sql injection vulnerabilities and exploits

NA
CVE-2019-5786

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in FileReader. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system....

6.5
CVSSv2
CVE-2019-6491

RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection....

7.5
CVSSv2
CVE-2019-5722

An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Due to a lack of user input validation in parameter handling, it has various SQL injections, including on the login form, and on the search form for a key ring number....

7.5
CVSSv2
CVE-2019-9083

SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanager/main.php dbsel parameter. NOTE: This product is discontinued....

4.3
CVSSv2
CVE-2018-20140

Zenphoto 1.4.14 has multiple cross-site scripting (XSS) vulnerabilities via different URL parameters....

6.5
CVSSv2
CVE-2018-20556

SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the booking_id parameter....

4.3
CVSSv2
CVE-2018-20121

Podcast Generator 2.7 has stored cross-site scripting (XSS) via the URL addcategory parameter....

7.5
CVSSv2
CVE-2018-19515

In Webgalamb through 7.0, system/ajax.php functionality is supposed to be available only to the administrator. However, by using one of the bgsend, atment_sddd1xGz, or xls_bgimport query parameters, most of these methods become available to unauthenticated users....

4.3
CVSSv2
CVE-2018-19509

wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars() instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to...

4.3
CVSSv2
CVE-2018-19511

wg7.php in Webgalamb 7.0 lacks security measures to prevent CSRF attacks, as demonstrated by wg7.php?options=1 to change the administrator password....