sql injection vulnerabilities and exploits

NA
CVE-2019-14937

REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to...

NA
CVE-2015-9323

The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection....

NA
CVE-2015-9324

The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection....

NA
CVE-2014-10376

The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection....

NA
CVE-2015-9326

The wp-business-intelligence-lite plugin before 1.6.3 for WordPress has SQL injection....

7.5
CVSSv2
CVE-2017-18548

The note-press plugin before 0.1.2 for WordPress has SQL injection....

NA
CVE-2016-10904

The olimometer plugin before 2.57 for WordPress has SQL injection....

NA
CVE-2015-9325

The visitors-online plugin before 0.4 for WordPress has SQL injection....

NA
CVE-2019-15104

An issue was discovered in Zoho ManageEngine OpManager through 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently...

NA
CVE-2019-15105

An issue was discovered in Zoho ManageEngine Application Manager through 14.2. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can...