Search
Total
2383 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1000474 | 1 Vehicle Sales Management System Project | 1 Vehicle Sales Management System | 2018-03-23 | 7.5 HIGH | 9.8 CRITICAL |
| Soyket Chowdhury Vehicle Sales Management System version 2017-07-30 is vulnerable to multiple SQL Injecting in login/vehicle.php, login/profile.php, login/Actions.php, login/manage_employee.php, and login/sell.php scripts resulting in the expose of user's login credentials, SQL Injection and Stored XSS vulnerability, which leads to remote code executing. | |||||
| CVE-2018-7477 | 1 School Management Script Project | 1 School Management Script | 2018-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in PHP Scripts Mall School Management Script 3.0.4 via the Username and Password fields to parents/Parent_module/parent_login.php. | |||||
| CVE-2018-7463 | 1 Asanhamayesh | 1 Asanhamayesh Cms | 2018-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in files.php in the "files" component in ASANHAMAYESH CMS 3.4.6 allows a remote attacker to execute arbitrary SQL commands via the "id" parameter. | |||||
| CVE-2017-9426 | 1 Facetag Project | 1 Facetag | 2018-03-16 | 7.5 HIGH | 9.8 CRITICAL |
| ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection via the imageId parameter in a facetag.changeTag or facetag.listTags action. | |||||
| CVE-2015-5725 | 1 Codeigniter | 1 Codeigniter | 2018-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the offset method in the Active Record class in CodeIgniter before 2.2.4 allows remote attackers to execute arbitrary SQL commands via vectors involving the offset variable. | |||||
| CVE-2018-6859 | 1 Schools Alert Management Script Project | 1 Schools Alert Management Script | 2018-03-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in PHP Scripts Mall Schools Alert Management Script 2.0.2 via the Login Parameter. | |||||
| CVE-2018-5983 | 1 Jquickcontact Project | 1 Jquickcontact | 2018-03-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JquickContact 1.3.2.2.1 component for Joomla! via a task=refresh&sid= request. | |||||
| CVE-2018-5987 | 1 Social Pinboard Project | 1 Social Pinboard | 2018-03-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 component for Joomla! via the pin_id or user_id parameter in a task=getlikeinfo action, the ends parameter in a view=gift action, the category parameter in a view=home action, the uid parameter in a view=pindisplay action, the searchVal parameter in a view=search action, or the uid parameter in a view=likes action. | |||||
| CVE-2017-18194 | 1 Hamayeshnegar | 1 Hamayeshnegar Cms | 2018-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in users/signup.php in the "signup" component in HamayeshNegar CMS allows a remote attacker to execute arbitrary SQL commands via the "utype" parameter. | |||||
| CVE-2017-5814 | 1 Hp | 1 Network Automation | 2018-03-07 | 10.0 HIGH | 9.8 CRITICAL |
| A remote sql injection authentication bypass in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | |||||
| CVE-2017-5810 | 1 Hp | 1 Network Automation | 2018-03-07 | 7.5 HIGH | 9.8 CRITICAL |
| A remote sql injection vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | |||||
| CVE-2018-6928 | 1 News Website Script Project | 1 News Website Script | 2018-03-07 | 7.5 HIGH | 9.8 CRITICAL |
| PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a search term. | |||||
| CVE-2018-6893 | 1 Finecms | 1 Finecms | 2018-03-06 | 7.5 HIGH | 9.8 CRITICAL |
| controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering. | |||||
| CVE-2018-7314 | 1 Mlwebtechnologies | 1 Prayercenter | 2018-03-06 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429. | |||||
| CVE-2018-5994 | 1 Joomsky | 1 Js Jobs | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request. | |||||
| CVE-2018-5991 | 1 Web-dorado | 1 Form Maker | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request, a different vulnerability than CVE-2015-2798. | |||||
| CVE-2018-6006 | 1 Joomsky | 1 Js Autoz | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via the vtype, pre, or prs parameter. | |||||
| CVE-2018-6368 | 1 Comdev | 1 Jomestate Pro | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JomEstate PRO through 3.7 component for Joomla! via the id parameter in a task=detailed action. | |||||
| CVE-2018-6370 | 1 Neojoomla | 1 Neorecruit | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via the (1) PATH_INFO or (2) name of a .html file under the all-offers/ URI. | |||||
| CVE-2018-6372 | 1 Joombooking | 1 Jb Bus | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JB Bus 2.3 component for Joomla! via the order_number parameter. | |||||
| CVE-2018-6396 | 1 Google Map Landkarten Project | 1 Google Map Landkarten | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map parameter in a layout=default action. | |||||
| CVE-2018-6583 | 1 Quanticalabs | 1 Timetable Responsive Schedule | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Timetable Responsive Schedule 1.5 component for Joomla! via a view=event&alias= request. | |||||
| CVE-2018-6585 | 1 Techjoomla | 1 Jticketing | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JTicketing 2.0.16 component for Joomla! via a view=events action with a filter_creator or filter_events_cat parameter. | |||||
| CVE-2018-7313 | 1 Cwjoomla | 1 Cw Tags | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the searchtext array parameter. | |||||
| CVE-2018-6584 | 1 Dthdevelopment | 1 Dt Register | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the DT Register 3.2.7 component for Joomla! via a task=edit&id= request. | |||||
| CVE-2018-5971 | 1 Ordasoft | 1 Medialibrary | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or the mid array parameter. | |||||
| CVE-2018-5974 | 1 Albonico | 1 Simplecalendar | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter. | |||||
| CVE-2018-5975 | 1 Thekrotek | 1 Smart Shoutbox | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Smart Shoutbox 3.0.0 component for Joomla! via the shoutauthor parameter to the archive URI. | |||||
| CVE-2018-5970 | 1 Techjoomla | 1 Jgive | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter. | |||||
| CVE-2018-5980 | 1 Solidres | 1 Solidres | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hub.search action. | |||||
| CVE-2018-5992 | 1 Staff Master Project | 1 Staff Master | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Staff Master through 1.0 RC 1 component for Joomla! via the name parameter in a view=staff request. | |||||
| CVE-2018-5990 | 1 Allvideos Reloaded Project | 1 Allvideos Reloaded | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the AllVideos Reloaded 1.2.x component for Joomla! via the divid parameter. | |||||
| CVE-2018-6004 | 1 Techsolsystem | 1 File Download Tracker | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter. | |||||
| CVE-2018-6005 | 1 Realpin Project | 1 Realpin | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Realpin through 1.5.04 component for Joomla! via the pinboard parameter. | |||||
| CVE-2018-6394 | 1 Techjoomla | 1 Invitex | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the InviteX 3.0.5 component for Joomla! via the invite_type parameter in a view=invites action. | |||||
| CVE-2018-7177 | 1 Saxum2003 | 1 Numerology | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Saxum Numerology 3.0.4 component for Joomla! via the publicid parameter. | |||||
| CVE-2018-7178 | 1 Saxum2003 | 1 Saxum Picker | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter. | |||||
| CVE-2018-7179 | 1 Squadmanagement Project | 1 Squadmanagement | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the SquadManagement 1.0.3 component for Joomla! via the id parameter. | |||||
| CVE-2018-6024 | 1 Thethinkery | 1 Project Log | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter. | |||||
| CVE-2018-7312 | 1 Alexandriabooklibrary | 1 Alexandria Book Library | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Alexandria Book Library 3.1.2 component for Joomla! via the letter parameter. | |||||
| CVE-2018-7319 | 1 Os Property Real Estate Project | 1 Os Property Real Estate | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the OS Property Real Estate 3.12.7 component for Joomla! via the cooling_system1, heating_system1, or laundry parameter. | |||||
| CVE-2018-5981 | 1 Web-dorado | 1 Gallery Wd | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via the tag_id parameter or gallery_id parameter. | |||||
| CVE-2018-7180 | 1 Saxum2003 | 1 Astro | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! via the publicid parameter. | |||||
| CVE-2018-5982 | 1 Ordasoft | 1 Advertisement Board | 2018-03-01 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Advertisement Board 3.1.0 component for Joomla! via a task=show_rss_categories&catname= request. | |||||
| CVE-2018-5993 | 1 Aist Project | 1 Aist | 2018-03-01 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Aist through 2.0 component for Joomla! via the id parameter in a view=showvacancy request. | |||||
| CVE-2018-6609 | 1 Jsp Tickets Project | 1 Jsp Tickets | 2018-03-01 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JSP Tickets 1.1 component for Joomla! via the ticketcode parameter in a ticketlist edit action, or the id parameter in a statuslist (or prioritylist) edit action. | |||||
| CVE-2018-1000044 | 1 Securityonion | 1 Squert | 2018-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Security Onion Solutions Squert version 1.1.1 through 1.6.7 contains a SQL Injection vulnerability in .inc/callback.php that can result in execution of SQL commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the sensors parameter, used in ec(). This vulnerability appears to have been fixed in 1.7.0. | |||||
| CVE-2018-6863 | 1 Select Your College Script Project | 1 Select Your College Script | 2018-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in PHP Scripts Mall Select Your College Script 2.0.2 via a Login Parameter. | |||||
| CVE-2018-6582 | 1 Zh Googlemap Project | 1 Zh Googlemap | 2018-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Zh GoogleMap 8.4.0.0 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request. | |||||
| CVE-2018-6605 | 1 Zh Baidumap Project | 1 Zh Baidumap | 2018-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request. | |||||