| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one. |
| Intesync Solismed 3.3sp has SQL Injection. |
| The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings. |
| The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE-2018-10969. |
| connect-pg-simple before 6.0.1 allows SQL injection if tableName or schemaName is untrusted data. |
| The rsvpmaker plugin before 6.2 for WordPress has SQL injection. |
| Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries. |
| Gesior-AAC before 2019-05-01 allows serviceID SQL injection in accountmanagement.php. |
| Gesior-AAC before 2019-05-01 allows SQL injection in tankyou.php. |
| Gesior-AAC before 2019-05-01 allows ServiceCategoryID SQL injection in shop.php. |
| The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php. |
| BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters. |
| HM Courts & Tribunals ccd-data-store-api before 2019-06-10 allows SQL injection, related to SearchQueryFactoryOperation.java and SortDirection.java. |
| idseq-web before 2019-07-01 in Infectious Disease Sequencing Platform IDseq allows SQL injection via tax_levels. |
| OpenForis Arena before 2019-05-07 allows SQL injection in the sorting feature. |
| The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java. |
| The ICOMMKT connector before 1.0.7 for PrestaShop allows SQL injection in icommktconnector.php. |
| The Compassion Switzerland addons 10.01.4 for Odoo allow SQL injection in models/partner_compassion.py. |
| Observational Health Data Sciences and Informatics (OHDSI) WebAPI before 2.7.2 allows SQL injection in FeatureExtractionService.java. |
| GORM before 1.9.10 allows SQL injection via incomplete parentheses. NOTE: Misusing Gorm by passing untrusted user input where Gorm expects trusted SQL fragments is a vulnerability in the application, not in Gorm |
