Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-5083 | 1 Phpnuke | 2 Php-nuke, Web Links Module | 2019-07-01 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php. | |||||
| CVE-2019-9087 | 1 Digitaldruid | 1 Hoteldruid | 2019-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php numtariffa1 parameter. | |||||
| CVE-2019-9086 | 1 Digitaldruid | 1 Hoteldruid | 2019-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle.php anno parameter. | |||||
| CVE-2019-12939 | 1 Livezilla | 1 Livezilla | 2019-06-26 | 7.5 HIGH | 9.8 CRITICAL |
| LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the p_ext_rse parameter. | |||||
| CVE-2019-12960 | 1 Livezilla | 1 Livezilla | 2019-06-25 | 7.5 HIGH | 9.8 CRITICAL |
| LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php via the parameter p_dt_s_d. | |||||
| CVE-2018-15892 | 1 Freepbx | 1 Disa | 2019-06-24 | 6.0 MEDIUM | 4.3 MEDIUM |
| FreePBX 13 and 14 has SQL Injection in the DISA module via the hangup variable on the /admin/config.php?display=disa&view=form page. | |||||
| CVE-2015-6811 | 1 Cyberoam | 2 Cr500ing-xp, Cyberoamos | 2019-06-24 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.xml. | |||||
| CVE-2018-15868 | 1 Chronoscan | 1 Chronoscan | 2019-06-24 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in ChronoScan version 1.5.4.3 and earlier allows an unauthenticated attacker to execute arbitrary SQL commands via the wcr_machineid cookie. | |||||
| CVE-2018-16116 | 1 Sophos | 2 Sfos, Xg Firewall | 2019-06-24 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in AccountStatus.jsp in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary SQL commands via the "username" GET parameter. | |||||
| CVE-2018-16251 | 1 Creatiwity | 1 Witycms | 2019-06-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A "search for user discovery" injection issue exists in Creatiwity wityCMS 0.6.2 via the "Utilisateur" menu. No input parameters are filtered, e.g., the /admin/user/users Nickname, email, firstname, lastname, and groupe parameters. | |||||
| CVE-2018-17386 | 1 Thephpfactory | 1 Micro Deal Factory | 2019-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Micro Deal Factory 2.4.0 component for Joomla! via the id parameter, or the PATH_INFO to mydeals/ or listdeals/. | |||||
| CVE-2018-17388 | 1 Ranksol | 1 Twilio Web To Fax Machine System | 2019-06-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Twilio WEB To Fax Machine System 1.0 via the email or password parameter to login_check.php, or the id parameter to add_email.php or edit_content.php. | |||||
| CVE-2018-17374 | 1 Thephpfactory | 1 Auction Factory | 2019-06-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Auction Factory 4.5.5 component for Joomla! via the filter_order_Dir or filter_order parameter. | |||||
| CVE-2018-17381 | 1 Thephpfactory | 1 Dutch Auction Factory | 2019-06-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Dutch Auction Factory 2.0.2 component for Joomla! via the filter_order_Dir or filter_order parameter. | |||||
| CVE-2018-18758 | 1 Open Faculty Evaluation System Project | 1 Open Faculty Evaluation System | 2019-06-20 | 7.5 HIGH | 9.8 CRITICAL |
| Open Faculty Evaluation System 7 for PHP 7 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18757. | |||||
| CVE-2018-18757 | 1 Open Faculty Evaluation System Project | 1 Open Faculty Evaluation System | 2019-06-20 | 7.5 HIGH | 9.8 CRITICAL |
| Open Faculty Evaluation System 5.6 for PHP 5.6 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18758. | |||||
| CVE-2018-17393 | 1 Healthnode Hospital Management System Project | 1 Healthnode Hospital Management System | 2019-06-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in HealthNode Hospital Management System 1.0 via the id parameter to dashboard/Patient/info.php or dashboard/Patient/patientdetails.php. | |||||
| CVE-2018-17398 | 1 Arenam | 1 Amgallery | 2019-06-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the AMGallery 1.2.3 component for Joomla! via the filter_category_id parameter. | |||||
| CVE-2018-17399 | 1 Jimtawl Project | 1 Jimtawl | 2019-06-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Jimtawl 2.2.7 component for Joomla! via the id parameter. | |||||
| CVE-2018-17840 | 1 Education Website Project | 1 Education Website | 2019-06-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection exists in Scriptzee Education Website 1.0 via the college_list.html subject, city, or country parameter. | |||||