Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4633 | 1 Koha | 1 Koha | 2018-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow (1) remote attackers to execute arbitrary SQL commands via the number parameter to opac-tags_subject.pl in the OPAC interface or (2) remote authenticated users to execute arbitrary SQL commands via the Filter or (3) Criteria parameter to reports/borrowers_out.pl in the Staff interface. | |||||
| CVE-2018-18546 | 1 Thinkphp | 1 Thinkphp | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable. | |||||
| CVE-2018-18705 | 1 Phptpoint | 1 Hospital Management System | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| PhpTpoint hospital management system suffers from multiple SQL injection vulnerabilities via the index.php user parameter associated with LOGIN.php, or the rno parameter to ALIST.php, DUNDEL.php, PDEL.php, or PUNDEL.php. | |||||
| CVE-2018-18704 | 1 Phptpoint | 1 Pharmacy Management System | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| PhpTpoint Pharmacy Management System suffers from a SQL injection vulnerability in the index.php username parameter. | |||||
| CVE-2018-18702 | 1 Icmsdev | 1 Icms | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion. | |||||
| CVE-2018-18550 | 1 Serverscheck | 1 Serverscheck | 2018-12-04 | 6.5 MEDIUM | 8.8 HIGH |
| ServersCheck Monitoring Software before 14.3.4 allows SQL Injection by an authenticated user. | |||||
| CVE-2018-18527 | 1 Owndms | 1 Ownticket | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or editTicketStatusId parameter. | |||||
| CVE-2018-17446 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | |||||
| CVE-2018-18785 | 1 Zzcms | 1 Zzcms | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php. | |||||
| CVE-2018-18786 | 1 Zzcms | 1 Zzcms | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie. | |||||
| CVE-2018-18788 | 1 Zzcms | 1 Zzcms | 2018-12-04 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in zzcms 8.3. SQL Injection exists in admin/classmanage.php via the tablename parameter. (This needs an admin user login.) | |||||
| CVE-2018-18784 | 1 Zzcms | 1 Zzcms | 2018-12-04 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in zzcms 8.3. SQL Injection exists in admin/tagmanage.php via the tabletag parameter. (This needs an admin user login.) | |||||
| CVE-2018-18787 | 1 Zzcms | 1 Zzcms | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie. | |||||
| CVE-2018-18789 | 1 Zzcms | 1 Zzcms | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php. | |||||
| CVE-2018-18790 | 1 Zzcms | 1 Zzcms | 2018-12-04 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in zzcms 8.3. SQL Injection exists in admin/special_add.php via a zxbigclassid cookie. (This needs an admin user login.) | |||||
| CVE-2018-18791 | 1 Zzcms | 1 Zzcms | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie. | |||||
| CVE-2018-18792 | 1 Zzcms | 1 Zzcms | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie. | |||||
| CVE-2018-18530 | 1 Thinkphp | 1 Thinkphp | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI. | |||||
| CVE-2018-18529 | 1 Thinkphp | 1 Thinkphp | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI. | |||||
| CVE-2018-17283 | 1 Zohocorp | 1 Manageengine Opmanager | 2018-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Injection attack via the /api/json/device/setManaged name parameter. | |||||