• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-89

CVE-2019-11448

February 26, 2023 by

An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text to a .vbs file.

CVE-2019-11450

February 26, 2023 by

whatsns 4.0 allows index.php?question/ajaxadd.html title SQL injection.

CVE-2019-11451

February 26, 2023 by

whatsns 4.0 allows index.php?inform/add.html qid SQL injection.

CVE-2019-11452

February 26, 2023 by

whatsns 4.0 allows index.php?admin_category/remove.html cid[] SQL injection.

CVE-2019-11469

February 26, 2023 by

Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the “Execute Program Action(s)” feature.

CVE-2019-11362

February 26, 2023 by

app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL injection via the Post:doReward score paramter, as demonstrated by the /do/reward/3 URI.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 542
  • Go to page 543
  • Go to page 544
  • Go to page 545
  • Go to page 546
  • Interim pages omitted …
  • Go to page 956
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE