Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7239 | 1 Sap | 1 Netweaver J2ee Engine | 2018-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2018-19061 | 1 Dedecms | 1 Dedecms | 2018-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter. | |||||
| CVE-2018-18887 | 1 S-cms | 1 S-cms | 2018-12-08 | 7.5 HIGH | 9.8 CRITICAL |
| S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field). | |||||
| CVE-2018-18832 | 1 Dkcms | 1 Dkcms | 2018-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| admin/check.asp in DKCMS 9.4 allows SQL Injection via an ASPSESSIONID cookie to admin/admin.asp. | |||||
| CVE-2015-4633 | 1 Koha | 1 Koha | 2018-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow (1) remote attackers to execute arbitrary SQL commands via the number parameter to opac-tags_subject.pl in the OPAC interface or (2) remote authenticated users to execute arbitrary SQL commands via the Filter or (3) Criteria parameter to reports/borrowers_out.pl in the Staff interface. | |||||
| CVE-2018-18546 | 1 Thinkphp | 1 Thinkphp | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable. | |||||
| CVE-2018-18705 | 1 Phptpoint | 1 Hospital Management System | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| PhpTpoint hospital management system suffers from multiple SQL injection vulnerabilities via the index.php user parameter associated with LOGIN.php, or the rno parameter to ALIST.php, DUNDEL.php, PDEL.php, or PUNDEL.php. | |||||
| CVE-2018-18704 | 1 Phptpoint | 1 Pharmacy Management System | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| PhpTpoint Pharmacy Management System suffers from a SQL injection vulnerability in the index.php username parameter. | |||||
| CVE-2018-18702 | 1 Icmsdev | 1 Icms | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion. | |||||
| CVE-2018-18550 | 1 Serverscheck | 1 Serverscheck | 2018-12-04 | 6.5 MEDIUM | 8.8 HIGH |
| ServersCheck Monitoring Software before 14.3.4 allows SQL Injection by an authenticated user. | |||||
| CVE-2018-18527 | 1 Owndms | 1 Ownticket | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or editTicketStatusId parameter. | |||||
| CVE-2018-17446 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | |||||
| CVE-2018-18785 | 1 Zzcms | 1 Zzcms | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php. | |||||
| CVE-2018-18786 | 1 Zzcms | 1 Zzcms | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie. | |||||
| CVE-2018-18784 | 1 Zzcms | 1 Zzcms | 2018-12-04 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in zzcms 8.3. SQL Injection exists in admin/tagmanage.php via the tabletag parameter. (This needs an admin user login.) | |||||
| CVE-2018-18787 | 1 Zzcms | 1 Zzcms | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie. | |||||
| CVE-2018-18788 | 1 Zzcms | 1 Zzcms | 2018-12-04 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in zzcms 8.3. SQL Injection exists in admin/classmanage.php via the tablename parameter. (This needs an admin user login.) | |||||
| CVE-2018-18790 | 1 Zzcms | 1 Zzcms | 2018-12-04 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in zzcms 8.3. SQL Injection exists in admin/special_add.php via a zxbigclassid cookie. (This needs an admin user login.) | |||||
| CVE-2018-18789 | 1 Zzcms | 1 Zzcms | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php. | |||||
| CVE-2018-18791 | 1 Zzcms | 1 Zzcms | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie. | |||||
| CVE-2018-18792 | 1 Zzcms | 1 Zzcms | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie. | |||||
| CVE-2018-18530 | 1 Thinkphp | 1 Thinkphp | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI. | |||||
| CVE-2018-18529 | 1 Thinkphp | 1 Thinkphp | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI. | |||||
| CVE-2018-18427 | 1 S-cms | 1 S-cms | 2018-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| s-cms 3.0 allows SQL Injection via the member/post.php 0_id parameter or the POST data to member/member_login.php. | |||||
| CVE-2018-18486 | 1 Phpshe | 1 Phpshe | 2018-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PHPSHE 1.7. SQL injection exists via the admin.php?mod=user&act=del user_id[] parameter. | |||||
| CVE-2018-18488 | 1 Gxlcms | 1 Gxlcms | 2018-11-30 | 7.5 HIGH | 9.8 CRITICAL |
| In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL Injection exists via the ids[] parameter. | |||||
| CVE-2018-18211 | 1 Pbootcms | 1 Pbootcms | 2018-11-26 | 6.8 MEDIUM | 8.1 HIGH |
| PbootCMS 1.2.1 has SQL injection via the HTTP POST data to the api.php/cms/addform?fcode=1 URI. | |||||
| CVE-2018-18075 | 1 Wikidforum Project | 1 Wikidforum | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| WikidForum 2.20 has SQL Injection via the rpc.php parent_post_id or num_records parameter, or the index.php?action=search select_sort parameter. | |||||
