Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7732 | 1 Yxtcmf | 1 Yxtcmf | 2018-03-26 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in YxtCMF 3.1. SQL Injection exists in ShitiController.class.php via the ids array parameter to exam/shiti/delshiti.html. | |||||
| CVE-2017-1000474 | 1 Vehicle Sales Management System Project | 1 Vehicle Sales Management System | 2018-03-23 | 7.5 HIGH | 9.8 CRITICAL |
| Soyket Chowdhury Vehicle Sales Management System version 2017-07-30 is vulnerable to multiple SQL Injecting in login/vehicle.php, login/profile.php, login/Actions.php, login/manage_employee.php, and login/sell.php scripts resulting in the expose of user's login credentials, SQL Injection and Stored XSS vulnerability, which leads to remote code executing. | |||||
| CVE-2018-7579 | 1 Yzmcms | 1 Yzmcms | 2018-03-22 | 6.5 MEDIUM | 7.2 HIGH |
| \application\admin\controller\update_urls.class.php in YzmCMS 3.6 has SQL Injection via the catids array parameter to admin/update_urls/update_category_url.html. | |||||
| CVE-2014-2839 | 1 Dev4press | 1 Gd Star Rating | 2018-03-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the GD Star Rating plugin 19.22 for WordPress allows remote administrators to execute arbitrary SQL commands via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php. | |||||
| CVE-2018-7477 | 1 School Management Script Project | 1 School Management Script | 2018-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in PHP Scripts Mall School Management Script 3.0.4 via the Username and Password fields to parents/Parent_module/parent_login.php. | |||||
| CVE-2018-6883 | 1 Piwigo | 1 Piwigo | 2018-03-17 | 4.0 MEDIUM | 4.9 MEDIUM |
| Piwigo before 2.9.3 has SQL injection in admin/tags.php in the administration panel, via the tags array parameter in an admin.php?page=tags request. The attacker must be an administrator. | |||||
| CVE-2018-7463 | 1 Asanhamayesh | 1 Asanhamayesh Cms | 2018-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in files.php in the "files" component in ASANHAMAYESH CMS 3.4.6 allows a remote attacker to execute arbitrary SQL commands via the "id" parameter. | |||||
| CVE-2017-9426 | 1 Facetag Project | 1 Facetag | 2018-03-16 | 7.5 HIGH | 9.8 CRITICAL |
| ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection via the imageId parameter in a facetag.changeTag or facetag.listTags action. | |||||
| CVE-2015-5725 | 1 Codeigniter | 1 Codeigniter | 2018-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the offset method in the Active Record class in CodeIgniter before 2.2.4 allows remote attackers to execute arbitrary SQL commands via vectors involving the offset variable. | |||||
| CVE-2018-6859 | 1 Schools Alert Management Script Project | 1 Schools Alert Management Script | 2018-03-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in PHP Scripts Mall Schools Alert Management Script 2.0.2 via the Login Parameter. | |||||
| CVE-2014-4977 | 1 Sonicwall | 1 Scrutinizer | 2018-03-12 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php. | |||||
| CVE-2012-2962 | 1 Sonicwall | 1 Scrutinizer | 2018-03-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter. | |||||
| CVE-2012-3951 | 1 Sonicwall | 1 Scrutinizer | 2018-03-12 | 7.5 HIGH | N/A |
| The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session. | |||||
| CVE-2018-5983 | 1 Jquickcontact Project | 1 Jquickcontact | 2018-03-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JquickContact 1.3.2.2.1 component for Joomla! via a task=refresh&sid= request. | |||||
| CVE-2018-5987 | 1 Social Pinboard Project | 1 Social Pinboard | 2018-03-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 component for Joomla! via the pin_id or user_id parameter in a task=getlikeinfo action, the ends parameter in a view=gift action, the category parameter in a view=home action, the uid parameter in a view=pindisplay action, the searchVal parameter in a view=search action, or the uid parameter in a view=likes action. | |||||
| CVE-2018-1414 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2018-03-09 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 138820. | |||||
| CVE-2017-18194 | 1 Hamayeshnegar | 1 Hamayeshnegar Cms | 2018-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in users/signup.php in the "signup" component in HamayeshNegar CMS allows a remote attacker to execute arbitrary SQL commands via the "utype" parameter. | |||||
| CVE-2017-5814 | 1 Hp | 1 Network Automation | 2018-03-07 | 10.0 HIGH | 9.8 CRITICAL |
| A remote sql injection authentication bypass in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | |||||
| CVE-2017-5812 | 1 Hp | 1 Network Automation | 2018-03-07 | 5.0 MEDIUM | 7.5 HIGH |
| A remote sql information disclosure vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | |||||
| CVE-2017-5810 | 1 Hp | 1 Network Automation | 2018-03-07 | 7.5 HIGH | 9.8 CRITICAL |
| A remote sql injection vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | |||||
