Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6883 | 1 Piwigo | 1 Piwigo | 2018-03-17 | 4.0 MEDIUM | 4.9 MEDIUM |
| Piwigo before 2.9.3 has SQL injection in admin/tags.php in the administration panel, via the tags array parameter in an admin.php?page=tags request. The attacker must be an administrator. | |||||
| CVE-2018-7463 | 1 Asanhamayesh | 1 Asanhamayesh Cms | 2018-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in files.php in the "files" component in ASANHAMAYESH CMS 3.4.6 allows a remote attacker to execute arbitrary SQL commands via the "id" parameter. | |||||
| CVE-2017-9426 | 1 Facetag Project | 1 Facetag | 2018-03-16 | 7.5 HIGH | 9.8 CRITICAL |
| ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection via the imageId parameter in a facetag.changeTag or facetag.listTags action. | |||||
| CVE-2015-5725 | 1 Codeigniter | 1 Codeigniter | 2018-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the offset method in the Active Record class in CodeIgniter before 2.2.4 allows remote attackers to execute arbitrary SQL commands via vectors involving the offset variable. | |||||
| CVE-2018-6859 | 1 Schools Alert Management Script Project | 1 Schools Alert Management Script | 2018-03-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in PHP Scripts Mall Schools Alert Management Script 2.0.2 via the Login Parameter. | |||||
| CVE-2014-4977 | 1 Sonicwall | 1 Scrutinizer | 2018-03-12 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php. | |||||
| CVE-2012-3951 | 1 Sonicwall | 1 Scrutinizer | 2018-03-12 | 7.5 HIGH | N/A |
| The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session. | |||||
| CVE-2012-2962 | 1 Sonicwall | 1 Scrutinizer | 2018-03-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter. | |||||
| CVE-2018-5983 | 1 Jquickcontact Project | 1 Jquickcontact | 2018-03-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JquickContact 1.3.2.2.1 component for Joomla! via a task=refresh&sid= request. | |||||
| CVE-2018-5987 | 1 Social Pinboard Project | 1 Social Pinboard | 2018-03-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 component for Joomla! via the pin_id or user_id parameter in a task=getlikeinfo action, the ends parameter in a view=gift action, the category parameter in a view=home action, the uid parameter in a view=pindisplay action, the searchVal parameter in a view=search action, or the uid parameter in a view=likes action. | |||||
| CVE-2018-1414 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2018-03-09 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 138820. | |||||
| CVE-2017-18194 | 1 Hamayeshnegar | 1 Hamayeshnegar Cms | 2018-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in users/signup.php in the "signup" component in HamayeshNegar CMS allows a remote attacker to execute arbitrary SQL commands via the "utype" parameter. | |||||
| CVE-2017-5814 | 1 Hp | 1 Network Automation | 2018-03-07 | 10.0 HIGH | 9.8 CRITICAL |
| A remote sql injection authentication bypass in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | |||||
| CVE-2017-5812 | 1 Hp | 1 Network Automation | 2018-03-07 | 5.0 MEDIUM | 7.5 HIGH |
| A remote sql information disclosure vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | |||||
| CVE-2017-5810 | 1 Hp | 1 Network Automation | 2018-03-07 | 7.5 HIGH | 9.8 CRITICAL |
| A remote sql injection vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | |||||
| CVE-2018-6928 | 1 News Website Script Project | 1 News Website Script | 2018-03-07 | 7.5 HIGH | 9.8 CRITICAL |
| PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a search term. | |||||
| CVE-2018-6893 | 1 Finecms | 1 Finecms | 2018-03-06 | 7.5 HIGH | 9.8 CRITICAL |
| controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering. | |||||
| CVE-2018-7314 | 1 Mlwebtechnologies | 1 Prayercenter | 2018-03-06 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429. | |||||
| CVE-2018-5994 | 1 Joomsky | 1 Js Jobs | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request. | |||||
| CVE-2018-6006 | 1 Joomsky | 1 Js Autoz | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via the vtype, pre, or prs parameter. | |||||