Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6308 | 1 Sugarcrm | 1 Sugarcrm | 2018-02-12 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and below via the track parameter to modules\Campaigns\Tracker.php and modules\Campaigns\utils.php, the default_currency_name parameter to modules\Configurator\controller.php and modules\Currencies\Currency.php, the duplicate parameter to modules\Contacts\ShowDuplicates.php, the mergecur parameter to modules\Currencies\index.php and modules\Opportunities\Opportunity.php, and the load_signed_id parameter to modules\Documents\Document.php. | |||||
| CVE-2017-17999 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2018-02-09 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in RISE Ultimate Project Manager 1.9 allows remote attackers to execute arbitrary SQL commands via the search parameter to index.php/knowledge_base/get_article_suggestion/. | |||||
| CVE-2018-5973 | 1 Eihitech | 1 Professional Local Directory Script | 2018-02-09 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Professional Local Directory Script 1.0 via the sellers_subcategories.php IndustryID parameter, or the suppliers.php IndustryID or CategoryID parameter. | |||||
| CVE-2018-5972 | 1 Quickad Project | 1 Quickad | 2018-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Classified Ads CMS Quickad 4.0 via the keywords, placeid, cat, or subcat parameter to the listing URI. | |||||
| CVE-2018-5988 | 1 Flexible Poll Project | 1 Flexible Poll | 2018-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Flexible Poll 1.2 via the id parameter to mobile_preview.php or index.php. | |||||
| CVE-2018-5985 | 1 Livecrm | 1 Livecrm Saas Cloud | 2018-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component for Joomla! via an r=site/login&company_id= request. | |||||
| CVE-2018-5984 | 1 Tumder Project | 1 Tumder | 2018-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Tumder (An Arcade Games Platform) 2.1 component for Joomla! via the PATH_INFO to the category/ URI. | |||||
| CVE-2018-5979 | 1 Wchat Project | 1 Wchat | 2018-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat Script 1.5 via the login.php User field. | |||||
| CVE-2018-5978 | 1 Zechat Project | 1 Zechat | 2018-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via the login.php User field. | |||||
| CVE-2018-5977 | 1 Getaffiligator | 1 Affiligator | 2018-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Affiligator Affiliate Webshop Management System 2.1.0 via a search/?q=&price_type=range&price= request. | |||||
| CVE-2017-16510 | 1 Wordpress | 1 Wordpress | 2018-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723. | |||||
| CVE-2017-16716 | 1 Advantech | 1 Webaccess | 2018-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands. | |||||
| CVE-2017-7997 | 1 Gespage | 1 Gespage | 2018-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow remote attackers to execute arbitrary SQL commands via the (1) show_prn parameter to webapp/users/prnow.jsp or show_month parameter to (2) webapp/users/blhistory.jsp or (3) webapp/users/prhistory.jsp. | |||||
| CVE-2017-5971 | 1 Newsbee Project | 1 Newsbee | 2018-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in NewsBee CMS allow remote attackers to execute arbitrary SQL commands. | |||||
| CVE-2018-5695 | 1 Wpjobboard | 1 Wpjobboard | 2018-02-01 | 6.5 MEDIUM | 7.2 HIGH |
| The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection via the order or sort parameter to the wpjb-job or wpjb-alerts module, with a request to wp-admin/admin.php. | |||||
| CVE-2018-5697 | 1 Icyphoenix | 1 Icyphoenix | 2018-02-01 | 6.5 MEDIUM | 7.2 HIGH |
| Icy Phoenix 2.2.0.105 allows SQL injection via an unapprove request to admin_kb_art.php or the order parameter to admin_jr_admin.php, related to functions_kb.php. | |||||
| CVE-2017-17970 | 1 Muvikoscript | 1 Muviko | 2018-01-31 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to login.php; the (2) season_id parameter to themes/flixer/ajax/load_season.php; the (3) movie_id parameter to themes/flixer/ajax/get_rating.php; the (4) rating or (5) movie_id parameter to themes/flixer/ajax/update_rating.php; or the (6) id parameter to themes/flixer/ajax/set_player_source.php. | |||||
| CVE-2017-1670 | 1 Ibm | 1 Security Key Lifecycle Manager | 2018-01-31 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 133637. | |||||
| CVE-2018-5211 | 1 Phpsugar | 1 Php Melody | 2018-01-31 | 7.5 HIGH | 9.8 CRITICAL |
| PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack on the page ajax.php with the parameter playlist. | |||||
| CVE-2018-5315 | 1 Wp Events Calendar Project | 1 Wp Events Calendar | 2018-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter to event.php. | |||||