Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16410 | 1 Vanillaforums | 1 Vanilla | 2018-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php. | |||||
| CVE-2018-16353 | 1 Fhcrm Project | 1 Fhcrm | 2018-10-25 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the /index.php/Customer/read limit parameter. | |||||
| CVE-2018-16354 | 1 Fhcrm Project | 1 Fhcrm | 2018-10-25 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the index.php/User/read limit parameter. | |||||
| CVE-2018-16445 | 1 Seacms | 1 Seacms | 2018-10-25 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in SeaCMS through 6.61. SQL injection exists via the tid parameter in an adm1n/admin_topic_vod.php request. | |||||
| CVE-2018-16278 | 1 Phpkaiyuancms | 1 Phpopensourcecms | 2018-10-23 | 7.5 HIGH | 9.8 CRITICAL |
| phpkaiyuancms PhpOpenSourceCMS (POSCMS) V3.2.0 allows an unauthenticated user to execute arbitrary SQL commands via the diy/module/member/controllers/Api.php ajax_save_draft function with the dir parameter. | |||||
| CVE-2018-15893 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2018-10-23 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection was discovered in /coreframe/app/admin/copyfrom.php in WUZHI CMS 4.1.0 via the index.php?m=core&f=copyfrom&v=listing keywords parameter. | |||||
| CVE-2018-15894 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2018-10-23 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection was discovered in /coreframe/app/admin/pay/admin/index.php in WUZHI CMS 4.1.0 via the index.php?m=pay&f=index&v=listing keyValue parameter. | |||||
| CVE-2018-16159 | 1 Codemenschen | 1 Gift Vouchers | 2018-10-19 | 7.5 HIGH | 9.8 CRITICAL |
| The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request. | |||||
| CVE-2007-1034 | 1 Php-nuke | 1 Emporium Module | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the category file in modules.php in the Emporium 2.3.0 and earlier module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | |||||
| CVE-2006-0750 | 1 Supersmashbrothers | 1 Army System | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in army.php in supersmashbrothers (SSB) Army System 2.1.0 for Invision Power Board (IPB) allows remote attackers to execute arbitrary SQL commands via the userstat parameter in an army action to index.php. | |||||
| CVE-2006-0510 | 1 Daffodil Software | 1 Daffodil Crm | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in userlogin.jsp in Daffodil CRM 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified parameters in a login action. | |||||
| CVE-2006-0602 | 1 Hinton Design | 1 Phphg Guestbook | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Hinton Design phphg Guestbook 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to check.php or the id parameter to (2) admin/edit_smilie.php, (3) admin/add_theme.php, (4) admin/ban_ip.php, (5) admin/add_lang.php, or (6) admin/edit_filter.php. | |||||
| CVE-2006-0692 | 1 Carey Briggs | 1 Php Mysql Timesheet | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Carey Briggs PHP/MYSQL Timesheet 1 and 2 allow remote attackers to execute arbitrary SQL commands via the (1) yr, (2) month, (3) day, and (4) job parameters in (a) index.php and (b) changehrs.php. | |||||
| CVE-2006-0403 | 1 E-moblog | 1 E-moblog | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in e-moBLOG 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) monthy parameter to index.php or (2) login parameter to admin/index.php. NOTE: some sources have reported item 1 as involving the "monthly" parameter, but this is incorrect. | |||||
| CVE-2006-0318 | 1 Insane Visions | 1 Blogphp | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in BlogPHP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action. | |||||
| CVE-2006-0413 | 1 Newsphp | 1 Newsphp | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in NewsPHP allow remote attackers to execute arbitrary SQL commands via the (1) discuss, (2) tim, (3) id, (4) last, and (5) limit parameter. | |||||
| CVE-2006-0205 | 1 Wordcircle | 1 Wordcircle | 2018-10-19 | 5.1 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote attackers to (1) execute arbitrary SQL commands and bypass authentication via the password field in the login action to index.php (involving v_login.php and s_user.php) and (2) have other unknown impact via certain other fields in unspecified scripts. | |||||
| CVE-2006-0199 | 1 Mini-nuke | 1 Cms System | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter. | |||||
| CVE-2006-0192 | 1 Philip Loftin | 1 Aspsurvey | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 allows remote attackers to execute arbitrary SQL commands via the Password parameter to login.asp. | |||||
| CVE-2006-0123 | 1 Adn Forum | 1 Adn Forum | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter in index.php and (2) pagid parameter in verpag.php, and possibly other vectors. | |||||