1916 matches found
CVE-2019-25692
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'idtomodify' parameter. Attackers can send crafted requests with malicious SQL statements in the idtomodify field to extract sensitive database...
CVE-2019-25674
CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send GET requests to post.php with malicious 'post' values to extract sensitive database information or perfor...
CVE-2019-25669
qdPM 9.1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the searchbyextrafields parameter. Attackers can send POST requests to the users endpoint with malicious searchbyextrafields values to trigger SQL syntax errors and...
CVE-2019-25663
SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the parentTab parameter. Attackers can send GET requests to the email module with malicious parentTab values using boolean-based SQL injection...
CVE-2019-25704
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the filterusermail parameter. Attackers can send crafted requests with malicious SQL statements to extract sensitive database information or modify data...
CVE-2019-25700 Kados R10 GreenBee SQL Injection via sort_direction Parameter
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the sortdirection parameter. Attackers can submit malicious SQL statements in the sortdirection parameter to extract sensitive database information or modi...
CVE-2019-25702
Kados R10 GreenBee is affected by an SQL injection via the id_project parameter. The vulnerability allows attackers to manipulate database queries to exfiltrate data or modify data. Known CVE records provide CVSS v3.1 (8.2, HIGH) and CVSS v4.0 (8.8, HIGH) impact metrics, with NETWORK attack vecto...
CVE-2019-25700 Kados R10 GreenBee SQL Injection via sort_direction Parameter
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the sortdirection parameter. Attackers can submit malicious SQL statements in the sortdirection parameter to extract sensitive database information or modi...
CVE-2019-25698
Kados R10 GreenBee contains an SQL injection in the id_to_delete parameter. The vulnerability allows attackers to alter or exfiltrate data via crafted requests that inject SQL statements into the id_to_delete field. Affected component/entry is the GreenBee system, with the root cause being improp...
CVE-2019-25698
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the idtodelete parameter. Attackers can send crafted requests with malicious SQL statements in the idtodelete field to extract or modify sensitive database...
CVE-2019-25696 Kados R10 GreenBee SQL Injection via language_tag Parameter
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the languagetag parameter. Attackers can submit malicious SQL statements in the languagetag parameter to extract sensitive database information or modify...
CVE-2019-25696
Kados R10 GreenBee contains an SQL injection vulnerability exploitable via the language_tag parameter. The root cause is unsafe SQL construction that allows attackers to inject SQL statements into queries, enabling extraction of sensitive database information and potential data modification. Affe...
CVE-2019-25694
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user2reset parameter. Attackers can send crafted requests with malicious SQL payloads to extract sensitive database information or modi...
CVE-2019-25696 Kados R10 GreenBee SQL Injection via language_tag Parameter
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the languagetag parameter. Attackers can submit malicious SQL statements in the languagetag parameter to extract sensitive database information or modify...
CVE-2019-25692 Kados R10 GreenBee SQL Injection via id_to_modify Parameter
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'idtomodify' parameter. Attackers can send crafted requests with malicious SQL statements in the idtomodify field to extract sensitive database...
CVE-2019-25690 Kados R10 GreenBee SQL Injection via mng_profile_id
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the mngprofileid parameter. Attackers can send crafted requests with malicious SQL payloads in the mngprofileid parameter to extract sensitive database...
CVE-2019-25690
Kados R10 GreenBee is affected by an SQL injection vulnerability exposed via the mng_profile_id parameter. The issue allows an attacker to manipulate database queries and potentially extract sensitive data. Root cause is an injection flaw in the handling of mng_profile_id (network-accessible, low...
CVE-2019-25690 Kados R10 GreenBee SQL Injection via mng_profile_id
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the mngprofileid parameter. Attackers can send crafted requests with malicious SQL payloads in the mngprofileid parameter to extract sensitive database...
CVE-2019-25680 Advance Gift Shop Pro Script 2.0.3 SQL Injection via search
Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can submit crafted SQL payloads in the 's' parameter of search requests to extract...
CVE-2019-25680
CVE-2019-25680 corresponds to an SQL injection in Advance Gift Shop Pro Script 2.0.3. The vulnerability is triggered via the search parameter (the 's' field) and allows unauthenticated attackers to submit crafted payloads to extract sensitive data from the database (e.g., version details and othe...