Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17382 | 1 Thephpfactory | 1 Jobs Factory | 2018-11-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Jobs Factory 2.0.4 component for Joomla! via the filter_letter parameter. | |||||
| CVE-2018-17383 | 1 Thephpfactory | 1 Collection Factory | 2018-11-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Collection Factory 4.1.9 component for Joomla! via the filter_order or filter_order_Dir parameter. | |||||
| CVE-2018-17394 | 1 Osthemeclub | 1 Timetable Schedule | 2018-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Timetable Schedule 3.6.8 component for Joomla! via the eid parameter. | |||||
| CVE-2018-17391 | 1 Super Cms Blog Pro Project | 1 Super Cms Blog Pro | 2018-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via the author parameter. | |||||
| CVE-2018-17385 | 1 Thephpfactory | 1 Social Factory | 2018-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Social Factory 3.8.3 component for Joomla! via the radius[lat], radius[lng], or radius[radius] parameter. | |||||
| CVE-2018-17397 | 1 Multiplanet | 1 Alphaindex Dictionaries | 2018-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the AlphaIndex Dictionaries 1.0 component for Joomla! via the letter parameter. | |||||
| CVE-2018-17377 | 1 Extensiondeveloper | 1 Questions | 2018-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Questions 1.4.3 component for Joomla! via the term, userid, users, or groups parameter. | |||||
| CVE-2018-17376 | 1 Thephpfactory | 1 Reverse Auction Factory | 2018-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Reverse Auction Factory 4.3.8 component for Joomla! via the filter_order_Dir, cat, or filter_letter parameter. | |||||
| CVE-2018-17384 | 1 Thephpfactory | 1 Swap Factory | 2018-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Swap Factory 2.2.1 component for Joomla! via the filter_order_Dir or filter_order parameter. | |||||
| CVE-2018-17378 | 1 Thephpfactory | 1 Penny Auction Factory | 2018-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Penny Auction Factory 2.0.4 component for Joomla! via the filter_order_Dir or filter_order parameter. | |||||
| CVE-2018-17375 | 1 Joomlathat | 1 Music Collection | 2018-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Music Collection 3.0.3 component for Joomla! via the id parameter. | |||||
| CVE-2015-8298 | 1 Rxtec | 1 Rxadmin | 2018-11-13 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in the login page in RXTEC RXAdmin UPDATE 06 / 2012 allow remote attackers to execute arbitrary SQL commands via the (1) loginpassword, (2) loginusername, (3) zusatzlicher, or (4) groupid parameter to index.htm, or the (5) rxtec cookie to index.htm. | |||||
| CVE-2018-15904 | 1 A10networks | 1 Acos Web Application Firewall | 2018-11-09 | 7.5 HIGH | 9.8 CRITICAL |
| A10 ACOS Web Application Firewall (WAF) 2.7.1 and 2.7.2 before 2.7.2-P12, 4.1.0 before 4.1.0-P11, 4.1.1 before 4.1.1-P8, and 4.1.2 before 4.1.2-P4 mishandles the configured rules for blocking SQL injection attacks, aka A10-2017-0008. | |||||
| CVE-2018-14592 | 1 Cwjoomla | 2 Cw Article Attachments Free, Cw Article Attachments Pro | 2018-11-09 | 7.5 HIGH | 9.8 CRITICAL |
| The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php. | |||||
| CVE-2018-17129 | 1 Metinfo | 1 Metinfo | 2018-11-09 | 4.0 MEDIUM | 4.9 MEDIUM |
| MetInfo 6.1.0 has SQL injection in doexport() in app/system/feedback/admin/feedback_admin.class.php via the class1 field. | |||||
| CVE-2018-17110 | 1 Tecdiary | 1 Simple Pos | 2018-11-09 | 7.5 HIGH | 9.8 CRITICAL |
| Simple POS 4.0.24 allows SQL Injection via a products/get_products/ columns[0][search][value] parameter in the management panel, as demonstrated by products/get_products/1. | |||||
| CVE-2008-6124 | 2 Debian, Moodle | 2 Debian Linux, Moodle | 2018-11-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt. | |||||
| CVE-2018-16822 | 1 Seacms | 1 Seacms | 2018-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter. | |||||
| CVE-2018-17035 | 1 Ucms Project | 1 Ucms | 2018-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter. | |||||
| CVE-2018-16436 | 1 Gxlcms | 1 Gxlcms | 2018-11-05 | 6.5 MEDIUM | 7.2 HIGH |
| Gxlcms 2.0 before bug fix 20180915 has SQL Injection exploitable by an administrator. | |||||