Lucene search
K

291 matches found

WPVulnDB
WPVulnDB
added 2019/09/08 12:0 a.m.14 views

Selio - Real Estate Directory <= 1.1 - SQL Injection & Persistent XSS

----- SQL Injection: ----- Vulnerable 'id' parameter is https://listing-themes.com/selio-wp/wp-admin/admin.php?page=ownlistingaddlisting=21 ----- Persistent XSS: ----- You need a new user account, then go to any property listing on the website and use 'ENQUIRY FORM' on the right sidebar. Or you...

Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/08/26 2:36 p.m.11 views

CVE-2019-15566

The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java...

9.8AI score0.01609EPSS
Exploits0References2
NVD
NVD
added 2019/08/21 8:15 p.m.23 views

CVE-2019-10687

KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entryid0 parameter, the admin/index.php?module=log id parameter, or an index.php?View=print&id= request...

9.8CVSS10AI score0.02877EPSS
Exploits3References2
NVD
NVD
added 2019/08/12 5:15 p.m.18 views

CVE-2019-13462

Lansweeper before 7.1.117.4 allows unauthenticated SQL injection...

9.1CVSS9.8AI score0.1131EPSS
Exploits1References2
NVD
NVD
added 2019/07/11 1:15 p.m.38 views

CVE-2019-12838

SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection...

9.8CVSS9.7AI score0.0268EPSS
Exploits0References13
Cvelist
Cvelist
added 2019/07/11 12:50 p.m.27 views

CVE-2019-12838

SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection...

9.7AI score0.0268EPSS
Exploits0References13
Cvelist
Cvelist
added 2019/07/10 9:18 p.m.18 views

CVE-2019-13489

Trape through 2019-05-08 has SQL injection via the data2 variable in core/db.py, as demonstrated by the /bs t parameter...

9.9AI score0.01432EPSS
Exploits0References1
NVD
NVD
added 2019/06/28 4:15 p.m.18 views

CVE-2019-9846

RockOA 1.8.7 allows remote attackers to obtain sensitive information because the webmain/webmainAction.php publictreestore method constructs a SQL WHERE clause unsafely by using the pidfields and idfields parameters, aka background SQL injection...

8.8CVSS8.8AI score0.01675EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2019/06/07 8:41 p.m.12 views

CVE-2019-9086

HotelDruid before v2.3.1 has SQL Injection via the /visualizzatabelle.php anno parameter...

9.8CVSS10AI score0.0164EPSS
Exploits1
Cvelist
Cvelist
added 2019/06/05 4:25 a.m.37 views

CVE-2019-11768

An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature...

9.6AI score0.04196EPSS
Exploits0References6
NVD
NVD
added 2019/05/22 4:29 p.m.43 views

CVE-2019-11880

CommSy through 8.6.5 has SQL Injection via the cid parameter. This is fixed in 9.2...

7.5CVSS7.9AI score0.02031EPSS
Exploits4References2
Exploit DB
Exploit DB
added 2019/05/06 12:0 a.m.92 views

PHPads 2.0 - &#039;click.php3?bannerID&#039; SQL Injection

Sql Injection on PHPads Version 2.0 based on Pixelledads 1.0 by Nile Flores + Date: 05/05/2019 + Risk: High + CWE Number : CWE-89 + Author: Felipe Andrian Peixoto + Vendor Homepage: https://blondish.net/ + Software Demo : https://github.com/blondishnet/PHPads/blob/master/readme.txt + Contact:...

7.4AI score
Exploits0
NVD
NVD
added 2019/03/04 6:29 p.m.11 views

CVE-2019-9566

FlarumChina v0.1.0-beta.7C has SQL injection via a /?q= request...

9.8CVSS9.9AI score0.01505EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/02/16 10:0 p.m.16 views

CVE-2019-8360

Themerig Find a Place CMS Directory 1.5 has SQL Injection via the find/assets/external/data2.php cate parameter...

10AI score0.01973EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/11/26 7:0 a.m.16 views

CVE-2018-19559

CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the referenceid parameter...

10AI score0.0104EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.16 views

WordPress 4.8.x < 4.8.2 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A flaw in $wpdb-prepare can create unsafe queries leading to potential SQL injection flaws with plugins and themes. - Multiple cross-site scripting XSS vulnerabilities...

9.8CVSS7.6AI score0.13385EPSS
Exploits2References11
Cvelist
Cvelist
added 2018/10/24 9:0 p.m.19 views

CVE-2018-18476

mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns...

10AI score0.01789EPSS
Exploits1References2
NVD
NVD
added 2018/09/28 9:29 a.m.14 views

CVE-2018-17575

SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the /academico/aluno/esqueci-minha-senha/ studentId parameter...

9.8CVSS10AI score0.01135EPSS
Exploits1References1
NVD
NVD
added 2018/09/03 7:29 p.m.15 views

CVE-2018-16410

Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php...

6.5CVSS7AI score0.0094EPSS
Exploits1References2
Cvelist
Cvelist
added 2018/09/03 2:0 a.m.25 views

CVE-2018-16385

ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string...

10AI score0.02113EPSS
Exploits1References1
Rows per page
Query Builder