What are SQL Injection Vulnerabilities

Signature update for June 2020

999580CVE-2020-6010WEB-WORDPRESS LearnPress LMS plug-in prior to 3.2.6.9 - SQL Injection Vulnerability (CVE-2020-6010)999581WEB-MISC Nagios XI up to 5.6.13 - Vulnerability caused by Service Command_Testing arbitrary commands999582CVE-2020-0932Microsoft SharePoint Server Remote Code Execution Over SOAP 1.2 Vulnerability in WebPart Source Markup (CVE-2020-0932)999583CVE-2020-0932Microsoft SharePoint Server Remote Code Execution Over SOAP 1.1 Vulnerability in WebPart Source Markup (CVE-2020-0932)999584CVE-2020-12642WEB-WORDPRESS Ninja Forms-Plug-In prior to 3.4.24.2 - Security vulnerability with cross-location falsification of requests via import fields (CVE-2020-12642)999585CVE-2020-12642WEB-WORDPRESS Ninja Forms-Plug-In prior to 3.4.24.2 - Vulnerability in the case of website falsification via import form (CVE-2020-12642)999586CVE-2020-11450WEB-MISC Microstrategy Web 10.4 Information Disclosure Vulnerability (CVE-2020-11450)999587CVE-2020-7935WEB-MISC Artica Pandora FMS 7.0 - Unrestricted upload of files with dangerous type enables RCE (CVE-2020-7935)999588CVE-2020-12116WEB-MISC Zoho ManageEngine OPManager Pre-Build 125125 - Zoho ManageEngine - Information Disclosure Vulnerability (CVE-2020-12116)999589WEB-WORDPRESS Elementor Page Builder prior to 2.9.6 - Privilege escalation vulnerability999590CVE-2020-11738WEB-WORDPRESS - SnapCreek Duplicator plug-in prior to 1.3.28 - Path Traversal Vulnerability (CVE-2020-11738)999591CVE-2020-10389WEB-MISC Chadha PHPKB Standard Multi-Language 9 Remote Code Execution Vulnerability (CVE-2020-10389)999592CVE-2020-11516WEB-WORDPRESS contact form 7 Datepicker plug-in Up to 2.6.0 - Stored Cross-Site-Scripting Vulnerability (CVE-2020-11516)999593WEB-MISC Nagios XI up to 5.6.13 - Vulnerability when executing any commands in the export RRD above step999594WEB-MISC Nagios XI up to 5.6.13 - Vulnerability due to the execution of arbitrary commands in the export RRD over end999595WEB-MISC Nagios XI up to 5.6.13 - Export-RRD Vulnerability when executing arbitrary commands via start999596CVE-2019-19799Zoho ManageEngine Applications Manager prior to 14600 Information Disclosure Vulnerability (CVE-2019-19799)999597CVE-2020-10458WEB-MISC Chadha PHPKB Standard Multilingual 9 - Random Folder Deletion Vulnerability (CVE-2020-10458)999598CVE-2017-9822WEB-MISC DNN Before 9.1.1 - DNNPersonalization Cookie Remote Code Execution Vulnerability (CVE-2017-9822)999599CVE-2020-7953WEB-MISC OpServices OPMon 9.3.2 - Vulnerability due to disclosure of unauthenticated information via nmap_options Param (CVE-2020-7953)999600CVE-2020-7953WEB-MISC OpServices OPMon 9.3.2 - Vulnerability due to disclosure of unauthenticated information about host parameters (CVE-2020-7953)999601WEB-MISC Bolt CMS 3.7.0 - File renaming in a vulnerability caused by a dangerous type via the novel parameter999602WEB-MISC Bolt CMS 3.7.0 - Vulnerability in path execution through newer parameters999603WEB-MISC Bolt CMS 3.7.0 - Vulnerability over oldname parameter999604WEB-MISC Bolt CMS 3.7.0 - High-Parameter Path Execution Vulnerability999605WEB-MISC Bolt CMS 3.7.0 - Vulnerability regarding improper field validation in the displayname parameter999606CVE-2020-9004WEB-MISC - Wowza Streaming Engine 4.7.8 - View Log Incorrect Authorization Vulnerability (CVE-2020-9004)999607CVE-2020-9004WEB-MISC - Wowza Streaming Engine 4.7.8 - Vulnerability in Media Cache Settings (CVE-2020-9004)999608CVE-2020-9004WEB-MISC - Wowza Streaming Engine 4.7.8 - Incorrect Authorization in Application Settings Vulnerability (CVE-2020-9004)999609CVE-2020-9004WEB-MISC - Wowza Streaming Engine 4.7.8 - Incorrect Authorization in Server Settings Vulnerability (CVE-2020-9004)999610WEB-MISC PrestaShop 1.7.6.5 - Vulnerability in CSRF via file manager999611CVE-2020-10238WEB-MISC Joomla! Reverting to 3.9.16 - Security Bypass Vulnerability Using com_templates (CVE-2020-10238)999612CVE-2020-11510WEB-WORDPRESS LearnPress LMS-Plug-in Before 3.2.6.9 - Privilege escalation Via learnpress_create_page (CVE-2020-11510)999613CVE-2020-11510WEB-WORDPRESS LearnPress LMS-Plugin before 3.2.6.9 - Privilege escalation Via learnpress_update_order_status (CVE-2020-11510)999614CVE-2020-8636WEB-MISC OpServices OPMon 9.3.2 - Vulnerability in unauthenticated remote code execution via nmap_options parameter (CVE-2020-8636)999615CVE-2020-8636WEB-MISC OpServices OPMon 9.3.2 Vulnerability in Unauthenticated Remote Code Execution Using Host Parameters (CVE-2020-8636)999616CVE-2020-11511WEB-WORDPRESS LearnPress LMS plug-in prior to 3.2.6.9 - Privilege escalation via accept teacher (CVE-2020-11511)999617CVE-2020-11451WEB-MISC Microstrategy Web - File Uploading Via JSP Vulnerability (CVE-2020-11451)999618CVE-2020-11451WEB-MISC Microstrategy Web - File Uploading Via ASP Vulnerability (CVE-2020-11451)999619CVE-2020-11515WEB-WORDPRESS WP SEO Plug-in Rank Math before 1.0.41 - Redirect security vulnerability via REST-API through URL (CVE-2020-11515)999620CVE-2020-11515WEB-WORDPRESS WP SEO Plug-in Rank Math Before 1.0.41 - Security vulnerability when redirecting via REST API rest_route Param (CVE-2020-11515)999621CVE-2020-10457WEB-MISC Chadha PHPKB Standard multilingual 9 - Vulnerability caused by renaming arbitrary files via IMGName (CVE-2020-10457)999622CVE-2020-10457WEB-MISC Chadha PHPKB Standard multilingual 9 - Vulnerability caused by renaming of arbitrary files via IMGURL (CVE-2020-10457)999623CVE-2019-1821WEB-MISC Cisco Prime Infrastructure Remote Code Execution Vulnerability (CVE-2019-1821)999624WEB-WORDPRESS Page Builder-Plugin before October 2nd, 2016 - CSRF vulnerability Via Ajax action_builder_content999625WEB-WORDPRESS Page Builder-Plugin before October 2nd, 2016 - CSRF vulnerability via Live Editor999626CVE-2020-11514WEB-WORDPRESS WP SEO Plug-in Rank Math Before 1.0.41 - Escalation of privileges via REST API via URL (CVE-2020-11514)999627CVE-2020-11514WEB-WORDPRESS WP SEO Plug-in Rank Math Before 1.0.41 - Escalation of privileges via REST API rest_route Param (CVE-2020-11514)999628CVE-2019-6713WEB-MISC ThinkCMF prior to 5.0.190312 - Code Injection Vulnerability via /route/editpost.html (CVE-2019-6713)999629CVE-2019-6713WEB-MISC ThinkCMF prior to 5.0.190312 - /route/addpost.html Code Injection Vulnerability (CVE-2019-6713)999630WEB-WORDPRESS Google Site Kit plug-in prior to 1.8.0 - Unprotected verification vulnerability999631CVE-2020-9315WEB-MISC Oracle iPlanet Web Server 7.0.x - Incorrect Access Control Vulnerability (CVE-2020-9315)999632CVE-2020-1947WEB-MISC Apache ShardingSphere 4.0.0-RC3 and 4.0.0 - SnakeYAML Remote Code Execution Vulnerability (CVE-2020-1947)999633CVE-2020-7961Liferay Portal prior to 7.2.1 CE GA2 - Vulnerability in JSONWS deserialization RCE over JSON-RPC (CVE-2020-7961)999634CVE-2020-7961Liferay Portal prior to 7.2.1 CE GA2 - Vulnerability in JSONWS deserialization RCE via URL path (CVE-2020-7961)999635CVE-2020-7961Liferay Portal prior to 7.2.1 CE GA2 - Vulnerability in JSONWS deserialization RCE via form and URI query (CVE-2020-7961)999636CVE-2020-8518WEB-MISC Horde Groupware Webmail Edition 5.2.22 - Remote Code Execution Vulnerability (CVE-2020-8518)999637CVE-2020-7351WEB-MISC Fonality Trixbox CE 2.8.0.4 and above - Remote Code Execution Vulnerability (CVE-2020-7351)999638CVE-2020-12720WEB-MISC vBulletin prior to version 5.6.1 Patch Level 1 - Unauthenticated SQL Injection Vulnerability (CVE-2020-12720)999639CVE-2019-19800Zoho ManageEngine Applications Manager prior to 14520 Path Traversal Vulnerability (CVE-2019-19800)999640CVE-2020-10386WEB-MISC Chadha PHPKB Standard Multilingual 9 - Remote Code Execution (CVE-2020-10386)999641CVE-2020-8497WEB-MISC Artica Pandora FMS 7.0 Unauthenticated Information Disclosure Vulnerability (CVE-2020-8497)999642CVE-2020-6009WEB-WORDPRESS LearnDash LMS plug-in prior to 3.1.6 - Unauthenticated SQL injection vulnerability (CVE-2020-6009)