• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-89

CVE-2019-17370

February 26, 2023 by

OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFile_deal.php blocks “into outfile” in a SELECT statement, but does not block the “into/**/outfile” manipulation. Therefore, the attacker can create a .php file.

CVE-2019-17318

February 26, 2023 by

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by a Regular user.

CVE-2019-17319

February 26, 2023 by

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Emails module by a Regular user.

CVE-2019-17271

February 26, 2023 by

vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter.

CVE-2019-17292

February 26, 2023 by

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by an Admin user.

CVE-2019-17293

February 26, 2023 by

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Project module by a Regular user.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 508
  • Go to page 509
  • Go to page 510
  • Go to page 511
  • Go to page 512
  • Interim pages omitted …
  • Go to page 956
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE