Search
Total
2383 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18527 | 1 Owndms | 1 Ownticket | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or editTicketStatusId parameter. | |||||
| CVE-2018-17446 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | |||||
| CVE-2018-18785 | 1 Zzcms | 1 Zzcms | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php. | |||||
| CVE-2018-18786 | 1 Zzcms | 1 Zzcms | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie. | |||||
| CVE-2018-18787 | 1 Zzcms | 1 Zzcms | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie. | |||||
| CVE-2018-18789 | 1 Zzcms | 1 Zzcms | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php. | |||||
| CVE-2018-18791 | 1 Zzcms | 1 Zzcms | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie. | |||||
| CVE-2018-18792 | 1 Zzcms | 1 Zzcms | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie. | |||||
| CVE-2018-18530 | 1 Thinkphp | 1 Thinkphp | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI. | |||||
| CVE-2018-18529 | 1 Thinkphp | 1 Thinkphp | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI. | |||||
| CVE-2018-18427 | 1 S-cms | 1 S-cms | 2018-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| s-cms 3.0 allows SQL Injection via the member/post.php 0_id parameter or the POST data to member/member_login.php. | |||||
| CVE-2018-18486 | 1 Phpshe | 1 Phpshe | 2018-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PHPSHE 1.7. SQL injection exists via the admin.php?mod=user&act=del user_id[] parameter. | |||||
| CVE-2018-18488 | 1 Gxlcms | 1 Gxlcms | 2018-11-30 | 7.5 HIGH | 9.8 CRITICAL |
| In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL Injection exists via the ids[] parameter. | |||||
| CVE-2018-18075 | 1 Wikidforum Project | 1 Wikidforum | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| WikidForum 2.20 has SQL Injection via the rpc.php parent_post_id or num_records parameter, or the index.php?action=search select_sort parameter. | |||||
| CVE-2018-17428 | 1 Nexusfi | 1 Opac Easyweb Five | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in OPAC EasyWeb Five 5.7. There is SQL injection via the w2001/index.php?scelta=campi biblio parameter. | |||||
| CVE-2018-17852 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/coupon/admin/card.php via the groupname parameter to the /index.php?m=coupon&f=card&v=detail_listing URI. | |||||
| CVE-2018-17831 | 1 Redaxo | 1 Redaxo | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list were used. | |||||
| CVE-2018-17796 | 1 Mushroom Content Management System Project | 1 Mushroom Content Management System | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in MRCMS (aka mushroom) through 3.1.2. The WebParam.java file directly accepts the FIELD_T parameter in a request and uses it as a hash of SQL statements without filtering, resulting in a SQL injection vulnerability in getChannel() in the ChannelService.java file. | |||||
| CVE-2018-17575 | 1 Swa | 1 Swa.jacad | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the /academico/aluno/esqueci-minha-senha/ studentId parameter. | |||||
| CVE-2018-14956 | 1 Isweb | 1 Isweb | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An attacker can inject malicious queries into the application and obtain sensitive information. | |||||
| CVE-2018-18200 | 1 Redaxo | 1 Redaxo | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4. | |||||
| CVE-2018-18242 | 1 Youke365 | 1 Youke 365 | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| youke365 v1.1.5 has SQL injection via admin/login.html, as demonstrated by username=admin&pass=123456&code=9823&act=login&submit=%E7%99%BB+%E9%99%86. | |||||
| CVE-2018-17566 | 1 Thinkphp | 1 Thinkphp | 2018-11-20 | 7.5 HIGH | 9.8 CRITICAL |
| In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request. | |||||
| CVE-2018-17552 | 1 Naviwebs | 1 Navigate Cms | 2018-11-19 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie. | |||||
| CVE-2018-17379 | 1 Thephpfactory | 1 Raffle Factory | 2018-11-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Raffle Factory 3.5.2 component for Joomla! via the filter_order_Dir or filter_order parameter. | |||||
| CVE-2018-17380 | 1 Thephpfactory | 1 Article Factory Manager | 2018-11-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Article Factory Manager 4.3.9 component for Joomla! via the start_date, m_start_date, or m_end_date parameter. | |||||
| CVE-2018-17382 | 1 Thephpfactory | 1 Jobs Factory | 2018-11-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Jobs Factory 2.0.4 component for Joomla! via the filter_letter parameter. | |||||
| CVE-2018-17383 | 1 Thephpfactory | 1 Collection Factory | 2018-11-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Collection Factory 4.1.9 component for Joomla! via the filter_order or filter_order_Dir parameter. | |||||
| CVE-2018-17394 | 1 Osthemeclub | 1 Timetable Schedule | 2018-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Timetable Schedule 3.6.8 component for Joomla! via the eid parameter. | |||||
| CVE-2018-17391 | 1 Super Cms Blog Pro Project | 1 Super Cms Blog Pro | 2018-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via the author parameter. | |||||
| CVE-2018-17385 | 1 Thephpfactory | 1 Social Factory | 2018-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Social Factory 3.8.3 component for Joomla! via the radius[lat], radius[lng], or radius[radius] parameter. | |||||
| CVE-2018-17397 | 1 Multiplanet | 1 Alphaindex Dictionaries | 2018-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the AlphaIndex Dictionaries 1.0 component for Joomla! via the letter parameter. | |||||
| CVE-2018-17377 | 1 Extensiondeveloper | 1 Questions | 2018-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Questions 1.4.3 component for Joomla! via the term, userid, users, or groups parameter. | |||||
| CVE-2018-17376 | 1 Thephpfactory | 1 Reverse Auction Factory | 2018-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Reverse Auction Factory 4.3.8 component for Joomla! via the filter_order_Dir, cat, or filter_letter parameter. | |||||
| CVE-2018-17384 | 1 Thephpfactory | 1 Swap Factory | 2018-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Swap Factory 2.2.1 component for Joomla! via the filter_order_Dir or filter_order parameter. | |||||
| CVE-2018-17378 | 1 Thephpfactory | 1 Penny Auction Factory | 2018-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Penny Auction Factory 2.0.4 component for Joomla! via the filter_order_Dir or filter_order parameter. | |||||
| CVE-2018-17375 | 1 Joomlathat | 1 Music Collection | 2018-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Music Collection 3.0.3 component for Joomla! via the id parameter. | |||||
| CVE-2015-8298 | 1 Rxtec | 1 Rxadmin | 2018-11-13 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in the login page in RXTEC RXAdmin UPDATE 06 / 2012 allow remote attackers to execute arbitrary SQL commands via the (1) loginpassword, (2) loginusername, (3) zusatzlicher, or (4) groupid parameter to index.htm, or the (5) rxtec cookie to index.htm. | |||||
| CVE-2018-15904 | 1 A10networks | 1 Acos Web Application Firewall | 2018-11-09 | 7.5 HIGH | 9.8 CRITICAL |
| A10 ACOS Web Application Firewall (WAF) 2.7.1 and 2.7.2 before 2.7.2-P12, 4.1.0 before 4.1.0-P11, 4.1.1 before 4.1.1-P8, and 4.1.2 before 4.1.2-P4 mishandles the configured rules for blocking SQL injection attacks, aka A10-2017-0008. | |||||
| CVE-2018-14592 | 1 Cwjoomla | 2 Cw Article Attachments Free, Cw Article Attachments Pro | 2018-11-09 | 7.5 HIGH | 9.8 CRITICAL |
| The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php. | |||||
| CVE-2018-17243 | 1 Zohocorp | 1 Manageengine Opmanager | 2018-11-09 | 7.5 HIGH | 9.8 CRITICAL |
| Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows SQL Injection. | |||||
| CVE-2018-17110 | 1 Tecdiary | 1 Simple Pos | 2018-11-09 | 7.5 HIGH | 9.8 CRITICAL |
| Simple POS 4.0.24 allows SQL Injection via a products/get_products/ columns[0][search][value] parameter in the management panel, as demonstrated by products/get_products/1. | |||||
| CVE-2018-16822 | 1 Seacms | 1 Seacms | 2018-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter. | |||||
| CVE-2018-17035 | 1 Ucms Project | 1 Ucms | 2018-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter. | |||||
| CVE-2018-17136 | 1 Zzcms | 1 Zzcms | 2018-11-01 | 7.5 HIGH | 9.8 CRITICAL |
| zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php via a Client-Ip HTTP header. | |||||
| CVE-2018-16385 | 1 Thinkphp | 1 Thinkphp | 2018-10-31 | 7.5 HIGH | 9.8 CRITICAL |
| ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string. | |||||
| CVE-2016-5703 | 2 Opensuse, Phpmyadmin | 3 Leap, Opensuse, Phpmyadmin | 2018-10-30 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query. | |||||
| CVE-2018-16762 | 1 Thedaylightstudio | 1 Fuel Cms | 2018-10-29 | 7.5 HIGH | 9.8 CRITICAL |
| FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or search_term parameter to pages/items. | |||||
| CVE-2018-16724 | 1 Baijiacms Project | 1 Baijiacms | 2018-10-26 | 7.5 HIGH | 9.8 CRITICAL |
| An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request. | |||||
| CVE-2018-16353 | 1 Fhcrm Project | 1 Fhcrm | 2018-10-25 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the /index.php/Customer/read limit parameter. | |||||