Vulmon Recent Vulnerabilities Discussions Trends Blog About Contact

sql injection vulnerabilities and exploits

NA
CVE-2013-2745

An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0...

6.5
CVSSv2
CVE-2019-5111

Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_cat was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web...

Formalms
6.5
CVSSv2
CVE-2019-5112

Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_status was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web...

Formalms
6.5
CVSSv2
CVE-2019-5109

Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability,...

Formalms
6.5
CVSSv2
CVE-2019-5110

Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability,...

Formalms
5
CVSSv2
CVE-2019-19016

An issue was discovered in TitanHQ WebTitan before 5.18. Some functions, such as /history-x.php, of the administration interface are vulnerable to SQL Injection through the results parameter. This could be used by an attacker to extract sensitive information from the appliance...

NA
CVE-2019-19245

NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication SQL Injection via the /elegant6/login LoginForm[username] field when double quotes are used....

NA
CVE-2019-15300

A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query....

NA
CVE-2011-1939

SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6....

NA
CVE-2011-1933

SQL injection vulnerability in Jifty::DBI before 0.68....

CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2019-11923CVE-2019-19522CVE-2019-19587CVE-2019-19520shadowsocks-libevfirmwareshadowsockscross-site scriptinglog injectionformalmsCVE-2013-2745CVE-2019-3690