| CVE-2018-6928 | 1 News Website Script Project | 1 News Website Script | 2018-03-07 | 7.5 HIGH | 9.8 CRITICAL |
| PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a search term. | |||||
| CVE-2018-6893 | 1 Finecms | 1 Finecms | 2018-03-06 | 7.5 HIGH | 9.8 CRITICAL |
| controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering. | |||||
| CVE-2018-7314 | 1 Mlwebtechnologies | 1 Prayercenter | 2018-03-06 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429. | |||||
| CVE-2018-5991 | 1 Web-dorado | 1 Form Maker | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request, a different vulnerability than CVE-2015-2798. | |||||
| CVE-2018-5994 | 1 Joomsky | 1 Js Jobs | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request. | |||||
| CVE-2018-6006 | 1 Joomsky | 1 Js Autoz | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via the vtype, pre, or prs parameter. | |||||
| CVE-2018-6368 | 1 Comdev | 1 Jomestate Pro | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JomEstate PRO through 3.7 component for Joomla! via the id parameter in a task=detailed action. | |||||
| CVE-2016-10007 | 1 Dotcms | 1 Dotcms | 2018-03-05 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in the "Marketing > Forms" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_FORM_HANDLER_orderBy parameter. | |||||
| CVE-2018-6370 | 1 Neojoomla | 1 Neorecruit | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via the (1) PATH_INFO or (2) name of a .html file under the all-offers/ URI. | |||||
| CVE-2018-6583 | 1 Quanticalabs | 1 Timetable Responsive Schedule | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Timetable Responsive Schedule 1.5 component for Joomla! via a view=event&alias= request. | |||||
| CVE-2018-6396 | 1 Google Map Landkarten Project | 1 Google Map Landkarten | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map parameter in a layout=default action. | |||||
| CVE-2018-6372 | 1 Joombooking | 1 Jb Bus | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JB Bus 2.3 component for Joomla! via the order_number parameter. | |||||
| CVE-2018-6585 | 1 Techjoomla | 1 Jticketing | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JTicketing 2.0.16 component for Joomla! via a view=events action with a filter_creator or filter_events_cat parameter. | |||||
| CVE-2018-7313 | 1 Cwjoomla | 1 Cw Tags | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the searchtext array parameter. | |||||
| CVE-2018-6584 | 1 Dthdevelopment | 1 Dt Register | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the DT Register 3.2.7 component for Joomla! via a task=edit&id= request. | |||||
| CVE-2016-10008 | 1 Dotcms | 1 Dotcms | 2018-03-05 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_STRUCTURE_direction parameter. | |||||
| CVE-2018-5975 | 1 Thekrotek | 1 Smart Shoutbox | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Smart Shoutbox 3.0.0 component for Joomla! via the shoutauthor parameter to the archive URI. | |||||
| CVE-2018-5974 | 1 Albonico | 1 Simplecalendar | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter. | |||||
| CVE-2018-5971 | 1 Ordasoft | 1 Medialibrary | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or the mid array parameter. | |||||
| CVE-2018-5970 | 1 Techjoomla | 1 Jgive | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter. | |||||
| CVE-2018-5980 | 1 Solidres | 1 Solidres | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hub.search action. | |||||
| CVE-2018-5990 | 1 Allvideos Reloaded Project | 1 Allvideos Reloaded | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the AllVideos Reloaded 1.2.x component for Joomla! via the divid parameter. | |||||
| CVE-2018-5992 | 1 Staff Master Project | 1 Staff Master | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Staff Master through 1.0 RC 1 component for Joomla! via the name parameter in a view=staff request. | |||||
| CVE-2018-6004 | 1 Techsolsystem | 1 File Download Tracker | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter. | |||||
| CVE-2018-6005 | 1 Realpin Project | 1 Realpin | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Realpin through 1.5.04 component for Joomla! via the pinboard parameter. | |||||
| CVE-2018-6394 | 1 Techjoomla | 1 Invitex | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the InviteX 3.0.5 component for Joomla! via the invite_type parameter in a view=invites action. | |||||
| CVE-2018-7177 | 1 Saxum2003 | 1 Numerology | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Saxum Numerology 3.0.4 component for Joomla! via the publicid parameter. | |||||
| CVE-2018-7178 | 1 Saxum2003 | 1 Saxum Picker | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter. | |||||
| CVE-2018-7179 | 1 Squadmanagement Project | 1 Squadmanagement | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the SquadManagement 1.0.3 component for Joomla! via the id parameter. | |||||
| CVE-2018-6024 | 1 Thethinkery | 1 Project Log | 2018-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter. | |||||