Vulnerabilities (CVE)

  1. Yack CVE
  2. Vulnerabilities (CVE)
Filtered by CWE-89
Angry Yack Logo
Total 18012 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-6410 1 Machform 1 Machform 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter.
CVE-2018-6398 1 Joomlacalendars 1 Event Calendar 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in the CP Event Calendar 3.0.1 component for Joomla! via the id parameter in a task=load action.
CVE-2018-6396 1 Google Map Landkarten Project 1 Google Map Landkarten 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map parameter in a layout=default action.
CVE-2018-6395 1 Joomlacalendars 1 Visual Calendar 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla! via the id parameter in a view=load action.
CVE-2018-6394 1 Techjoomla 1 Invitex 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in the InviteX 3.0.5 component for Joomla! via the invite_type parameter in a view=invites action.
CVE-2018-6393 1 Sangoma 1 Freepbx 2024-11-21 6.5 MEDIUM 7.2 HIGH
FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... [or] run shell scripts ... once ... logged in to the administration interface; there is no need to try to find input validation errors.
CVE-2018-6382 1 Mantisbt 1 Mantisbt 2024-11-21 2.1 LOW 3.3 LOW
MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. NOTE: the vendor disputes the significance of this report because server.php is intended to execute arbitrary SQL statements on behalf of authenticated users from 127.0.0.1, and the issue does not have an authentication bypass
CVE-2018-6376 1 Joomla 1 Joomla\! 2024-11-21 7.5 HIGH 9.8 CRITICAL
In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.
CVE-2018-6373 1 Fastballproductions 1 Fastball 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in the Fastball 2.5 component for Joomla! via the season parameter in a view=player action.
CVE-2018-6372 1 Joombooking 1 Jb Bus 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in the JB Bus 2.3 component for Joomla! via the order_number parameter.
CVE-2018-6370 1 Neojoomla 1 Neorecruit 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via the (1) PATH_INFO or (2) name of a .html file under the all-offers/ URI.
CVE-2018-6368 1 Comdev 1 Jomestate Pro 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in the JomEstate PRO through 3.7 component for Joomla! via the id parameter in a task=detailed action.
CVE-2018-6367 1 Vastal 1 I-tech Buddy Zone Facebook Clone 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via the /chat_im/chat_window.php request_id parameter or the /search_events.php category parameter.
CVE-2018-6365 1 Datacomponents 1 Tsitebuilder 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in TSiteBuilder 1.0 via the id parameter to /site.php, /pagelist.php, or /page_new.php.
CVE-2018-6364 1 Multilanguage Real Estate Mlm Script Project 1 Multilanguage Real Estate Mlm Script 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list.php srch parameter.
CVE-2018-6363 1 Taskrabbit Clone Project 1 Taskrabbit Clone 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in Task Rabbit Clone 1.0 via the single_blog.php id parameter.
CVE-2018-6330 1 Laravel 1 Framework 2024-11-21 6.5 MEDIUM 8.8 HIGH
Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.
CVE-2018-6329 1 Unitrends 1 Backup 2024-11-21 10.0 HIGH 9.8 CRITICAL
It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, allowing a remote attacker to place a privilege escalation exploit on the target system and subsequently execute arbitrary commands.
CVE-2018-6308 1 Sugarcrm 1 Sugarcrm 2024-11-21 7.5 HIGH 9.8 CRITICAL
Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and below via the track parameter to modules\Campaigns\Tracker.php and modules\Campaigns\utils.php, the default_currency_name parameter to modules\Configurator\controller.php and modules\Currencies\Currency.php, the duplicate parameter to modules\Contacts\ShowDuplicates.php, the mergecur parameter to modules\Currencies\index.php and modules\Opportunities\Opportunity.php, and the load_signed_id parameter to modules\Documents\Docum ...

Show More
CVE-2018-6230 1 Trendmicro 1 Email Encryption Gateway 2024-11-21 8.3 HIGH 6.8 MEDIUM
A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 search configuration script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.
CVE-2018-6229 1 Trendmicro 1 Email Encryption Gateway 2024-11-21 10.0 HIGH 9.8 CRITICAL
A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.
CVE-2018-6228 1 Trendmicro 1 Email Encryption Gateway 2024-11-21 10.0 HIGH 9.8 CRITICAL
A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5.5 policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.
CVE-2018-6024 1 Thethinkery 1 Project Log 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter.
CVE-2018-6006 1 Joomsky 1 Js Autoz 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via the vtype, pre, or prs parameter.
CVE-2018-6005 1 Realpin Project 1 Realpin 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in the Realpin through 1.5.04 component for Joomla! via the pinboard parameter.
CVE-2018-6004 1 Techsolsystem 1 File Download Tracker 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter.
CVE-2018-5994 1 Joomsky 1 Js Jobs 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request.
CVE-2018-5993 1 Aist Project 1 Aist 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in the Aist through 2.0 component for Joomla! via the id parameter in a view=showvacancy request.
CVE-2018-5992 1 Staff Master Project 1 Staff Master 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in the Staff Master through 1.0 RC 1 component for Joomla! via the name parameter in a view=staff request.
CVE-2018-5991 1 Web-dorado 1 Form Maker 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request, a different vulnerability than CVE-2015-2798.
CVE-2018-5990 1 Allvideos Reloaded Project 1 Allvideos Reloaded 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in the AllVideos Reloaded 1.2.x component for Joomla! via the divid parameter.
CVE-2018-5989 1 Chillcreations 1 Ccnewsletter 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099.
CVE-2018-5988 1 Flexible Poll Project 1 Flexible Poll 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in Flexible Poll 1.2 via the id parameter to mobile_preview.php or index.php.
CVE-2018-5987 1 Social Pinboard Project 1 Social Pinboard 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 component for Joomla! via the pin_id or user_id parameter in a task=getlikeinfo action, the ends parameter in a view=gift action, the category parameter in a view=home action, the uid parameter in a view=pindisplay action, the searchVal parameter in a view=search action, or the uid parameter in a view=likes action.
CVE-2018-5986 1 Easycarscript 1 Easycarscript 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in Easy Car Script 2014 via the s_order or s_row parameter to site_search.php.
CVE-2018-5985 1 Livecrm 1 Livecrm Saas Cloud 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component for Joomla! via an r=site/login&company_id= request.
CVE-2018-5984 1 Tumder Project 1 Tumder 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in the Tumder (An Arcade Games Platform) 2.1 component for Joomla! via the PATH_INFO to the category/ URI.
CVE-2018-5983 1 Jquickcontact Project 1 Jquickcontact 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in the JquickContact 1.3.2.2.1 component for Joomla! via a task=refresh&sid= request.
CVE-2018-5982 1 Ordasoft 1 Advertisement Board 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in the Advertisement Board 3.1.0 component for Joomla! via a task=show_rss_categories&catname= request.
CVE-2018-5981 1 Web-dorado 1 Gallery Wd 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via the tag_id parameter or gallery_id parameter.