CVE-2019-7003

CRITICAL Year: 2019
CVSS v3 Score
9.3
Critical
CVSS v2 Score
6.4
Medium
Weakness Type
CWE-89
View all →

Vulnerability Description

A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated.

Related Vulnerabilities

CVE-2020-9265

CRITICAL
CVSS:9.3(Critical)

phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against the deluser.php Delete User functionality, as demonstrated by pmc_username.

CWE-892020

CVE-2023-28787

CRITICAL
CVSS:9.3(Critical)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1...

CWE-892023

CVE-2024-32128

CRITICAL
CVSS:9.3(Critical)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Realtyna Realtyna Organic IDX plugin.This issue affects Realtyna Organic IDX plugin: from n/a thro...

CWE-892024

CVE-2024-32709

CRITICAL
CVSS:9.3(Critical)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5.

CWE-892024

CVE-2024-33544

CRITICAL
CVSS:9.3(Critical)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10.

CWE-892024

CVE-2024-33559

CRITICAL
CVSS:9.3(Critical)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a through 9.3.5.

CWE-892024