SQL Injection に分類される脆弱性に紐づく CVE を、公開年で絞り込みます。一覧は新しい公開が上に来る並びで、CVSS / EPSS のリスク指標でもさらに絞り込めます。
直近の脆弱性公開や傾向を押さえ、セキュリティチームが高リスクな事象や悪用の可能性を素早く把握するためのビューです。
2019 年に公開され、SQL Injection に分類される CVE を表示しています。 CVE の一覧へ
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2015-5591 | SQL injection vulnerability in Zenphoto before 1.4.9 allow remote administrators to execute arbitrary SQL commands. | 7.2 | 4.34% | 2019-12-31 | 2024-11-21 |
| CVE-2019-7478 | A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulnerability affected GMS versions GMS 8.4, 8.5, 8.6, 8.7, 9.0 and 9.1. | 9.8 | 0.48% | 2019-12-31 | 2024-11-21 |
| CVE-2019-19734 | _account_move_file_in_folder.ajax.php in MFScripts YetiShare 3.5.2 directly inserts values from the fileIds parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection. | 8.8 | 0.26% | 2019-12-30 | 2024-11-21 |
| CVE-2019-19732 | translation_manage_text.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 directly insert values from the aSortDir_0 and/or sSortDir_0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection. | 7.2 | 0.27% | 2019-12-30 | 2024-11-21 |
| CVE-2019-6012 | SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | 7.2 | 1.03% | 2019-12-26 | 2024-11-21 |
| CVE-2019-18234 | Equinox Control Expert all versions, is vulnerable to an SQL injection attack, which may allow an attacker to remotely execute arbitrary code. | 9.8 | 0.21% | 2019-12-23 | 2024-11-21 |
| CVE-2019-17527 | dataForDepandantField in models/custormfields.php in the JS JOBS FREE extension before 1.2.7 for Joomla! allows SQL Injection via the index.php?option=com_jsjobs&task=customfields.getfieldtitlebyfieldandfieldfo child parameter. | 9.8 | 0.26% | 2019-12-19 | 2024-11-21 |
| CVE-2019-7484 | Authenticated SQL Injection in SonicWall SMA100 allow user to gain read-only access to unauthorized resources using viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier. | 6.5 | 0.38% | 2019-12-19 | 2024-11-21 |
| CVE-2019-8600 | A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A maliciously crafted SQL query may lead to arbitrary code execution. | 9.8 | 12.70% | 2019-12-18 | 2024-11-21 |
| CVE-2019-19846 | In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors. | 9.8 | 1.37% | 2019-12-18 | 2024-11-21 |
| CVE-2019-7481 KEV | Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. This vulnerablity impacted SMA100 version 9.0.0.3 and earlier. | 7.5 | 94.34% | 2019-12-17 | 2025-10-31 |
| CVE-2019-19850 | An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backend user who has administrator privileges. | 7.2 | 0.34% | 2019-12-17 | 2024-11-21 |
| CVE-2019-15933 | Intesync Solismed 3.3sp has SQL Injection. | 9.8 | 0.38% | 2019-12-12 | 2024-11-21 |
| CVE-2019-19740 | Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignID in Campaign.Get is vulnerable. | 9.8 | 0.78% | 2019-12-12 | 2024-11-21 |
| CVE-2014-7257 | SQL injection vulnerability in DBD::PgPP 0.05 and earlier | 9.8 | 0.31% | 2019-12-11 | 2024-11-21 |
| CVE-2013-5743 | Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7. | 9.8 | 77.79% | 2019-12-11 | 2024-11-21 |
| CVE-2019-19650 | Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function. | 8.8 | 7.05% | 2019-12-11 | 2024-11-21 |
| CVE-2019-19649 | Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function. | 9.8 | 50.40% | 2019-12-11 | 2024-11-21 |
| CVE-2015-3424 | SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to execute arbitrary SQL commands via the SIDX parameter. | 8.8 | 0.54% | 2019-12-09 | 2024-11-21 |
| CVE-2018-7282 | The username parameter of the TITool PrintMonitor solution during the login request is vulnerable to and/or time-based blind SQLi. | 9.8 | 68.82% | 2019-12-06 | 2024-11-21 |