016-10947 (v3: 7.2) 13 Sep 2019
The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin.
CVE-2016-10949 (v3: 8.8) 13 Sep 2019
The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization.
CVE-2016-10950 (v3: 8.8) 13 Sep 2019
The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter.
CVE-2016-10951 (v3: 7.2) 13 Sep 2019
The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter.
CVE-2016-10939 (v3: 7.2) 13 Sep 2019
The xtremelocator plugin 1.5 for WordPress has SQL injection via the id parameter.
CVE-2016-10940 (v3: 7.2) 13 Sep 2019
The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter.
CVE-2016-10942 (v3: 9.8) 13 Sep 2019
The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF.
CVE-2016-10943 (v3: 7.2) 13 Sep 2019
The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter.
CVE-2016-10916 (v3: 9.8) 22 Aug 2019
The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319.
CVE-2016-10917 (v3: 9.8) 22 Aug 2019
The search-everything plugin before 8.1.6 for WordPress has SQL injection related to empty search strings, a different vulnerability than CVE-2014-2316.
CVE-2016-10921 (v3: 9.8) 22 Aug 2019
The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL injection.
CVE-2016-10909 (v3: 9.8) 21 Aug 2019
The booking-calendar-contact-form plugin before 1.0.24 for WordPress has SQL injection.
CVE-2016-10904 (v3: 9.8) 16 Aug 2019
The olimometer plugin before 2.57 for WordPress has SQL injection.
CVE-2016-10887 (v3: 9.8) 14 Aug 2019
The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPress has multiple SQL injection issues.
CVE-2016-10888 (v3: 9.8) 14 Aug 2019
The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues.
CVE-2016-10889 (v3: 9.8) 14 Aug 2019
The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name.
CVE-2016-10817 (v3: 9.8) 1 Aug 2019
cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123).
CVE-2016-10839 (v3: 8.1) 1 Aug 2019
cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usernames (SEC-71).
CVE-2016-10754 (v3: 8.8) 24 May 2019
modules/Calendar/Activity.php in Vtiger CRM 6.5.0 allows SQL injection via the contactidlist parameter.
CVE-2016-10755 (v3: 8.8) 24 May 2019
AbanteCart 1.2.8 allows SQL Injection via the source_language parameter to admin/controller/pages/localisation/language.php and core/lib/language_manager.php, or via POST data to admin/controller/pages/tool/backup.php and admin/model/tool/backup.php.
CVE-2016-8898 (v3: 9.8) 24 May 2019
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php.
CVE-2016-8897 (v3: 9.8) 23 May 2019
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php.
CVE-2016-1000271 (v3: 9.8) 4 Feb 2019
Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an SQL injection in "/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events". This attack appears to be exploitable if the attacker can reach the web server.
CVE-2016-10731 (v3: 9.8) 29 Oct 2018
ProjectSend (formerly cFTP) r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selected_clients, clients.php with the request parameter status, process-zip-download.php with the request parameter file, or home-log.php with the request parameter action.
CVE-2016-9048 (v3: 7.4) 10 Sep 2018
Multiple exploitable SQL Injection vulnerabilities exists in ProcessMaker Enterprise Core 3.0.1.7-community. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain setups access the underlying operating system.
CVE-2016-8640 (v3: 9.1) 1 Aug 2018
A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL (at least) it is possible to perform updates/inserts/deletes and database modifications to any table the database user has access to.
CVE-2016-6566 (v3: 9.8) 13 Jul 2018
The valueAsString parameter inside the JSON payload contained by the ucLogin_txtLoginId_ClientStat POST parameter of the Sungard eTRAKiT3 software version 3.2.1.17 is not properly validated. An unauthenticated remote attacker may be able to modify the POST request and insert a SQL query which may then be executed by the backend server. eTRAKiT 3.2.1.17 was tested, but other versions may also be vulnerable.
CVE-2016-9488 (v3: 9.8) 5 Jun 2018
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users' password hashes, which are MD5 hashes without salt, and, depending on the database type and its configuration, could also execute operating system commands using SQL queries.
CVE-2016-10550 (v3: 9.8) 31 May 2018
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS If user input goes into the `limit` or `order` parameters, a malicious user can put in their own SQL statements. This affects sequelize 3.16.0 and earlier.
CVE-2016-10553 (v3: 9.8) 31 May 2018
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier.
