Vulnerabilities (CVE)

  1. Yack CVE
  2. Vulnerabilities (CVE)
Filtered by CWE-89
Angry Yack Logo
Total 18012 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-19271 1 Centreon 1 Centreon 2024-11-21 6.5 MEDIUM 8.8 HIGH
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) allows SQL Injection via the main.php searchH parameter.
CVE-2018-19221 1 Laobancms 1 Laobancms 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in LAOBANCMS 2.0. It allows SQL Injection via the admin/login.php guanliyuan parameter.
CVE-2018-19061 1 Dedecms 1 Dedecms 2024-11-21 7.5 HIGH 9.8 CRITICAL
DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter.
CVE-2018-18982 1 Nuuo 1 Nuuo Cms 2024-11-21 6.5 MEDIUM 8.8 HIGH
NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can be used to inject SQL into an executing statement and allow arbitrary code execution.
CVE-2018-18963 1 Degraupublicidade 1 Degraupublicidade 2024-11-21 7.5 HIGH 9.8 CRITICAL
Busca.aspx.cs in Degrau Publicidade e Internet Plataforma de E-commerce allows SQL Injection via the busca/ URI.
CVE-2018-18949 1 Zohocorp 1 Manageengine Opmanager 2024-11-21 7.5 HIGH 9.8 CRITICAL
Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings.
CVE-2018-18923 1 Abisoftgt 1 Ticketly 2024-11-21 7.5 HIGH 9.8 CRITICAL
AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters name, category_id and description in action/addproject.php; kind_id, priority_id, project_id, status_id and title in action/addticket.php; and kind_id and status_id in reports.php.
CVE-2018-18887 1 S-cms 1 S-cms 2024-11-21 7.5 HIGH 9.8 CRITICAL
S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field).
CVE-2018-18832 1 Dkcms 1 Dkcms 2024-11-21 7.5 HIGH 9.8 CRITICAL
admin/check.asp in DKCMS 9.4 allows SQL Injection via an ASPSESSIONID cookie to admin/admin.asp.
CVE-2018-18822 1 Grapixel 1 New Media 2024-11-21 7.5 HIGH 9.8 CRITICAL
Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pageref parameter.
CVE-2018-18806 1 School Equipment Monitoring System Project 1 School Equipment Monitoring System 2024-11-21 7.5 HIGH 9.8 CRITICAL
School Equipment Monitoring System 1.0 allows SQL injection via the login screen, related to include/user.vb.
CVE-2018-18805 1 Pointofsales Project 1 Pointofsales 2024-11-21 7.5 HIGH 9.8 CRITICAL
Point Of Sales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb.
CVE-2018-18804 1 Bakeshop Inventory System Project 1 Bakeshop Inventory System 2024-11-21 7.5 HIGH 9.8 CRITICAL
Bakeshop Inventory System 1.0 has SQL injection via the login screen, related to include/publicfunction.vb.
CVE-2018-18803 1 Curriculum Evaluation System Project 1 Curriculum Evaluation System 2024-11-21 7.5 HIGH 9.8 CRITICAL
Curriculum Evaluation System 1.0 allows SQL Injection via the login screen, related to frmCourse.vb and includes/user.vb.
CVE-2018-18801 1 Bsen Ordering Software Project 1 Bsen Ordering Software 2024-11-21 7.5 HIGH 9.8 CRITICAL
The BSEN Ordering software 1.0 has SQL Injection via student/index.php?view=view&id=[SQL] or index.php?q=single-item&id=[SQL].
CVE-2018-18800 1 Tubigan 1 Welcome To Our Resort 2024-11-21 7.5 HIGH 9.8 CRITICAL
The Tubigan "Welcome to our Resort" 1.0 software allows SQL Injection via index.php?p=accomodation&q=[SQL], index.php?p=rooms&q=[SQL], or admin/login.php.
CVE-2018-18798 1 School Attendance Monitoring System Project 1 School Attendance Monitoring System 2024-11-21 7.5 HIGH 9.8 CRITICAL
Attendance Monitoring System 1.0 has SQL Injection via the 'id' parameter to student/index.php?view=view, event/index.php?view=view, and user/index.php?view=view.
