Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7501 | 1 Advantech | 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been identified, which may allow an attacker to disclose sensitive information from the host.
|
|||||
| CVE-2018-7477 | 1 School Management Script Project | 1 School Management Script | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in PHP Scripts Mall School Management Script 3.0.4 via the Username and Password fields to parents/Parent_module/parent_login.php.
|
|||||
| CVE-2018-7474 | 1 Textpattern | 1 Textpattern | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable "qty" on the page index.php.
|
|||||
| CVE-2018-7463 | 1 Asanhamayesh | 1 Asanhamayesh Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in files.php in the "files" component in ASANHAMAYESH CMS 3.4.6 allows a remote attacker to execute arbitrary SQL commands via the "id" parameter.
|
|||||
| CVE-2018-7319 | 1 Os Property Real Estate Project | 1 Os Property Real Estate | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the OS Property Real Estate 3.12.7 component for Joomla! via the cooling_system1, heating_system1, or laundry parameter.
|
|||||
| CVE-2018-7318 | 2 Belitsoft, Oracle | 2 Checklist, Data Integrator | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter.
|
|||||
| CVE-2018-7315 | 1 Harmistechnology | 1 Ek Rishta | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the gender, age1, age2, religion, mothertounge, caste, or country parameter.
|
|||||
| CVE-2018-7314 | 1 Mlwebtechnologies | 1 Prayercenter | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429.
|
|||||
| CVE-2018-7313 | 1 Cwjoomla | 1 Cw Tags | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the searchtext array parameter.
|
|||||
| CVE-2018-7312 | 1 Alexandriabooklibrary | 1 Alexandria Book Library | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the Alexandria Book Library 3.1.2 component for Joomla! via the letter parameter.
|
|||||
| CVE-2018-7282 | 1 Titool | 1 Printmonitor | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The username parameter of the TITool PrintMonitor solution during the login request is vulnerable to and/or time-based blind SQLi.
|
|||||
| CVE-2018-7269 | 1 Yiiframework | 1 Yii | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer recognizes an undocumented need to sanitize array input.
|
|||||
| CVE-2018-7180 | 1 Saxum2003 | 1 Astro | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! via the publicid parameter.
|
|||||
| CVE-2018-7179 | 1 Squadmanagement Project | 1 Squadmanagement | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the SquadManagement 1.0.3 component for Joomla! via the id parameter.
|
|||||
| CVE-2018-7178 | 1 Saxum2003 | 1 Saxum Picker | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter.
|
|||||
| CVE-2018-7177 | 1 Saxum2003 | 1 Numerology | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the Saxum Numerology 3.0.4 component for Joomla! via the publicid parameter.
|
|||||
| CVE-2018-7107 | 1 Hpe | 1 Device Entitlement Gateway | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A potential security vulnerability has been identified in HPE Device Entitlement Gateway (DEG) v3.2.4, v3.3 and v3.3.1. The vulnerability could be remotely exploited to allow local SQL injection and elevation of privilege.
|
|||||
| CVE-2018-7065 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation. All versions of ClearPass are affected by multiple authenticated SQL injection vulnerabilities. In each case, an authenticated administrative user of any type could exploit this vulnerability to gain access to "appadmin" credentials, leading to complete cluster compromise. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix.
|
|||||
| CVE-2018-7033 | 2 Debian, Schedmd | 2 Debian Linux, Slurm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD.
|
|||||
| CVE-2018-6928 | 1 News Website Script Project | 1 News Website Script | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a search term.
|
|||||
| CVE-2018-6893 | 1 Finecms | 1 Finecms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering.
|
|||||
| CVE-2018-6883 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
Piwigo before 2.9.3 has SQL injection in admin/tags.php in the administration panel, via the tags array parameter in an admin.php?page=tags request. The attacker must be an administrator.
|
|||||
| CVE-2018-6863 | 1 Select Your College Script Project | 1 Select Your College Script | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in PHP Scripts Mall Select Your College Script 2.0.2 via a Login Parameter.
|
|||||
| CVE-2018-6859 | 1 Schools Alert Management Script Project | 1 Schools Alert Management Script | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in PHP Scripts Mall Schools Alert Management Script 2.0.2 via the Login Parameter.
|
|||||
| CVE-2018-6792 | 1 Saifor | 1 Cvms Hub | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Multiple SQL injection vulnerabilities in Saifor CVMS HUB 1.3.1 allow an authenticated user to execute arbitrary SQL commands via multiple parameters to the /cvms-hub/privado/seccionesmib/secciones.xhtml resource. The POST parameters are j_idt118, j_idt120, j_idt122, j_idt124, j_idt126, j_idt128, and j_idt130 under formularioGestionarSecciones:tablaSeccionesMib:*:filter. The GET parameter is nombreAgente.
|
|||||
| CVE-2018-6609 | 1 Jsp Tickets Project | 1 Jsp Tickets | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the JSP Tickets 1.1 component for Joomla! via the ticketcode parameter in a ticketlist edit action, or the id parameter in a statuslist (or prioritylist) edit action.
|
|||||
| CVE-2018-6605 | 1 Zh Baidumap Project | 1 Zh Baidumap | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.
|
|||||
| CVE-2018-6604 | 1 Zh Yandexmap Project | 1 Zh Yandexmap | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the Zh YandexMap 6.2.1.0 component for Joomla! via the id parameter in a task=getPlacemarkDetails request.
|
|||||
| CVE-2018-6585 | 1 Techjoomla | 1 Jticketing | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the JTicketing 2.0.16 component for Joomla! via a view=events action with a filter_creator or filter_events_cat parameter.
|
|||||
| CVE-2018-6584 | 1 Dthdevelopment | 1 Dt Register | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the DT Register 3.2.7 component for Joomla! via a task=edit&id= request.
|
|||||
| CVE-2018-6583 | 1 Quanticalabs | 1 Timetable Responsive Schedule | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the Timetable Responsive Schedule 1.5 component for Joomla! via a view=event&alias= request.
|
|||||
| CVE-2018-6582 | 1 Zh Googlemap Project | 1 Zh Googlemap | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the Zh GoogleMap 8.4.0.0 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.
|
|||||
| CVE-2018-6581 | 1 Joommasters | 1 Jms Music | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, artist, or username parameter.
|
|||||
| CVE-2018-6579 | 1 Jextn | 1 Reverse Auction | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for Joomla! via a view=products&uid= request.
|
|||||
| CVE-2018-6578 | 1 Jextn | 1 Je Paypervideo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request.
|
|||||
| CVE-2018-6577 | 1 Jextn | 1 Membership | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request.
|
|||||
| CVE-2018-6576 | 1 Ezcode | 1 Event Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in Event Manager 1.0 via the event.php id parameter or the page.php slug parameter.
|
|||||
| CVE-2018-6575 | 1 Jextn | 1 Classified | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the JEXTN Classified 1.0.0 component for Joomla! via a view=boutique&sid= request.
|
|||||
| CVE-2018-6494 | 1 Microfocus | 1 Service Manager | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data.
|
|||||
| CVE-2018-6493 | 1 Hp | 2 Network Automation, Network Operations Management Ultimate | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection.
|
|||||