CVE-2016-10554 (v3: 9.8) 31 May 2018
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. Before version 1.7.0-alpha3, sequelize defaulted SQLite to use MySQL backslash escaping, even though SQLite uses Postgres escaping.
CVE-2016-10551 (v3: 9.8) 29 May 2018
waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's `like`, `contains`, `startsWith`, or `endsWith` will end up in waterline-sequel with the potential for malicious code. A malicious user can input their own SQL statements in waterline-sequel 0.50 that will get executed and have full access to the database.
CVE-2016-10556 (v3: 7.5) 29 May 2018
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped. This causes potential SQL injection in sequelize 3.19.3 and earlier, where a malicious user could put `["test", "'); DELETE TestTable WHERE Id = 1 --')"]` inside of ``` database.query('SELECT * FROM TestTable WHERE Name IN (:names)', { replacements: { names: directCopyOfUserInput } }); ``` and cause the SQL statement to become `SELECT Id FROM Table WHERE Name IN ('test', '\'); DELETE TestTable WHERE Id = 1 --')`. In Postgres, MSSQL, and SQLite, the backslash has no special meaning. This causes the the statement to delete whichever Id has a value of 1 in the TestTable table.
CVE-2016-10007 (v3: 7.2) 19 Feb 2018
SQL injection vulnerability in the "Marketing > Forms" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_FORM_HANDLER_orderBy parameter.
CVE-2016-10008 (v3: 7.2) 19 Feb 2018
SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_STRUCTURE_direction parameter.
CVE-2016-10509 (v3: 7.2) 31 Aug 2017
SQL injection vulnerability in the updateAmazonOrderTracking function in upload/admin/model/openbay/amazon.php in OpenCart before version 2.3.0.0 allows remote authenticated administrators to execute arbitrary SQL commands via a carrier (aka courier_id) parameter to openbay.php.
CVE-2016-7508 (v3: 7.5) 21 Jun 2017
Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authenticated remote attacker to execute arbitrary SQL commands by using a certain character when the database is configured to use Big5 Asian encoding.
CVE-2016-7803 (v3: 8.8) 9 Jun 2017
SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function.
CVE-2016-2034 (v3: 9.8) 8 Jun 2017
SQL injection vulnerability in ClearPass Policy Manager 6.5.x through 6.5.6 and 6.6.0.
CVE-2016-10378 (v3: 7.2) 29 May 2017
e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function.
CVE-2016-10379 (v3: 7.2) 29 May 2017
The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL injection by remote authenticated administrators via the virtuemart_paymentmethod_id or virtuemart_shipmentmethod_id parameter to administrator/index.php.
CVE-2016-4905 (v3: 9.8) 22 May 2017
SQL injection vulnerability in the WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows attackers with administrator rights to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-1218 (v3: 8.8) 20 Apr 2017
SQL injection vulnerability in Cybozu Garoon before 4.2.2.
CVE-2016-6818 (v3: 9.8) 13 Apr 2017
SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service (data deletion), or launch administrative operations or possibly OS commands via a crafted SQL query. The vendor response is SAP Security Note 2361633.
CVE-2016-2566 (v3: 9.8) 13 Apr 2017
Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices has SQL injection, aka SVE-2015-5081.
CVE-2016-1914 (v3: 8.8) 13 Apr 2017
Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to execute arbitrary SQL commands via the imageName parameter to (1) mydevice/client/image, (2) admin/client/image, (3) myapps/client/image, (4) ssam/client/image, or (5) all/client/image.

2015

CVE-2015-7338 (v3: 7.2) 9 Mar 2020
SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocation_longitude request to index.php.
CVE-2015-7340 (v3: 7.2) 9 Mar 2020
JEvents Joomla Component before 3.4.0 RC6 has SQL Injection via evid in a Manage Events action.
CVE-2015-7342 (v3: 7.2) 9 Mar 2020
JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field.
CVE-2015-7567 (v3: 9.8) 18 Feb 2020
SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the "passwordreset&token" parameter.
CVE-2015-5617 (v3: 9.8) 12 Feb 2020
SQL injection vulnerability in pub/m_pending_news/delete_pending_news.jsp in Enorth Webpublisher CMS allows remote attackers to execute arbitrary SQL commands via the cbNewsId parameter.
