Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1000558 | 1 Ocsinventory-ng | 1 Ocsinventory Ng | 2018-08-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database. This attack appear to be exploitable via By sending crafted requests it is possible to gain database access. This vulnerability appears to have been fixed in 2.4.1. | |||||
| CVE-2018-0606 | 1 Pixelpost | 1 Pixelpost | 2018-08-17 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in the Pixelpost v1.7.3 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2018-1000552 | 1 Trovebox | 1 Trovebox | 2018-08-17 | 6.5 MEDIUM | 8.8 HIGH |
| Trovebox version <= 4.0.0-rc6 contains a SQL Injection vulnerability in album component that can result in SQL code injection. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed. | |||||
| CVE-2018-10969 | 1 Genetechsolutions | 1 Pie Register | 2018-08-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid. | |||||
| CVE-2018-10997 | 1 Etere | 1 Etereweb | 2018-08-14 | 10.0 HIGH | 9.8 CRITICAL |
| Etere EtereWeb before 28.1.20 has a pre-authentication blind SQL injection in the POST parameters txUserName and txPassword. | |||||
| CVE-2015-4043 | 1 Connx | 1 Esp Hr Management | 2018-08-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in ConnX ESP HR Management 4.4.0 allows remote attackers to execute arbitrary SQL commands via the ctl00$cphMainContent$txtUserName parameter to frmLogin.aspx. | |||||
| CVE-2018-13448 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2018-08-10 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter. | |||||
| CVE-2018-12630 | 1 Nmark | 1 Nmcms | 2018-08-10 | 7.5 HIGH | 9.8 CRITICAL |
| NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the sect_id parameter to the /catalog URI. | |||||
| CVE-2018-12534 | 1 Quick Chat Project | 1 Quick Chat | 2018-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection issue was discovered in the Quick Chat plugin before 4.00 for WordPress. | |||||
| CVE-2017-16846 | 1 Zohocorp | 1 Manageengine Applications Manager | 2018-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter. | |||||
| CVE-2017-16851 | 1 Zohocorp | 1 Manageengine Applications Manager | 2018-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter. | |||||
| CVE-2017-16542 | 1 Zohocorp | 1 Manageengine Applications Manager | 2018-08-07 | 6.5 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request. | |||||
| CVE-2017-16847 | 1 Zohocorp | 1 Manageengine Applications Manager | 2018-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action. | |||||
| CVE-2017-16543 | 1 Zohocorp | 1 Manageengine Applications Manager | 2018-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter. | |||||
| CVE-2017-16849 | 1 Zohocorp | 1 Manageengine Applications Manager | 2018-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter. | |||||
| CVE-2018-12254 | 1 Harmistechnology | 1 Ek Rishta | 2018-08-02 | 6.5 MEDIUM | 8.8 HIGH |
| router.php in the Harmis Ek rishta (aka ek-rishta) 2.10 component for Joomla! allows SQL Injection via the PATH_INFO to a home/requested_user/Sent%20interest/ URI. | |||||
| CVE-2018-12039 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2018-07-27 | 7.5 HIGH | 9.8 CRITICAL |
| joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring. | |||||
| CVE-2018-12110 | 1 Portfoliocms Project | 1 Portfoliocms | 2018-07-27 | 6.5 MEDIUM | 7.2 HIGH |
| portfolioCMS 1.0.5 has SQL Injection via the admin/portfolio.php preview parameter. | |||||
| CVE-2018-12498 | 1 Icmsdev | 1 Icms | 2018-07-27 | 7.5 HIGH | 9.8 CRITICAL |
| spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php. | |||||
| CVE-2017-18291 | 1 Pvpgn | 1 Stats | 2018-07-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET user parameter. | |||||