| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java. |
| The ICOMMKT connector before 1.0.7 for PrestaShop allows SQL injection in icommktconnector.php. |
| The Compassion Switzerland addons 10.01.4 for Odoo allow SQL injection in models/partner_compassion.py. |
| Observational Health Data Sciences and Informatics (OHDSI) WebAPI before 2.7.2 allows SQL injection in FeatureExtractionService.java. |
| GORM before 1.9.10 allows SQL injection via incomplete parentheses. NOTE: Misusing Gorm by passing untrusted user input where Gorm expects trusted SQL fragments is a vulnerability in the application, not in Gorm |
| FlashLingo before 2019-06-12 allows SQL injection, related to flashlingo.js and db.js. |
| The Reviews Module before 2019-06-14 for OpenSource Table allows SQL injection in database/index.js. |
| DianoxDragon Hawn before 2019-07-10 allows SQL injection. |
| XM^online 2 Common Utils and Endpoints 0.2.1 allows SQL injection, related to Constants.java, DropSchemaResolver.java, and SchemaChangeResolver.java. |
| XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key. |
| Pvanloon1983 social_network before 2019-07-03 allows SQL injection in includes/form_handlers/register_handler.php. |
| FredReinink Wellness-app before 2019-06-19 allows SQL injection, related to dietTrack.php, exerciseGenerator.php, fitnessTrack.php, and server.php. |
| The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php. |
| The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via delete_records. |
| Tasking Manager before 3.4.0 allows SQL Injection via custom SQL. |
| Raml-Module-Builder 26.4.0 allows SQL Injection in PostgresClient.update. |
| XENFCoreSharp before 2019-07-16 allows SQL injection in web/verify.php. |
| A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm'online CRM-System SDK 7.13 allows attackers to execute arbitrary SQL commands via the value parameter. |
| A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query. |
| An issue was discovered in Zoho ManageEngine Application Manager through 14.2. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature. |
