Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17243 | 1 Zohocorp | 1 Manageengine Opmanager | 2018-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows SQL Injection. | |||||
| CVE-2018-18427 | 1 S-cms | 1 S-cms | 2018-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| s-cms 3.0 allows SQL Injection via the member/post.php 0_id parameter or the POST data to member/member_login.php. | |||||
| CVE-2018-18486 | 1 Phpshe | 1 Phpshe | 2018-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PHPSHE 1.7. SQL injection exists via the admin.php?mod=user&act=del user_id[] parameter. | |||||
| CVE-2018-18488 | 1 Gxlcms | 1 Gxlcms | 2018-11-30 | 7.5 HIGH | 9.8 CRITICAL |
| In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL Injection exists via the ids[] parameter. | |||||
| CVE-2018-18211 | 1 Pbootcms | 1 Pbootcms | 2018-11-26 | 6.8 MEDIUM | 8.1 HIGH |
| PbootCMS 1.2.1 has SQL injection via the HTTP POST data to the api.php/cms/addform?fcode=1 URI. | |||||
| CVE-2018-18075 | 1 Wikidforum Project | 1 Wikidforum | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| WikidForum 2.20 has SQL Injection via the rpc.php parent_post_id or num_records parameter, or the index.php?action=search select_sort parameter. | |||||
| CVE-2018-17428 | 1 Nexusfi | 1 Opac Easyweb Five | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in OPAC EasyWeb Five 5.7. There is SQL injection via the w2001/index.php?scelta=campi biblio parameter. | |||||
| CVE-2018-17562 | 1 Multitech | 1 Faxfinder | 2018-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/call_details?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information through different injection points. | |||||
| CVE-2018-17852 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/coupon/admin/card.php via the groupname parameter to the /index.php?m=coupon&f=card&v=detail_listing URI. | |||||
| CVE-2018-17831 | 1 Redaxo | 1 Redaxo | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list were used. | |||||
| CVE-2018-17796 | 1 Mushroom Content Management System Project | 1 Mushroom Content Management System | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in MRCMS (aka mushroom) through 3.1.2. The WebParam.java file directly accepts the FIELD_T parameter in a request and uses it as a hash of SQL statements without filtering, resulting in a SQL injection vulnerability in getChannel() in the ChannelService.java file. | |||||
| CVE-2018-17575 | 1 Swa | 1 Swa.jacad | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the /academico/aluno/esqueci-minha-senha/ studentId parameter. | |||||
| CVE-2018-14956 | 1 Isweb | 1 Isweb | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An attacker can inject malicious queries into the application and obtain sensitive information. | |||||
| CVE-2018-7107 | 1 Hpe | 1 Device Entitlement Gateway | 2018-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A potential security vulnerability has been identified in HPE Device Entitlement Gateway (DEG) v3.2.4, v3.3 and v3.3.1. The vulnerability could be remotely exploited to allow local SQL injection and elevation of privilege. | |||||
| CVE-2018-18200 | 1 Redaxo | 1 Redaxo | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4. | |||||
| CVE-2018-18242 | 1 Youke365 | 1 Youke 365 | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| youke365 v1.1.5 has SQL injection via admin/login.html, as demonstrated by username=admin&pass=123456&code=9823&act=login&submit=%E7%99%BB+%E9%99%86. | |||||
| CVE-2018-17566 | 1 Thinkphp | 1 Thinkphp | 2018-11-20 | 7.5 HIGH | 9.8 CRITICAL |
| In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request. | |||||
| CVE-2018-17552 | 1 Naviwebs | 1 Navigate Cms | 2018-11-19 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie. | |||||
| CVE-2018-17379 | 1 Thephpfactory | 1 Raffle Factory | 2018-11-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Raffle Factory 3.5.2 component for Joomla! via the filter_order_Dir or filter_order parameter. | |||||
| CVE-2018-17380 | 1 Thephpfactory | 1 Article Factory Manager | 2018-11-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Article Factory Manager 4.3.9 component for Joomla! via the start_date, m_start_date, or m_end_date parameter. | |||||