CVE-2015-3423 (v3: 8.8) 8 Feb 2020
Multiple SQL injection vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) ctrl, (2) h____%2427, (3) h____%2439, (4) param0, (5) param1, (6) param2, (7) param3, (8) param4, (9) filter_INSERT_COUNT, (10) filter_MINOR_FALLOUT, (11) filter_UPDATE_COUNT, (12) sort, or (13) sessid parameter.
CVE-2015-2062 (v3: 7.2) 8 Feb 2020
Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-image) plugin before 2.7.0 for WordPress allow remote administrators to execute arbitrary SQL commands via the removeslide parameter in a popup_posts or edit_cat action in the sliders_huge_it_slider page to wp-admin/admin.php.
CVE-2015-0244 (v3: 9.8) 27 Jan 2020
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation.
CVE-2015-5591 (v3: 7.2) 31 Dec 2019
SQL injection vulnerability in Zenphoto before 1.4.9 allow remote administrators to execute arbitrary SQL commands.
CVE-2015-3424 (v3: 8.8) 9 Dec 2019
SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to execute arbitrary SQL commands via the SIDX parameter.
CVE-2015-0270 (v3: 9.8) 25 Oct 2019
Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter.
CVE-2015-9496 (v3: 8.8) 22 Oct 2019
The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring.
CVE-2015-9465 (v3: 8.8) 10 Oct 2019
The yet-another-stars-rating plugin before 0.9.1 for WordPress has yasr_get_multi_set_values_and_field SQL injection via the set_id parameter.
CVE-2015-9466 (v3: 9.8) 10 Oct 2019
The wti-like-post plugin before 1.4.3 for WordPress has WtiLikePostProcessVote SQL injection via the HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED, HTTP_FORWARDED_FOR, or HTTP_FORWARDED variable.
CVE-2015-9467 (v3: 9.8) 10 Oct 2019
The broken-link-manager plugin before 0.5.0 for WordPress has wpslDelURL or wpslEditURL SQL injection via the url parameter.
CVE-2015-9457 (v3: 7.2) 10 Oct 2019
The pretty-link plugin before 1.6.8 for WordPress has PrliLinksController::list_links SQL injection via the group parameter.
CVE-2015-9458 (v3: 7.2) 10 Oct 2019
The searchterms-tagging-2 plugin through 1.535 for WordPress has SQL injection via the pk_stt2_db_get_popular_terms count parameter exploitable via CSRF.
CVE-2015-9460 (v3: 8.8) 10 Oct 2019
The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter.
CVE-2015-9461 (v3: 7.2) 10 Oct 2019
The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_portfolio_item_page SQL injection via the item_id parameter.
CVE-2015-9462 (v3: 7.2) 10 Oct 2019
The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_category_page SQL injection via the cat_id parameter.
CVE-2015-9450 (v3: 9.8) 7 Oct 2019
The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_cc pmfb_tid parameter.
CVE-2015-9451 (v3: 9.8) 7 Oct 2019
The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_mailchimp pmfb_tid parameter.
CVE-2015-9452 (v3: 9.8) 7 Oct 2019
The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter.
CVE-2015-9454 (v3: 8.8) 7 Oct 2019
The smooth-slider plugin before 2.7 for WordPress has SQL Injection via the wp-admin/admin.php?page=smooth-slider-admin current_slider_id parameter.
CVE-2015-9446 (v3: 8.8) 26 Sep 2019
The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php.
CVE-2015-9448 (v3: 8.8) 26 Sep 2019
The sendpress plugin before 1.2 for WordPress has SQL Injection via the wp-admin/admin.php?page=sp-queue listid parameter.
CVE-2015-9449 (v3: 7.2) 26 Sep 2019
The microblog-poster plugin before 1.6.2 for WordPress has SQL Injection via the wp-admin/options-general.php?page=microblogposter.php account_id parameter.
CVE-2015-9395 (v3: 8.8) 20 Sep 2019
The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action.
CVE-2015-9398 (v3: 8.8) 20 Sep 2019
The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection.
CVE-2015-9399 (v3: 7.2) 20 Sep 2019
The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection.
CVE-2015-9400 (v3: 8.8) 20 Sep 2019
The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection.
CVE-2015-9353 (v3: 7.2) 28 Aug 2019
The gigpress plugin before 2.3.11 for WordPress has SQL injection in the admin area, a different vulnerability than CVE-2015-4066.
