sql injection vulnerabilities and exploits

7.5
HIGH
CVE-2019-8428

ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value....

7.5
HIGH
CVE-2019-8429

ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter....

NA
CVE-2019-8349

Htmly is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the destination or content parameter in a specially-crafted URL to execute script in a victim's Web browser within the...

6.5
MEDIUM
CVE-2019-8421

upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter....

6.5
MEDIUM
CVE-2019-8422

A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php....

7.5
HIGH
CVE-2019-8393

Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled....

NA
CVE-2019-8923

XAMPP is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the cds-fpdf.php script using the jahr parameter, which could allow the attacker to view, add, modify or delete information in the back-end database....

7.5
HIGH
CVE-2019-8360

Themerig Find a Place CMS Directory 1.5 has SQL Injection via the find/assets/external/data_2.php cate parameter....

7.5
HIGH
CVE-2015-4615

Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables...

6.5
MEDIUM
CVE-2018-20556

SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the booking_id parameter....