| CVE-2018-17428 | 1 Nexusfi | 1 Opac Easyweb Five | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in OPAC EasyWeb Five 5.7. There is SQL injection via the w2001/index.php?scelta=campi biblio parameter. | |||||
| CVE-2018-17562 | 1 Multitech | 1 Faxfinder | 2018-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/call_details?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information through different injection points. | |||||
| CVE-2018-9493 | 1 Google | 1 Android | 2018-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In the content provider of the download manager, there is a possible SQL injection due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111085900 | |||||
| CVE-2018-17852 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/coupon/admin/card.php via the groupname parameter to the /index.php?m=coupon&f=card&v=detail_listing URI. | |||||
| CVE-2018-17831 | 1 Redaxo | 1 Redaxo | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list were used. | |||||
| CVE-2018-17796 | 1 Mushroom Content Management System Project | 1 Mushroom Content Management System | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in MRCMS (aka mushroom) through 3.1.2. The WebParam.java file directly accepts the FIELD_T parameter in a request and uses it as a hash of SQL statements without filtering, resulting in a SQL injection vulnerability in getChannel() in the ChannelService.java file. | |||||
| CVE-2018-17575 | 1 Swa | 1 Swa.jacad | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the /academico/aluno/esqueci-minha-senha/ studentId parameter. | |||||
| CVE-2018-14956 | 1 Isweb | 1 Isweb | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An attacker can inject malicious queries into the application and obtain sensitive information. | |||||
| CVE-2018-7107 | 1 Hpe | 1 Device Entitlement Gateway | 2018-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A potential security vulnerability has been identified in HPE Device Entitlement Gateway (DEG) v3.2.4, v3.3 and v3.3.1. The vulnerability could be remotely exploited to allow local SQL injection and elevation of privilege. | |||||
| CVE-2018-18200 | 1 Redaxo | 1 Redaxo | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4. | |||||
| CVE-2018-18242 | 1 Youke365 | 1 Youke 365 | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| youke365 v1.1.5 has SQL injection via admin/login.html, as demonstrated by username=admin&pass=123456&code=9823&act=login&submit=%E7%99%BB+%E9%99%86. | |||||
| CVE-2018-17566 | 1 Thinkphp | 1 Thinkphp | 2018-11-20 | 7.5 HIGH | 9.8 CRITICAL |
| In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request. | |||||
| CVE-2018-17552 | 1 Naviwebs | 1 Navigate Cms | 2018-11-19 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie. | |||||
| CVE-2018-17379 | 1 Thephpfactory | 1 Raffle Factory | 2018-11-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Raffle Factory 3.5.2 component for Joomla! via the filter_order_Dir or filter_order parameter. | |||||
| CVE-2018-17380 | 1 Thephpfactory | 1 Article Factory Manager | 2018-11-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Article Factory Manager 4.3.9 component for Joomla! via the start_date, m_start_date, or m_end_date parameter. | |||||
| CVE-2018-17382 | 1 Thephpfactory | 1 Jobs Factory | 2018-11-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Jobs Factory 2.0.4 component for Joomla! via the filter_letter parameter. | |||||
| CVE-2018-17383 | 1 Thephpfactory | 1 Collection Factory | 2018-11-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Collection Factory 4.1.9 component for Joomla! via the filter_order or filter_order_Dir parameter. | |||||
| CVE-2018-17394 | 1 Osthemeclub | 1 Timetable Schedule | 2018-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Timetable Schedule 3.6.8 component for Joomla! via the eid parameter. | |||||
| CVE-2018-17391 | 1 Super Cms Blog Pro Project | 1 Super Cms Blog Pro | 2018-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via the author parameter. | |||||
| CVE-2018-17385 | 1 Thephpfactory | 1 Social Factory | 2018-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Social Factory 3.8.3 component for Joomla! via the radius[lat], radius[lng], or radius[radius] parameter. | |||||
| CVE-2018-17397 | 1 Multiplanet | 1 Alphaindex Dictionaries | 2018-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the AlphaIndex Dictionaries 1.0 component for Joomla! via the letter parameter. | |||||
| CVE-2018-17377 | 1 Extensiondeveloper | 1 Questions | 2018-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Questions 1.4.3 component for Joomla! via the term, userid, users, or groups parameter. | |||||