CVE-2015-9352 (v3: 9.8) 27 Aug 2019
The wp-polls plugin before 2.72 for WordPress has SQL injection.
CVE-2015-9344 (v3: 9.8) 27 Aug 2019
The link-log plugin before 2.1 for WordPress has SQL injection.
CVE-2015-9334 (v3: 9.8) 22 Aug 2019
The email-newsletter plugin through 20.15 for WordPress has SQL injection.
CVE-2015-9333 (v3: 9.8) 22 Aug 2019
The cforms2 plugin before 14.6.10 for WordPress has SQL injection.
CVE-2015-9335 (v3: 9.8) 22 Aug 2019
The limit-attempts plugin before 1.1.1 for WordPress has SQL injection during IP address handling.
CVE-2015-9330 (v3: 9.8) 20 Aug 2019
The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection.
CVE-2015-9323 (v3: 9.8) 16 Aug 2019
The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.
CVE-2015-9324 (v3: 9.8) 16 Aug 2019
The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection.
CVE-2015-9325 (v3: 9.8) 16 Aug 2019
The visitors-online plugin before 0.4 for WordPress has SQL injection.
CVE-2015-9326 (v3: 9.8) 16 Aug 2019
The wp-business-intelligence-lite plugin before 1.6.3 for WordPress has SQL injection.
CVE-2015-9310 (v3: 9.8) 14 Aug 2019
The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues.
CVE-2015-9313 (v3: 9.8) 14 Aug 2019
The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element.
CVE-2015-9315 (v3: 9.8) 14 Aug 2019
The newstatpress plugin before 1.0.1 for WordPress has SQL injection.
CVE-2015-9316 (v3: 9.8) 14 Aug 2019
The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request via the poll_id parameter.
CVE-2015-9301 (v3: 9.8) 13 Aug 2019
The liveforms plugin before 3.2.0 for WordPress has SQL injection.
CVE-2015-4615 (v3: 9.8) 15 Feb 2019
Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables
CVE-2015-4633 (v3: 9.8) 18 Oct 2018
Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow (1) remote attackers to execute arbitrary SQL commands via the number parameter to opac-tags_subject.pl in the OPAC interface or (2) remote authenticated users to execute arbitrary SQL commands via the Filter or (3) Criteria parameter to reports/borrowers_out.pl in the Staff interface.
CVE-2015-8298 (v3: 9.8) 24 Sep 2018
Multiple SQL injection vulnerabilities in the login page in RXTEC RXAdmin UPDATE 06 / 2012 allow remote attackers to execute arbitrary SQL commands via the (1) loginpassword, (2) loginusername, (3) zusatzlicher, or (4) groupid parameter to index.htm, or the (5) rxtec cookie to index.htm.

2014

CVE-2014-8941 (v3: 9.8) 1 Jun 2020
Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI.
CVE-2014-1634 (v3: 9.8) 9 Mar 2020
SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO.
CVE-2014-9612 (v3: 9.8) 19 Feb 2020
SQL injection vulnerability in remotereporter/load_logfiles.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to execute arbitrary SQL commands via the server parameter.
CVE-2014-9613 (v3: 9.8) 19 Feb 2020
Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to webadmin/auth/verification.php or (2) dpid parameter to webadmin/deny/index.php.
CVE-2014-8089 (v3: 9.8) 17 Feb 2020
SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.
CVE-2014-3868 (v3: 8.8) 31 Jan 2020
Multiple SQL injection vulnerabilities in ZeusCart 4.x.
CVE-2014-3119 (v3: 8.8) 31 Jan 2020
Multiple SQL injection vulnerabilities in web2Project 3.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search_string parameter in the contacts module to index.php or allow remote attackers to execute arbitrary SQL commands via the updatekey parameter to (2) do_updatecontact.php or (3) updatecontact.php.
CVE-2014-3719 (v3: 9.8) 30 Jan 2020
Multiple SQL injection vulnerabilities in cgi-bin/review_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to execute arbitrary SQL commands via the (1) find, (2) lib, or (3) sid parameter.
CVE-2014-1924 (v3: 9.8) 24 Jan 2020
The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.
CVE-2014-1925 (v3: 9.8) 24 Jan 2020
SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged by remote attackers using CVE-2014-1924.
