216432 matches found
CVE-2019-25684
OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'where' parameter. Attackers can send GET requests to search.php with malicious SQL payloads in the 'where' parameter to extract sensitiv...
CVE-2019-25676
Ask Expert Script 3.0.5 contains cross-site scripting and SQL injection vulnerabilities that allow unauthenticated attackers to inject malicious code by manipulating URL parameters. Attackers can inject script tags through the cateid parameter in categorysearch.php or SQL code through the view...
CVE-2019-25678
C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the site parameter. Attackers can send GET requests to the usersselect.php endpoint with crafted S...
CVE-2019-25674
CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send GET requests to post.php with malicious 'post' values to extract sensitive database information or perfor...
CVE-2019-25669
qdPM 9.1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the searchbyextrafields parameter. Attackers can send POST requests to the users endpoint with malicious searchbyextrafields values to trigger SQL syntax errors and...
CVE-2019-25662
ResourceSpace 8.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'ref' parameter. Attackers can send GET requests to the watchedsearches.php endpoint with crafted SQL payloads to extract...
CVE-2019-25664
SuiteCRM 7.10.7 contains a time-based SQL injection vulnerability in the record parameter of the Users module DetailView action that allows authenticated attackers to manipulate database queries. Attackers can append SQL code to the record parameter in GET requests to the index.php endpoint to...
CVE-2019-25675 eDirectory All Versions SQL Injection Authentication Bypass
eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication and disclose sensitive files by injecting SQL code into parameters. Attackers can exploit the key parameter in the login endpoint with union-based SQL injection t...
CVE-2019-25675 eDirectory All Versions SQL Injection Authentication Bypass
eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication and disclose sensitive files by injecting SQL code into parameters. Attackers can exploit the key parameter in the login endpoint with union-based SQL injection t...
CVE-2019-25675
CVE-2019-25675 concerns the eDirectory product, affecting all versions per title, with multiple SQL injection vulnerabilities. The root cause is unparameterized SQL in the login flow, allowing unauthenticated attackers to bypass administrator authentication by injecting SQL into the key parameter...
CVE-2019-25704
CVE-2019-25704 relates to Kados R10 GreenBee and a reported SQL injection vulnerability exposed through the filter_user_mail parameter. The vulnerability allows an attacker to inject SQL code into database queries via crafted requests, with the potential to extract sensitive data or modify data. ...
CVE-2019-25704 Kados R10 GreenBee SQL Injection via filter_user_mail
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the filterusermail parameter. Attackers can send crafted requests with malicious SQL statements to extract sensitive database information or modify data...
CVE-2019-25702 Kados R10 GreenBee SQL Injection via id_project Parameter
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the idproject parameter. Attackers can send crafted requests with malicious SQL statements in the idproject parameter to extract sensitive database...
CVE-2019-25700 Kados R10 GreenBee SQL Injection via sort_direction Parameter
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the sortdirection parameter. Attackers can submit malicious SQL statements in the sortdirection parameter to extract sensitive database information or modi...
CVE-2019-25700
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the sortdirection parameter. Attackers can submit malicious SQL statements in the sortdirection parameter to extract sensitive database information or modi...
CVE-2019-25698
Kados R10 GreenBee has an SQL injection vulnerability in the id_to_delete parameter. Attackers can craft requests to manipulate SQL queries and potentially extract or modify sensitive data. The issue is documented across multiple feeds (NVD/CVE/CIRCL/etc.) with network-based access and high impac...
CVE-2019-25698 Kados R10 GreenBee SQL Injection via id_to_delete Parameter
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the idtodelete parameter. Attackers can send crafted requests with malicious SQL statements in the idtodelete field to extract or modify sensitive database...
CVE-2019-25698
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the idtodelete parameter. Attackers can send crafted requests with malicious SQL statements in the idtodelete field to extract or modify sensitive database...
CVE-2019-25696
CVE-2019-25696 – Kados R10 GreenBee SQL injection : The affected product is Kados R10 GreenBee. The vulnerability arises from a flaw in the language_tag parameter that allows attackers to inject SQL and manipulate database queries. Potential impacts are high confidentiality and high integrity com...
CVE-2019-25694 Kados R10 GreenBee SQL Injection via user2reset
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user2reset parameter. Attackers can send crafted requests with malicious SQL payloads to extract sensitive database information or modi...