Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18290 | 1 Pvpgn | 1 Stats | 2018-07-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET sort_direction parameter. | |||||
| CVE-2017-18289 | 1 Pvpgn | 1 Stats | 2018-07-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exist in ladder/stats.php via the GET type parameter. | |||||
| CVE-2017-18288 | 1 Pvpgn | 1 Stats | 2018-07-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET game parameter. | |||||
| CVE-2017-18287 | 1 Pvpgn | 1 Stats | 2018-07-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the POST user_search parameter. | |||||
| CVE-2018-11722 | 1 Wuzhicms | 1 Wuzhicms | 2018-07-23 | 7.5 HIGH | 9.8 CRITICAL |
| WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard coded. | |||||
| CVE-2018-12052 | 1 Schools Alert Management Script Project | 1 Schools Alert Management Script | 2018-07-17 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php. | |||||
| CVE-2018-12055 | 1 Schools Alert Management Script Project | 1 Schools Alert Management Script | 2018-07-17 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, and so on. | |||||
| CVE-2018-10466 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2018-07-13 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind SQL Injection. | |||||
| CVE-2016-6619 | 1 Phpmyadmin | 1 Phpmyadmin | 2018-07-08 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in phpMyAdmin. In the user interface preference feature, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
| CVE-2016-6616 | 1 Phpmyadmin | 1 Phpmyadmin | 2018-07-08 | 6.8 MEDIUM | 7.5 HIGH |
| An issue was discovered in phpMyAdmin. In the "User group" and "Designer" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected. | |||||
| CVE-2018-11140 | 1 Quest | 1 Kace System Management Appliance | 2018-07-02 | 7.5 HIGH | 9.8 CRITICAL |
| The 'reportID' parameter received by the '/common/run_report.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, an error-based type). | |||||
| CVE-2018-10094 | 1 Dolibarr | 1 Dolibarr | 2018-07-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes. | |||||
| CVE-2018-11136 | 1 Quest | 1 Kace System Management Appliance | 2018-06-29 | 7.5 HIGH | 9.8 CRITICAL |
| The 'orgID' parameter received by the '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, a blind time-based type). | |||||
| CVE-2018-11535 | 1 Sitemakin | 1 Slac | 2018-06-29 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in SITEMAKIN SLAC (Site Login and Access Control) v1.0. The parameter "my_item_search" in users.php is exploitable using SQL injection. | |||||
| CVE-2018-11309 | 1 Membermouse | 1 Membermouse | 2018-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| Blind SQL injection in coupon_code in the MemberMouse plugin 2.2.8 and prior for WordPress allows an unauthenticated attacker to dump the WordPress MySQL database via an applyCoupon action in an admin-ajax.php request. | |||||
| CVE-2018-11515 | 1 Gvectors | 1 Wpforo | 2018-06-28 | 5.0 MEDIUM | 9.8 CRITICAL |
| The wpForo plugin through 2018-02-05 for WordPress has SQL Injection via a search with the /forum/ wpfo parameter. | |||||
| CVE-2018-11444 | 1 Easyservice Billing Project | 1 Easyservice Billing | 2018-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection issue was observed in the parameter "q" in jobcard-ongoing.php in EasyService Billing 1.0. | |||||
| CVE-2018-11470 | 1 Iscripts | 1 Eswap | 2018-06-27 | 6.5 MEDIUM | 8.8 HIGH |
| iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel. | |||||
| CVE-2018-11231 | 1 Divido | 1 Divido | 2018-06-26 | 6.8 MEDIUM | 8.1 HIGH |
| In the Divido plugin for OpenCart, there is SQL injection. Attackers can use SQL injection to get some confidential information. | |||||
| CVE-2018-11373 | 1 Iscripts | 1 Eswap | 2018-06-25 | 7.5 HIGH | 9.8 CRITICAL |
| iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter. | |||||