CVE-2018-18796 1 Library Management System Project 1 Library Management System 2024-11-21 7.5 HIGH 9.8 CRITICAL
Library Management System 1.0 has SQL Injection via the "Search for Books" screen.
CVE-2018-18795 1 School Event Management System Project 1 School Event Management System 2024-11-21 7.5 HIGH 9.8 CRITICAL
School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter.
CVE-2018-18792 1 Zzcms 1 Zzcms 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie.
CVE-2018-18791 1 Zzcms 1 Zzcms 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie.
CVE-2018-18790 1 Zzcms 1 Zzcms 2024-11-21 6.5 MEDIUM 7.2 HIGH
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/special_add.php via a zxbigclassid cookie. (This needs an admin user login.)
CVE-2018-18789 1 Zzcms 1 Zzcms 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php.
CVE-2018-18788 1 Zzcms 1 Zzcms 2024-11-21 6.5 MEDIUM 7.2 HIGH
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/classmanage.php via the tablename parameter. (This needs an admin user login.)
CVE-2018-18787 1 Zzcms 1 Zzcms 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie.
CVE-2018-18786 1 Zzcms 1 Zzcms 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie.
CVE-2018-18785 1 Zzcms 1 Zzcms 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php.
CVE-2018-18784 1 Zzcms 1 Zzcms 2024-11-21 6.5 MEDIUM 7.2 HIGH
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/tagmanage.php via the tabletag parameter. (This needs an admin user login.)
CVE-2018-18763 1 Saltos 1 Saltos 2024-11-21 7.5 HIGH 9.8 CRITICAL
SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection.
CVE-2018-18761 1 Saltos 1 Saltos 2024-11-21 7.5 HIGH 9.8 CRITICAL
SaltOS 3.1 r8126 allows action=login&querystring=&user=[SQL] SQL Injection.
CVE-2018-18758 1 Open Faculty Evaluation System Project 1 Open Faculty Evaluation System 2024-11-21 7.5 HIGH 9.8 CRITICAL
Open Faculty Evaluation System 7 for PHP 7 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18757.
CVE-2018-18757 1 Open Faculty Evaluation System Project 1 Open Faculty Evaluation System 2024-11-21 7.5 HIGH 9.8 CRITICAL
Open Faculty Evaluation System 5.6 for PHP 5.6 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18758.
CVE-2018-18755 1 K-iwi 1 K-iwi 2024-11-21 7.5 HIGH 9.8 CRITICAL
K-iwi Framework 1775 has SQL Injection via the admin/user/group/update user_group_id parameter or the admin/user/user/update user_id parameter.
CVE-2018-18705 1 Phptpoint 1 Hospital Management System 2024-11-21 7.5 HIGH 9.8 CRITICAL
PhpTpoint hospital management system suffers from multiple SQL injection vulnerabilities via the index.php user parameter associated with LOGIN.php, or the rno parameter to ALIST.php, DUNDEL.php, PDEL.php, or PUNDEL.php.
CVE-2018-18704 1 Phptpoint 1 Pharmacy Management System 2024-11-21 7.5 HIGH 9.8 CRITICAL
PhpTpoint Pharmacy Management System suffers from a SQL injection vulnerability in the index.php username parameter.
CVE-2018-18702 1 Icmsdev 1 Icms 2024-11-21 7.5 HIGH 9.8 CRITICAL
spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion.
CVE-2018-18619 1 Advanced Comment System Project 1 Advanced Comment System 2024-11-21 7.5 HIGH 9.8 CRITICAL
internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, allowing remote attackers to execute the sqli attack via a URL in the "page" parameter. NOTE: The product is discontinued.
CVE-2018-18550 1 Serverscheck 1 Serverscheck 2024-11-21 6.5 MEDIUM 8.8 HIGH
ServersCheck Monitoring Software before 14.3.4 allows SQL Injection by an authenticated user.
CVE-2018-18546 1 Thinkphp 1 Thinkphp 2024-11-21 7.5 HIGH 9.8 CRITICAL
ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable.
CVE-2018-18530 1 Thinkphp 1 Thinkphp 2024-11-21 7.5 HIGH 9.8 CRITICAL
ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI.