Search
Total
2383 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6604 | 1 Zh Yandexmap Project | 1 Zh Yandexmap | 2018-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Zh YandexMap 6.2.1.0 component for Joomla! via the id parameter in a task=getPlacemarkDetails request. | |||||
| CVE-2016-7400 | 1 Exponentcms | 1 Exponent Cms | 2018-02-27 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id parameter in a showComments expComment controller action. | |||||
| CVE-2017-17413 | 1 Quest | 1 Netvault Backup | 2018-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupTargetSet Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4224. | |||||
| CVE-2018-6579 | 1 Jextn | 1 Reverse Auction | 2018-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for Joomla! via a view=products&uid= request. | |||||
| CVE-2018-6575 | 1 Jextn | 1 Classified | 2018-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JEXTN Classified 1.0.0 component for Joomla! via a view=boutique&sid= request. | |||||
| CVE-2018-6577 | 1 Jextn | 1 Membership | 2018-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request. | |||||
| CVE-2018-6395 | 1 Joomlacalendars | 1 Visual Calendar | 2018-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla! via the id parameter in a view=load action. | |||||
| CVE-2018-6398 | 1 Joomlacalendars | 1 Event Calendar | 2018-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the CP Event Calendar 3.0.1 component for Joomla! via the id parameter in a task=load action. | |||||
| CVE-2018-6576 | 1 Ezcode | 1 Event Manager | 2018-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Event Manager 1.0 via the event.php id parameter or the page.php slug parameter. | |||||
| CVE-2018-6581 | 1 Joommasters | 1 Jms Music | 2018-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, artist, or username parameter. | |||||
| CVE-2018-6578 | 1 Jextn | 1 Je Paypervideo | 2018-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request. | |||||
| CVE-2018-6367 | 1 Vastal | 1 I-tech Buddy Zone Facebook Clone | 2018-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via the /chat_im/chat_window.php request_id parameter or the /search_events.php category parameter. | |||||
| CVE-2018-6364 | 1 Multilanguage Real Estate Mlm Script Project | 1 Multilanguage Real Estate Mlm Script | 2018-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list.php srch parameter. | |||||
| CVE-2018-6365 | 1 Datacomponents | 1 Tsitebuilder | 2018-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in TSiteBuilder 1.0 via the id parameter to /site.php, /pagelist.php, or /page_new.php. | |||||
| CVE-2018-6376 | 1 Joomla | 1 Joomla\! | 2018-02-13 | 7.5 HIGH | 9.8 CRITICAL |
| In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message. | |||||
| CVE-2018-6308 | 1 Sugarcrm | 1 Sugarcrm | 2018-02-12 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and below via the track parameter to modules\Campaigns\Tracker.php and modules\Campaigns\utils.php, the default_currency_name parameter to modules\Configurator\controller.php and modules\Currencies\Currency.php, the duplicate parameter to modules\Contacts\ShowDuplicates.php, the mergecur parameter to modules\Currencies\index.php and modules\Opportunities\Opportunity.php, and the load_signed_id parameter to modules\Documents\Document.php. | |||||
| CVE-2017-17999 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2018-02-09 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in RISE Ultimate Project Manager 1.9 allows remote attackers to execute arbitrary SQL commands via the search parameter to index.php/knowledge_base/get_article_suggestion/. | |||||
| CVE-2018-5973 | 1 Eihitech | 1 Professional Local Directory Script | 2018-02-09 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Professional Local Directory Script 1.0 via the sellers_subcategories.php IndustryID parameter, or the suppliers.php IndustryID or CategoryID parameter. | |||||
| CVE-2018-5778 | 1 Ipswitch | 1 Whatsup Gold | 2018-02-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Multiple SQL injection vulnerabilities are present in the legacy .ASP pages, which could allow attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2018-5972 | 1 Quickad Project | 1 Quickad | 2018-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Classified Ads CMS Quickad 4.0 via the keywords, placeid, cat, or subcat parameter to the listing URI. | |||||
| CVE-2018-5985 | 1 Livecrm | 1 Livecrm Saas Cloud | 2018-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component for Joomla! via an r=site/login&company_id= request. | |||||
| CVE-2018-5988 | 1 Flexible Poll Project | 1 Flexible Poll | 2018-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Flexible Poll 1.2 via the id parameter to mobile_preview.php or index.php. | |||||
| CVE-2018-5984 | 1 Tumder Project | 1 Tumder | 2018-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Tumder (An Arcade Games Platform) 2.1 component for Joomla! via the PATH_INFO to the category/ URI. | |||||
| CVE-2018-5979 | 1 Wchat Project | 1 Wchat | 2018-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat Script 1.5 via the login.php User field. | |||||
| CVE-2018-5978 | 1 Zechat Project | 1 Zechat | 2018-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via the login.php User field. | |||||
| CVE-2018-5977 | 1 Getaffiligator | 1 Affiligator | 2018-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Affiligator Affiliate Webshop Management System 2.1.0 via a search/?q=&price_type=range&price= request. | |||||
| CVE-2017-16510 | 1 Wordpress | 1 Wordpress | 2018-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723. | |||||
| CVE-2017-16716 | 1 Advantech | 1 Webaccess | 2018-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands. | |||||
| CVE-2017-7997 | 1 Gespage | 1 Gespage | 2018-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow remote attackers to execute arbitrary SQL commands via the (1) show_prn parameter to webapp/users/prnow.jsp or show_month parameter to (2) webapp/users/blhistory.jsp or (3) webapp/users/prhistory.jsp. | |||||
| CVE-2017-5971 | 1 Newsbee Project | 1 Newsbee | 2018-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in NewsBee CMS allow remote attackers to execute arbitrary SQL commands. | |||||
| CVE-2018-5696 | 1 Ijoomla | 1 Com Adagency | 2018-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL injection via the `advertiser_status` and `status_select` parameters to index.php. | |||||
| CVE-2017-17970 | 1 Muvikoscript | 1 Muviko | 2018-01-31 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to login.php; the (2) season_id parameter to themes/flixer/ajax/load_season.php; the (3) movie_id parameter to themes/flixer/ajax/get_rating.php; the (4) rating or (5) movie_id parameter to themes/flixer/ajax/update_rating.php; or the (6) id parameter to themes/flixer/ajax/set_player_source.php. | |||||
| CVE-2017-1670 | 1 Ibm | 1 Security Key Lifecycle Manager | 2018-01-31 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 133637. | |||||
| CVE-2018-5211 | 1 Phpsugar | 1 Php Melody | 2018-01-31 | 7.5 HIGH | 9.8 CRITICAL |
| PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack on the page ajax.php with the parameter playlist. | |||||
| CVE-2018-5315 | 1 Wp Events Calendar Project | 1 Wp Events Calendar | 2018-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter to event.php. | |||||
| CVE-2015-9249 | 1 Skyboxsecurity | 1 Skybox Platform | 2018-01-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Skybox Platform before 7.5.201. SQL Injection exists in /skyboxview/webservice/services/VersionWebService via a soapenv:Body element. | |||||
| CVE-2014-4914 | 2 Debian, Zend | 2 Debian Linux, Zend Framework | 2018-01-17 | 7.5 HIGH | 9.8 CRITICAL |
| The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors. | |||||
| CVE-2017-17875 | 1 Jextn | 1 Jextn Faq Pro | 2018-01-17 | 7.5 HIGH | 9.8 CRITICAL |
| The JEXTN FAQ Pro extension 4.0.0 for Joomla! has SQL Injection via the id parameter in a view=category action. | |||||
| CVE-2017-17872 | 1 Jextn | 1 Jextn Video Gallery | 2018-01-17 | 7.5 HIGH | 9.8 CRITICAL |
| The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection via the id parameter in a view=category action. | |||||
| CVE-2018-3811 | 1 Oturia | 1 Smart Google Code Inserter | 2018-01-16 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. The saveGoogleAdWords() function in smartgooglecode.php did not use prepared statements and did not sanitize the $_POST["oId"] variable before passing it as input into the SQL query. | |||||
| CVE-2017-1000444 | 1 Openhacker Project | 1 Openhacker | 2018-01-11 | 7.5 HIGH | 9.8 CRITICAL |
| Eleix Openhacker version 0.1.47 is vulnerable to an SQL injection in the account registration and login component resulting in information disclosure and remote code execution | |||||
| CVE-2017-17870 | 1 Jbuildozer | 1 Jbuildozer | 2018-01-11 | 7.5 HIGH | 9.8 CRITICAL |
| The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the appid parameter in an entriessearch action. | |||||
| CVE-2012-2576 | 1 Solarwinds | 3 Backup Profiler, Storage Manager, Storage Profiler | 2018-01-11 | 10.0 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field. | |||||
| CVE-2017-17931 | 1 Resume Clone Script Project | 1 Resume Clone Script | 2018-01-10 | 7.5 HIGH | 9.8 CRITICAL |
| PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter. | |||||
| CVE-2017-17928 | 1 Ordermanagementscript | 1 Professional Service Script | 2018-01-10 | 7.5 HIGH | 9.8 CRITICAL |
| PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter. | |||||
| CVE-2017-17873 | 1 Vanguard Project | 1 Marketplace Digital Products Php | 2018-01-09 | 7.5 HIGH | 9.8 CRITICAL |
| Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI. | |||||
| CVE-2017-17892 | 1 Readymade Video Sharing Script Project | 1 Readymade Video Sharing Script | 2018-01-09 | 7.5 HIGH | 9.8 CRITICAL |
| Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter. | |||||
| CVE-2017-17906 | 1 Car Rental Script Project | 1 Car Rental Script | 2018-01-09 | 7.5 HIGH | 9.8 CRITICAL |
| PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter. | |||||
| CVE-2017-17895 | 1 Basic Job Site Script Project | 1 Basic Job Site Script | 2018-01-09 | 7.5 HIGH | 9.8 CRITICAL |
| Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI. | |||||
| CVE-2017-17899 | 1 Dolibarr | 1 Dolibarr | 2018-01-09 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter. | |||||