• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-89

CVE-2019-12385

February 26, 2023 by

An issue was discovered in Ampache through 3.9.1. The search engine is affected by a SQL Injection, so any user able to perform lib/class/search.class.php searches (even guest users) can dump any data contained in the database (sessions, hashed passwords, etc.). This may lead to a full compromise of admin accounts, when combined with the weak password generator algorithm used in the lostpassword functionality.

CVE-2019-12348

February 26, 2023 by

An issue was discovered in zzcms 2019. SQL Injection exists in user/ztconfig.php via the daohang or img POST parameter.

CVE-2019-12349

February 26, 2023 by

An issue was discovered in zzcms 2019. SQL Injection exists in /admin/dl_sendsms.php via the id parameter.

CVE-2019-12350

February 26, 2023 by

An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_download.php via an id parameter value with a trailing comma.

CVE-2019-12351

February 26, 2023 by

An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_print.php via an id parameter value with a trailing comma.

CVE-2019-12352

February 26, 2023 by

An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendmail.php (when the attacker has dls_print authority) via a dlid cookie.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 534
  • Go to page 535
  • Go to page 536
  • Go to page 537
  • Go to page 538
  • Interim pages omitted …
  • Go to page 956
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE