sql injection vulnerabilities and exploits

7.5
HIGH
CVE-2019-8393

Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled....

NA
CVE-2019-8923

XAMPP is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the cds-fpdf.php script using the jahr parameter, which could allow the attacker to view, add, modify or delete information in the back-end database....

7.5
HIGH
CVE-2019-8360

Themerig Find a Place CMS Directory 1.5 has SQL Injection via the find/assets/external/data_2.php cate parameter....

7.5
HIGH
CVE-2015-4615

Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables...

NA
CVE-2018-20556

WordPress Booking Calendar version 8.4.3 suffers from a remote SQL injection vulnerability....

NA
CVE-2014-8089

The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind....

5
MEDIUM
CVE-2018-17542

SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request....

7.5
HIGH
CVE-2018-20779

Traq 3.7.1 allows SQL Injection via a tickets?search= URI....

7.5
HIGH
CVE-2018-20770

An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is Blind SQL Injection....

7.5
HIGH
CVE-2018-13792

Multiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCapture before 12 Release 2 allow an attacker to execute arbitrary SQL commands via the mask, sortOrder, filter, or Order parameter....

7.5
HIGH
CVE-2019-7587

Bo-blog Wind through 1.6.0-r allows SQL Injection via the admin.php/comments/batchdel/ comID parameter because this parameter is mishandled in the mode/admin.mode.php delBlockedBatch function....