CVE-2014-4984 (v3: 9.8) 10 Jan 2020
Déjà Vu Crescendo Sales CRM has remote SQL Injection
CVE-2014-8673 (v3: 9.8) 7 Jan 2020
Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in Simple Online Planning (SOPPlanning)before 1.33.
CVE-2014-5140 (v3: 8.8) 3 Jan 2020
The bindReplace function in the query factory in includes/classes/database.php in Loaded Commerce 7 does not properly handle : (colon) characters, which allows remote authenticated users to conduct SQL injection attacks via the First name and Last name fields in the address book.
CVE-2014-7257 (v3: 9.8) 11 Dec 2019
SQL injection vulnerability in DBD::PgPP 0.05 and earlier
CVE-2014-10387 (v3: 9.8) 22 Aug 2019
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection.
CVE-2014-10379 (v3: 9.8) 21 Aug 2019
The duplicate-post plugin before 2.6 for WordPress has SQL injection.
CVE-2014-10376 (v3: 9.8) 16 Aug 2019
The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection.
CVE-2014-6045 (v3: 7.2) 28 Aug 2018
SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function.
CVE-2014-4959 (v3: 9.8) 27 Mar 2018
**DISPUTED** SQL injection vulnerability in SQLiteDatabase.java in the SQLi Api in Android allows remote attackers to execute arbitrary SQL commands via the delete method.
CVE-2014-4928 (v3: 8.8) 20 Mar 2018
SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the cId parameter.
CVE-2014-2652 (v3: 9.8) 19 Mar 2018
SQL injection vulnerability in OpenScape Deployment Service (DLS) before 6.x and 7.x before R1.11.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-5071 (v3: 9.8) 8 Jan 2018
SQL injection vulnerability in the checkPassword function in Symmetricom s350i 2.70.15 allows remote attackers to execute arbitrary SQL commands via vectors involving a username.
CVE-2014-4914 (v3: 9.8) 29 Dec 2017
The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.
CVE-2014-2023 (v3: 9.8) 26 Oct 2017
Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API request to (1) unsubscribe_forum.php or (2) unsubscribe_topic.php in mobiquo/functions/.
CVE-2014-8621 (v3: 9.8) 16 Oct 2017
SQL injection vulnerability in the Store Locator plugin 2.3 through 3.11 for WordPress allows remote attackers to execute arbitrary SQL commands via the sl_custom_field parameter to sl-xml.php.
CVE-2014-9558 (v3: 9.8) 28 Aug 2017
Multiple SQL injection vulnerabilities in SmartCMS v.2.
CVE-2014-9229 (v2: 6.5) 20 Sep 2015
Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow remote authenticated users to execute arbitrary SQL commands by leveraging the Limited Administrator role.
CVE-2014-9145 (v2: 7.5) 14 Apr 2015
Multiple SQL injection vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an edit action to dapur/index.php; (2) cat, (3) user, or (4) level parameter to dapur/apps/app_article/controller/article_list.php; or (5) email parameter in an email action or (6) username parameter in a user action to dapur/apps/app_user/controller/check_user.php.
CVE-2014-9566 (v2: 7.5) 10 Mar 2015
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Network Configuration Manager (NCM) before 7.3.2, IP Address Manager (IPAM) before 4.3, User Device Tracker (UDT) before 3.2, VoIP & Network Quality Manager (VNQM) before 4.2, Server & Application Manager (SAM) before 6.2, Web Performance Monitor (WPM) before 2.2, and possibly other Solarwinds products, allow remote authenticated users to execute arbitrary SQL commands via the (1) dir or (2) sort parameter to the (a) GetAccounts or (b) GetAccountGroups endpoint.
CVE-2014-7864 (v2: 7.5) 4 Feb 2015
Multiple SQL injection vulnerabilities in the FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine OpManager 8 through 11.5 build 11400 and IT360 10.5 and earlier allow remote attackers and remote authenticated users to execute arbitrary SQL commands via the (1) customerName or (2) serverRole parameter in a standbyUpdateInCentral operation to servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.
CVE-2014-9573 (v2: 6) 26 Jan 2015
SQL injection vulnerability in manage_user_page.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote administrators with FILE privileges to execute arbitrary SQL commands via the MANTIS_MANAGE_USERS_COOKIE cookie.
CVE-2014-7289 (v2: 6.5) 21 Jan 2015
SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request.
