Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2451 | 1 Inmedias | 1 Statistics | 2019-03-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Statistics (aka ke_stats) extension 0.1.2 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2018-17420 | 1 Zrlog | 1 Zrlog | 2019-03-08 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywords parameter. | |||||
| CVE-2018-16809 | 1 Dolibarr | 1 Dolibarr | 2019-03-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit. | |||||
| CVE-2018-17416 | 1 Zzcms | 1 Zzcms | 2019-03-08 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid parameter. | |||||
| CVE-2018-17415 | 1 Zzcms | 1 Zzcms | 2019-03-08 | 6.5 MEDIUM | 8.8 HIGH |
| zzcms V8.3 has a SQL injection in /user/zs_elite.php via the id parameter. | |||||
| CVE-2018-17414 | 1 Zzcms | 1 Zzcms | 2019-03-08 | 6.5 MEDIUM | 8.8 HIGH |
| zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass parameter. | |||||
| CVE-2018-17412 | 1 Zzcms | 1 Zzcms | 2019-03-08 | 7.5 HIGH | 9.8 CRITICAL |
| zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For HTTP header. | |||||
| CVE-2016-8027 | 1 Mcafee | 1 Epolicy Orchestrator | 2019-03-07 | 7.5 HIGH | 10.0 CRITICAL |
| SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post. | |||||
| CVE-2019-9626 | 1 Phpshe | 1 Phpshe | 2019-03-07 | 7.5 HIGH | 9.8 CRITICAL |
| PHPSHE 1.7 allows module/index/cart.php pintuan_id SQL Injection to index.php. | |||||
| CVE-2018-18450 | 1 Pbootcms | 1 Pbootcms | 2019-03-07 | 7.5 HIGH | 9.8 CRITICAL |
| apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demonstrated by the POST data to the admin.php/Single/mod/mcode/1/id/3 URI. | |||||
| CVE-2019-9594 | 1 Bluecms Project | 1 Bluecms | 2019-03-07 | 7.5 HIGH | 9.8 CRITICAL |
| BlueCMS 1.6 allows SQL Injection via the user_id parameter in an uploads/admin/user.php?act=edit request. | |||||
| CVE-2018-6329 | 1 Unitrends | 1 Backup | 2019-03-07 | 10.0 HIGH | 9.8 CRITICAL |
| It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, allowing a remote attacker to place a privilege escalation exploit on the target system and subsequently execute arbitrary commands. | |||||
| CVE-2019-9615 | 1 Ofcms Project | 1 Ofcms | 2019-03-07 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in OFCMS before 1.1.3. It allows admin/system/generate/create?sql= SQL injection, related to SystemGenerateController.java. | |||||
| CVE-2018-8734 | 1 Nagios | 1 Nagios Xi | 2019-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter. | |||||
| CVE-2019-9566 | 1 Flarumchina | 1 Flarumchina | 2019-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| FlarumChina v0.1.0-beta.7C has SQL injection via a /?q= request. | |||||
| CVE-2018-7033 | 2 Debian, Schedmd | 2 Debian Linux, Slurm | 2019-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD. | |||||
| CVE-2018-8057 | 1 Westernbridgegroup | 1 Razor | 2019-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection vulnerability exists in Western Bridge Cobub Razor 0.8.0 via the channel_name or platform parameter in a /index.php?/manage/channel/addchannel request, related to /application/controllers/manage/channel.php. | |||||
| CVE-2018-7802 | 1 Schneider-electric | 2 Evlink Parking, Evlink Parking Firmware | 2019-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could give access to the web interface with full privileges. | |||||
| CVE-2019-9047 | 1 Fizzday | 1 Gorose | 2019-02-25 | 7.5 HIGH | 9.8 CRITICAL |
| GoRose v1.0.4 has SQL Injection when the order_by or group_by parameter can be controlled. | |||||
| CVE-2016-1000271 | 1 Dthdevelopment | 1 Dt Register | 2019-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an SQL injection in "/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events". This attack appears to be exploitable if the attacker can reach the web server. | |||||