sql injection vulnerabilities and exploits

NA
CVE-2019-7755

webERP 4.15 - 'ImportBankTransaction' Blind SQL Injection...

NA
CVE-2019-8924

XAMPP is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the cds-fpdf.php script. A remote attacker could exploit this vulnerability using the interpret or titel parameter to inject malicious script into a Web page which would be execut...

NA
CVE-2012-2593

AtMail Email Security Appliance contains a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site request forgery attacks. The vulnerability is due to improper session management used by the device web-based management interface. An unauthe...

7.5
HIGH
CVE-2019-8428

ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value....

7.5
HIGH
CVE-2019-8429

ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter....

7.5
HIGH
CVE-2019-8423

ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter....

7.5
HIGH
CVE-2019-8424

ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter....

NA
CVE-2019-8349

Htmly is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the destination or content parameter in a specially-crafted URL to execute script in a victim's Web browser within the ...

6.5
MEDIUM
CVE-2019-8421

upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter....

6.5
MEDIUM
CVE-2019-8422

A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php....

7.5
HIGH
CVE-2019-8393

Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled....