82389 matches found
CVE-2026-20001
A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending...
CVE-2026-20002
A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this...
CVE-2026-20003
A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending...
CVE-2019-25507
Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'shop' parameter. Attackers can send GET requests to index.php with malicious 'shop' values using UNION-based SQL injection t...
CVE-2019-25499
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jobid parameter. Attackers can send POST requests to getjobapplicationsajax.php with malicious jobid values to bypass authentication,...
CVE-2019-25501
Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the appid parameter. Attackers can send POST requests to deleteapplicationajax.php with crafted payloads to extract sensitive data, bypass...
CVE-2019-25499
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jobid parameter. Attackers can send POST requests to getjobapplicationsajax.php with malicious jobid values to bypass authentication,...
CVE-2019-25500
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. Attackers can send POST requests to the register-recruiters endpoint with time-based SQL injection payloads to...
CVE-2019-25501
Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the appid parameter. Attackers can send POST requests to deleteapplicationajax.php with crafted payloads to extract sensitive data, bypass...
CVE-2026-20003
A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending...
CVE-2026-20003
A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending...
CVE-2026-20003
A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending...
CVE-2026-20003
Cisco Secure FMC Software’s REST API vulnerability enables authenticated remote SQL injection due to insufficient input validation. An attacker with valid credentials (Administrator, Security approver, Intrusion admin, Access admin, Network admin) could send crafted requests to read the database ...
CVE-2026-20002
A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this...
CVE-2026-20002
A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this...
CVE-2026-20002
Cisco Secure FMC Software’s web-based management interface is affected by an SQL injection due to inadequate input validation. An authenticated, remote attacker with valid credentials could craft requests to access the database and read certain OS files, with high impact to confidentiality and in...
CVE-2026-20002
A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this...
CVE-2019-25507
Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'shop' parameter. Attackers can send GET requests to index.php with malicious 'shop' values using UNION-based SQL injection t...
CVE-2019-25505
CVE-2019-25505 affects Tradebox 5.4. The vulnerability is an SQL injection via the symbol parameter in the monthly_deposit endpoint, allowing authenticated attackers to manipulate database queries. Reported techniques include boolean-based blind, time-based blind, error-based, and union-based SQL...
CVE-2019-25505
Tradebox 5.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the symbol parameter. Attackers can send POST requests to the monthlydeposit endpoint with malicious symbol values using boolean-based blind,...