Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19898 | 1 Thinkcmf | 1 Thinkcmf | 2018-12-26 | 6.5 MEDIUM | 8.8 HIGH |
| ThinkCMF X2.2.2 has SQL Injection via the method edit_post in ArticleController.class.php and is exploitable by normal authenticated users via the post[id][1] parameter in an article edit_post action. | |||||
| CVE-2018-19897 | 1 Thinkcmf | 1 Thinkcmf | 2018-12-26 | 6.5 MEDIUM | 7.2 HIGH |
| ThinkCMF X2.2.2 has SQL Injection via the function _listorders() in AdminbaseController.class.php and is exploitable with the manager privilege via the listorders[key][1] parameter in a Link listorders action. | |||||
| CVE-2018-19896 | 1 Thinkcmf | 1 Thinkcmf | 2018-12-26 | 6.5 MEDIUM | 7.2 HIGH |
| ThinkCMF X2.2.2 has SQL Injection via the function delete() in SlideController.class.php and is exploitable with the manager privilege via the ids[] parameter in a slide action. | |||||
| CVE-2018-19895 | 1 Thinkcmf | 1 Thinkcmf | 2018-12-26 | 6.5 MEDIUM | 7.2 HIGH |
| ThinkCMF X2.2.2 has SQL Injection via the function edit_post() in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action. | |||||
| CVE-2018-19894 | 1 Thinkcmf | 1 Thinkcmf | 2018-12-26 | 6.5 MEDIUM | 7.2 HIGH |
| ThinkCMF X2.2.2 has SQL Injection via the functions check() and delete() in CommentadminController.class.php and is exploitable with the manager privilege via the ids[] parameter in a commentadmin action. | |||||
| CVE-2018-13350 | 1 Terra-master | 1 Terramaster Operating System | 2018-12-19 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter. | |||||
| CVE-2018-19468 | 1 Hucart | 1 Hucart | 2018-12-19 | 7.5 HIGH | 9.8 CRITICAL |
| HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login URI. | |||||
| CVE-2018-19557 | 1 Arcms Project | 1 Arcms | 2018-12-19 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in arcms through 2018-03-19. No authentication is required for index/main, user/useradd, or img/images. | |||||
| CVE-2018-19558 | 1 Arcms Project | 1 Arcms | 2018-12-19 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in arcms through 2018-03-19. SQL injection exists via the json/newslist limit parameter because of ctl/main/Json.php, ctl/main/service/Data.php, and comp/Db/Mysql.php. | |||||
| CVE-2018-19559 | 1 Cuppacms | 1 Cuppacms | 2018-12-18 | 7.5 HIGH | 9.8 CRITICAL |
| CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter. | |||||
| CVE-2018-18822 | 1 Grapixel | 1 New Media | 2018-12-18 | 7.5 HIGH | 9.8 CRITICAL |
| Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pageref parameter. | |||||
| CVE-2016-10731 | 1 Projectsend | 1 Projectsend | 2018-12-18 | 7.5 HIGH | 9.8 CRITICAL |
| ProjectSend (formerly cFTP) r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selected_clients, clients.php with the request parameter status, process-zip-download.php with the request parameter file, or home-log.php with the request parameter action. | |||||
| CVE-2014-8367 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2018-12-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.3.6, and 6.4.x before 6.4.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2018-19434 | 1 Weberp | 1 Weberp | 2018-12-18 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered on the "Bank Account Matching - Receipts" screen of the General Ledger component in webERP 4.15. BankMatching.php has Blind SQL injection via the AmtClear_ parameter. | |||||
| CVE-2018-19435 | 1 Weberp | 1 Weberp | 2018-12-18 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter. | |||||
| CVE-2018-19436 | 1 Weberp | 1 Weberp | 2018-12-18 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in the Manufacturing component in webERP 4.15. CollectiveWorkOrderCost.php has Blind SQL Injection via the SearchParts parameter. | |||||
| CVE-2018-18801 | 1 Bsen Ordering Software Project | 1 Bsen Ordering Software | 2018-12-18 | 7.5 HIGH | 9.8 CRITICAL |
| The BSEN Ordering software 1.0 has SQL Injection via student/index.php?view=view&id=[SQL] or index.php?q=single-item&id=[SQL]. | |||||
| CVE-2018-18796 | 1 Library Management System Project | 1 Library Management System | 2018-12-18 | 7.5 HIGH | 9.8 CRITICAL |
| Library Management System 1.0 has SQL Injection via the "Search for Books" screen. | |||||
| CVE-2018-18795 | 1 School Event Management System Project | 1 School Event Management System | 2018-12-18 | 7.5 HIGH | 9.8 CRITICAL |
| School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter. | |||||
| CVE-2018-18763 | 1 Saltos | 1 Saltos | 2018-12-18 | 7.5 HIGH | 9.8 CRITICAL |
| SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection. | |||||