CVE-2019-18662

An issue was discovered in YouPHPTube through 7.7. User input passed through the livestreamcode POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized in getFromChat in plugin/LiveChat/Objects/LiveChatObj.php before being used to construct a SQL query. This can be exploited...

CVE-2019-18890

A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query...

CVE-2019-2196

In Download Provider, there is possible SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-135269143...

CVE-2019-11975

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center IMC PLAT earlier than version 7.3 E0506P09...

CVE-2019-11984

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center IMC PLAT earlier than version 7.3 E0506P09...

CVE-2019-11977

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center IMC PLAT earlier than version 7.3 E0506P09...

CVE-2019-11362

app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL injection via the Post:doReward score paramter, as demonstrated by the /do/reward/3 URI...

CVE-2019-11614

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/commentView.php. A remote unauthorized attacker could exploit the vulnerability to obtain database sensitive information...

CVE-2019-11970

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center IMC PLAT earlier than version 7.3 E0506P09...

CVE-2019-11619

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=analytics. A remote background administrator privilege user or a user with permission to manage configuration analytics could exploit the vulnerability to obtain database sensitive...

CVE-2019-11880

CommSy through 8.6.5 has SQL Injection via the cid parameter. This is fixed in 9.2...

CVE-2019-11448

An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a PopupSLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text to a .vbs file...

CVE-2019-11978

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center IMC PLAT earlier than version 7.3 E0506P09...

CVE-2019-11363

A SQL injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to execute arbitrary SQL commands via the AgentConsole/UserGroupQuery.php ShowUser parameter...

CVE-2019-11974

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center IMC PLAT earlier than version 7.3 E0506P09...

CVE-2019-11518

An issue was discovered in SEMCMS 3.8. SEMCMSInquiry.php allows AID SQL Injection because the class.phpmailer.php injectchecksql protection mechanism is incomplete...

CVE-2019-11976

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center IMC PLAT earlier than version 7.3 E0506P09...

CVE-2019-20337

In PHP Scripts Mall advanced-real-estate-script 4.0.9, the newsedit.php newsid parameter is vulnerable to SQL Injection...

CVE-2020-7981

sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when withinboundingbox is used in conjunction with untrusted swlat, swlng, nelat, or nelng data...

CVE-2020-12104

The Import feature in the wp-advanced-search plugin 3.3.6 for WordPress is vulnerable to authenticated SQL injection via an uploaded .sql file. An attacker can use this to execute SQL commands without any validation...