CVE-2014-7814 (v2: 6.5) 16 Jan 2015
SQL injection vulnerability in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL filter.
CVE-2014-9560 (v2: 7.5) 15 Jan 2015
SQL injection vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to execute arbitrary SQL commands via the post parameter.
CVE-2014-100011 (v2: 7.5) 13 Jan 2015
SQL injection vulnerability in /send-to in Sendy 1.1.9.1 allows remote attackers to execute arbitrary SQL commands via the c parameter.
CVE-2014-100012 (v2: 7.5) 13 Jan 2015
SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote attackers to execute arbitrary SQL commands via the i parameter.
CVE-2014-100019 (v2: 7.5) 13 Jan 2015
SQL injection vulnerability in the LTree converter in Pomm before 1.1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-100020 (v2: 7.5) 13 Jan 2015
SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.03.057 allows remote attackers to execute arbitrary SQL commands via the PreviewNum parameter. NOTE: the CatID parameter is already covered by CVE-2008-0685.
CVE-2014-100022 (v2: 7.5) 13 Jan 2015
SQL injection vulnerability in question.php in the mTouch Quiz before 3.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the quiz parameter to wp-admin/edit.php.
CVE-2014-100031 (v2: 7.5) 13 Jan 2015
Multiple SQL injection vulnerabilities in Ganesha Digital Library (GDL) 4.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) download.php or (2) main.php.
CVE-2014-100035 (v2: 7.5) 13 Jan 2015
SQL injection vulnerability in the ticket grid in the admin interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-10032 (v2: 6.5) 13 Jan 2015
SQL injection vulnerability in news_popup.php in Taboada MacroNews 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
CVE-2014-10033 (v2: 6.5) 13 Jan 2015
SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and earlier allows remote administrators to execute arbitrary SQL commands via the zID parameter in a list action.
CVE-2014-10034 (v2: 6.5) 13 Jan 2015
Multiple SQL injection vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to execute arbitrary SQL commands via the (1) iDisplayLength or (2) iDisplayStart parameter to (a) comments_paginate.php or (b) stores_paginate.php in admin/ajax/.
CVE-2014-10038 (v2: 7.5) 13 Jan 2015
SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and earlier allows remote attackers to execute arbitrary SQL commands via the ids parameter.
CVE-2014-100003 (v2: 7.5) 13 Jan 2015
SQL injection vulnerability in includes/ym-download_functions.include.php in the Code Futures YourMembers plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ym_download_id parameter to the default URI.
CVE-2014-10004 (v2: 7.5) 13 Jan 2015
SQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2014-10013 (v2: 7.5) 13 Jan 2015
SQL injection vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the keywordphrase parameter in a dosearch action.
CVE-2014-10015 (v2: 7.5) 13 Jan 2015
SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2014-10017 (v2: 7.5) 13 Jan 2015
Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) changeSort or (2) switch parameter in the usces_itemedit page to wp-admin/admin.php.

2013

CVE-2013-2018 (v3: 9.8) 20 Feb 2020
Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-1400 (v3: 9.8) 13 Feb 2020
Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress allow attackers to execute arbitrary SQL commands via the pollid or poll_id parameter in a viewPollResults or userlogs action.
CVE-2013-1401 (v3: 9.8) 13 Feb 2020
Multiple security bypass vulnerabilities in the editAnswer, deleteAnswer, addAnswer, and deletePoll functions in WordPress Poll Plugin 34.5 for WordPress allow a remote attacker to add, edit, and delete an answer and delete a poll.
CVE-2013-5945 (v3: 9.8) 11 Feb 2020
Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua.
CVE-2013-3638 (v3: 8.8) 6 Feb 2020
SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL commands via the 'pathes' parameter in 'categories.php'.
CVE-2013-3932 (v3: 8.8) 2 Jan 2020
SQL injection vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to execute arbitrary SQL commands via the id parameter in an editProfile action to administrator/index.php.
CVE-2013-5743 (v3: 9.8) 11 Dec 2019
Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.
CVE-2013-2745 (v3: 9.8) 4 Dec 2019
An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0
CVE-2013-2091 (v3: 9.8) 20 Nov 2019
SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php.
