Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19331 | 1 S-cms | 1 S-cms | 2018-12-18 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in S-CMS v1.5. There is a SQL injection vulnerability in search.php via the keyword parameter. | |||||
| CVE-2018-18806 | 1 School Equipment Monitoring System Project | 1 School Equipment Monitoring System | 2018-12-17 | 7.5 HIGH | 9.8 CRITICAL |
| School Equipment Monitoring System 1.0 allows SQL injection via the login screen, related to include/user.vb. | |||||
| CVE-2018-18804 | 1 Bakeshop Inventory System Project | 1 Bakeshop Inventory System | 2018-12-17 | 7.5 HIGH | 9.8 CRITICAL |
| Bakeshop Inventory System 1.0 has SQL injection via the login screen, related to include/publicfunction.vb. | |||||
| CVE-2018-18803 | 1 Curriculum Evaluation System Project | 1 Curriculum Evaluation System | 2018-12-17 | 7.5 HIGH | 9.8 CRITICAL |
| Curriculum Evaluation System 1.0 allows SQL Injection via the login screen, related to frmCourse.vb and includes/user.vb. | |||||
| CVE-2018-19349 | 1 Seacms | 1 Seacms | 2018-12-17 | 6.5 MEDIUM | 7.2 HIGH |
| In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php. | |||||
| CVE-2018-0685 | 1 Neo | 1 Debun Pop | 2018-12-17 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the Denbun POP version V3.3P R4.0 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via HTTP requests for mail search. | |||||
| CVE-2018-18476 | 1 Nedap | 1 Mysql-binuuid-rails | 2018-12-13 | 7.5 HIGH | 9.8 CRITICAL |
| mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns. | |||||
| CVE-2018-18963 | 1 Degraupublicidade | 1 Degraupublicidade | 2018-12-13 | 7.5 HIGH | 9.8 CRITICAL |
| Busca.aspx.cs in Degrau Publicidade e Internet Plataforma de E-commerce allows SQL Injection via the busca/ URI. | |||||
| CVE-2018-19221 | 1 Laobancms | 1 Laobancms | 2018-12-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in LAOBANCMS 2.0. It allows SQL Injection via the admin/login.php guanliyuan parameter. | |||||
| CVE-2015-1310 | 1 Sybase | 1 Adaptive Server Enterprise | 2018-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SAP Adaptive Server Enterprise (Sybase ASE) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Note 2113333. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2013-7094 | 1 Sap | 1 Netweaver | 2018-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-7239 | 1 Sap | 1 Netweaver J2ee Engine | 2018-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-5723 | 1 Sap | 1 Netweaver | 2018-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE." | |||||
| CVE-2016-6818 | 1 Sap | 1 Business Intelligence Platform | 2018-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service (data deletion), or launch administrative operations or possibly OS commands via a crafted SQL query. The vendor response is SAP Security Note 2361633. | |||||
| CVE-2014-8588 | 1 Sap | 1 Hana | 2018-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-6869 | 1 Sap | 1 Netweaver | 2018-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-7096 | 1 Sap | 1 Emr Unwired | 2018-12-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SAP EMR Unwired allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2018-19061 | 1 Dedecms | 1 Dedecms | 2018-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter. | |||||
| CVE-2018-18887 | 1 S-cms | 1 S-cms | 2018-12-08 | 7.5 HIGH | 9.8 CRITICAL |
| S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field). | |||||
| CVE-2018-18832 | 1 Dkcms | 1 Dkcms | 2018-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| admin/check.asp in DKCMS 9.4 allows SQL Injection via an ASPSESSIONID cookie to admin/admin.asp. | |||||