CVE-2013-2738 (v3: 9.8) 1 Nov 2019
minidlna has SQL Injection that may allow retrieval of arbitrary files
CVE-2013-3000 (v3: 9.8) 9 Jul 2018
SQL injection vulnerability in IBM InfoSphere Data Replication Dashboard 9.7 and 10.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. IBM X-Force ID: 84116.
CVE-2013-7406 (v2: 7.5) 21 Oct 2014
SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-6311 (v2: 6.5) 28 Jun 2014
SQL injection vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-3081 (v2: 7.5) 9 Jun 2014
SQL injection vulnerability in the checkEmailFormat function in plugins/jojo_core/classes/Jojo.php in Jojo before 1.2.2 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header to /articles/test/.
CVE-2013-4016 (v2: 6.5) 26 May 2014
SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text.
CVE-2013-2226 (v2: 7.5) 14 May 2014
Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) filename parameter to front/document.form.php, or (3) table parameter to ajax/comments.php.
CVE-2013-1803 (v2: 7.5) 5 May 2014
Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to execute arbitrary SQL commands via the (1) orderby parameter to downloads.php; or remote authenticated users with certain permissions to execute arbitrary SQL commands via a (2) parameter name starting with "delete_attach_" in an edit action to forum/postedit.php; the (3) poll_opts[] parameter in a newthread action to forum/postnewthread.php; the (4) pm_email_notify, (5) pm_save_sent, (6) pm_inbox, (7) pm_sentbox, or (8) pm_savebox parameter to administration/settings_messages.php; the (9) thumb_compression, (10) photo_watermark_text_color1, (11) photo_watermark_text_color2, or (12) photo_watermark_text_color3 parameter to administration/settings_photo.php; the (13) enable parameter to administration/bbcodes.php; the (14) news_image, (15) news_image_t1, or (16) news_image_t2 parameter to administration/news.php; the (17) news_id parameter in an edit action to administration/news.php; or the (18) article_id parameter in an edit action to administration/articles.php. NOTE: the user ID cookie issue in Authenticate.class.php is already covered by CVE-2013-7375.
CVE-2013-7375 (v2: 7.5) 5 May 2014
SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remote attackers to execute arbitrary SQL commands via the user ID in a user cookie, a different vulnerability than CVE-2013-1803.
CVE-2013-7369 (v2: 7.5) 18 Apr 2014
SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server before HF02, Anti-Virus for Windows Servers 9.00 before HF09, Anti-Virus for Citrix Servers 9.00 before HF09, and F-Secure Email and Server Security and F-Secure Server Security 9.20 before HF01 allows remote attackers to execute arbitrary SQL commands via unknown vectors, related to GetCommand.
CVE-2013-7355 (v2: 7.5) 10 Apr 2014
SQL injection vulnerability in SAP BI Universal Data Integration allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to the J2EE schema.
CVE-2013-0735 (v2: 7.5) 2 Apr 2014
Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a viewtopic (1) remove_post, (2) sticky, or (3) closed action or (4) thread parameter in a postreply action to index.php.
CVE-2013-2945 (v2: 6.5) 2 Apr 2014
SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
CVE-2013-3213 (v2: 7.5) 2 Apr 2014
Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to soap/customerportal.php, (2) where parameter in the get_tickets_list method to soap/customerportal.php, or (3) emailaddress parameter in the SearchContactsByEmail method to soap/vtigerolservice.php; or remote authenticated users to execute arbitrary SQL commands via the (4) emailaddress parameter in the SearchContactsByEmail method to soap/thunderbirdplugin.php.
CVE-2013-7349 (v2: 7.5) 1 Apr 2014
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter to news/send.php, (2) thread_id parameter to posts/edit.php, or (3) user_email parameter to users/password.php or (4) users/register.php. NOTE: these issues were SPLIT from CVE-2013-5640 due to differences in researchers and disclosure dates.
CVE-2013-5640 (v2: 7.5) 1 Apr 2014
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) answer_id or (2) question_id parameter to polls/vote.php, (3) story_id parameter to comments/add.php or (4) comments/edit.php, or (5) thread_id parameter to posts/add.php. NOTE: this issue was SPLIT due to differences in researchers and disclosure dates. CVE-2013-7349 already covers the news_id parameter to news/send.php, user_email parameter to users/register.php, and thread_id to posts/edit.php vectors.
CVE-2013-2559 (v2: 6.5) 27 Mar 2014
SQL injection vulnerability in Symphony CMS before 2.3.2 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter to system/authors/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
CVE-2013-1408 (v2: 6.5) 24 Mar 2014
Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2) orderby parameter to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
CVE-2013-4058 (v2: 6.5) 16 Mar 2014
Multiple SQL injection vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote authenticated users to execute arbitrary SQL commands via unspecified interfaces.
CVE-2013-3727 (v2: 7.5) 13 Mar 2014
SQL injection vulnerability in Kasseler CMS before 2 r1232 allows remote authenticated users to execute arbitrary SQL commands via the groups[] parameter to admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
CVE-2013-5117 (v2: 7.5) 12 Mar 2014
SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in the ZLDNN DNNArticle module before 10.1 for DotNetNuke allows remote attackers to execute arbitrary SQL commands via the categoryid parameter.
CVE-2013-3961 (v2: 6.5) 11 Mar 2014
SQL injection vulnerability in edit_event.php in Simple PHP Agenda before 2.2.9 allows remote authenticated users to execute arbitrary SQL commands via the eventid parameter.
CVE-2013-4467 (v2: 6.5) 11 Mar 2014
Multiple SQL injection vulnerabilities in the agent interface (agc/) in VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allow (1) remote attackers to execute arbitrary SQL commands via the campaign variable in SCRIPT_multirecording_AJAX.php, (2) remote authenticated users to execute arbitrary SQL commands via the server_ip parameter to manager_send.php, or (3) other unspecified vectors. NOTE: some of these details are obtained from third party information.
CVE-2013-1893 (v2: 6.5) 9 Mar 2014
SQL injection vulnerability in addressbookprovider.php in ownCloud Server before 5.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to the contacts application.
CVE-2013-2045 (v2: 6.5) 9 Mar 2014
SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-2046 (v2: 6.5) 9 Mar 2014
SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-3478 (v2: 7.5) 5 Mar 2014
SQL injection vulnerability in Apptha WordPress Video Gallery 2.0, 1.6, and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the playid parameter to index.php.
CVE-2013-6302 (v2: 6.5) 5 Mar 2014
SQL injection vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6331.
CVE-2013-6331 (v2: 6.5) 5 Mar 2014
SQL injection vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6302.
CVE-2013-2498 (v2: 7.5) 1 Mar 2014
SQL injection vulnerability in the login page in flexycms/modules/user/user_manager.php in SimpleHRM 2.3, 2.2, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php/user/setLogin.
CVE-2013-5015 (v2: 6.5) 14 Feb 2014
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-3294 (v2: 7.5) 11 Feb 2014
Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 release candidate 1 allow remote attackers to execute arbitrary SQL commands via the (1) src or (2) username parameter to index.php.
CVE-2013-5012 (v2: 6.5) 11 Feb 2014
Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-1852 (v2: 7.5) 5 Feb 2014
SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin before 3.8.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the league_id parameter in the leaguemanager-export page to wp-admin/admin.php.
CVE-2013-4887 (v2: 7.5) 29 Jan 2014
SQL injection vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to execute arbitrary SQL commands via the displayid parameter.
CVE-2013-4662 (v2: 6.5) 29 Jan 2014
The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to the "second layer" of the API, related to contact.getquick.
CVE-2013-6930 (v2: 6.5) 29 Jan 2014
SQL injection vulnerability in the page-navigation implementation in Cybozu Garoon 2.0.0 through 2.0.6, 2.1.0 through 2.1.3, 2.5.0 through 2.5.4, 3.0.0 through 3.0.3, 3.5.0 through 3.5.5, and 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929.
CVE-2013-6931 (v2: 6.5) 29 Jan 2014
SQL injection vulnerability in the API in Cybozu Garoon 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929.
CVE-2013-7175 (v2: 6.5) 24 Jan 2014
Multiple SQL injection vulnerabilities in Avanset Visual CertExam Manager 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) Title, (2) File name, or (3) Candidate Name field.
CVE-2013-2594 (v2: 7.5) 21 Jan 2014
SQL injection vulnerability in reports/calldiary.php in Hornbill Supportworks ITSM 1.0.0 through 3.4.14 allows remote attackers to execute arbitrary SQL commands via the callref parameter.
CVE-2013-7219 (v2: 7.5) 21 Jan 2014
SQL injection vulnerability in vote.php in the 2Glux Sexy Polling (com_sexypolling) component before 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the answer_id[] parameter.