Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17397 | 1 Multiplanet | 1 Alphaindex Dictionaries | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the AlphaIndex Dictionaries 1.0 component for Joomla! via the letter parameter.
|
|||||
| CVE-2018-17394 | 1 Osthemeclub | 1 Timetable Schedule | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the Timetable Schedule 3.6.8 component for Joomla! via the eid parameter.
|
|||||
| CVE-2018-17393 | 1 Healthnode Hospital Management System Project | 1 Healthnode Hospital Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in HealthNode Hospital Management System 1.0 via the id parameter to dashboard/Patient/info.php or dashboard/Patient/patientdetails.php.
|
|||||
| CVE-2018-17391 | 1 Super Cms Blog Pro Project | 1 Super Cms Blog Pro | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via the author parameter.
|
|||||
| CVE-2018-17388 | 1 Ranksol | 1 Twilio Web To Fax Machine System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in Twilio WEB To Fax Machine System 1.0 via the email or password parameter to login_check.php, or the id parameter to add_email.php or edit_content.php.
|
|||||
| CVE-2018-17386 | 1 Thephpfactory | 1 Micro Deal Factory | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the Micro Deal Factory 2.4.0 component for Joomla! via the id parameter, or the PATH_INFO to mydeals/ or listdeals/.
|
|||||
| CVE-2018-17385 | 1 Thephpfactory | 1 Social Factory | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the Social Factory 3.8.3 component for Joomla! via the radius[lat], radius[lng], or radius[radius] parameter.
|
|||||
| CVE-2018-17384 | 1 Thephpfactory | 1 Swap Factory | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the Swap Factory 2.2.1 component for Joomla! via the filter_order_Dir or filter_order parameter.
|
|||||
| CVE-2018-17383 | 1 Thephpfactory | 1 Collection Factory | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the Collection Factory 4.1.9 component for Joomla! via the filter_order or filter_order_Dir parameter.
|
|||||
| CVE-2018-17382 | 1 Thephpfactory | 1 Jobs Factory | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the Jobs Factory 2.0.4 component for Joomla! via the filter_letter parameter.
|
|||||
| CVE-2018-17381 | 1 Thephpfactory | 1 Dutch Auction Factory | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the Dutch Auction Factory 2.0.2 component for Joomla! via the filter_order_Dir or filter_order parameter.
|
|||||
| CVE-2018-17380 | 1 Thephpfactory | 1 Article Factory Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the Article Factory Manager 4.3.9 component for Joomla! via the start_date, m_start_date, or m_end_date parameter.
|
|||||
| CVE-2018-17379 | 1 Thephpfactory | 1 Raffle Factory | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the Raffle Factory 3.5.2 component for Joomla! via the filter_order_Dir or filter_order parameter.
|
|||||
| CVE-2018-17378 | 1 Thephpfactory | 1 Penny Auction Factory | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the Penny Auction Factory 2.0.4 component for Joomla! via the filter_order_Dir or filter_order parameter.
|
|||||
| CVE-2018-17377 | 1 Extensiondeveloper | 1 Questions | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the Questions 1.4.3 component for Joomla! via the term, userid, users, or groups parameter.
|
|||||
| CVE-2018-17376 | 1 Thephpfactory | 1 Reverse Auction Factory | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the Reverse Auction Factory 4.3.8 component for Joomla! via the filter_order_Dir, cat, or filter_letter parameter.
|
|||||
| CVE-2018-17375 | 1 Joomlathat | 1 Music Collection | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the Music Collection 3.0.3 component for Joomla! via the id parameter.
|
|||||
| CVE-2018-17374 | 1 Thephpfactory | 1 Auction Factory | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the Auction Factory 4.5.5 component for Joomla! via the filter_order_Dir or filter_order parameter.
|
|||||
| CVE-2018-17283 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Injection attack via the /api/json/device/setManaged name parameter.
|
|||||
| CVE-2018-17254 | 1 Arkextensions | 1 Jck Editor | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.
|
|||||
| CVE-2018-17243 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows SQL Injection.
|
|||||
| CVE-2018-17232 | 1 Slack Archivebot Project | 1 Slack Archivebot | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in archivebot.py in docmarionum1 Slack ArchiveBot (aka slack-archive-bot) before 2018-09-19 allows remote attackers to execute arbitrary SQL commands via the text parameter to cursor.execute().
|
|||||
| CVE-2018-17181 | 1 Open-emr | 1 Openemr | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in OpenEMR before 5.0.1 Patch 7. SQL Injection exists in the SaveAudit function in /portal/lib/paylib.php and the portalAudit function in /portal/lib/appsql.class.php.
|
|||||
| CVE-2018-17179 | 1 Open-emr | 1 Openemr | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL Injection in the make_task function in /interface/forms/eye_mag/php/taskman_functions.php via /interface/forms/eye_mag/taskman.php.
|
|||||
| CVE-2018-17136 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php via a Client-Ip HTTP header.
|
|||||
| CVE-2018-17129 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
MetInfo 6.1.0 has SQL injection in doexport() in app/system/feedback/admin/feedback_admin.class.php via the class1 field.
|
|||||
| CVE-2018-17110 | 1 Tecdiary | 1 Simple Pos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Simple POS 4.0.24 allows SQL Injection via a products/get_products/ columns[0][search][value] parameter in the management panel, as demonstrated by products/get_products/1.
|
|||||
| CVE-2018-17092 | 1 I4a | 1 Donlinkage | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
An issue was discovered in DonLinkage 6.6.8. SQL injection in /pages/proxy/php.php and /pages/proxy/add.php can be exploited via specially crafted input, allowing an attacker to obtain information from a database. The vulnerability can only be triggered by an authorized user.
|
|||||
| CVE-2018-17048 | 1 Fangfa | 1 Fdcms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
admin/Lib/Action/FpluginAction.class.php in FDCMS (aka Fangfa Content Manage System) 4.2 allows SQL Injection.
|
|||||
| CVE-2018-17035 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter.
|
|||||
| CVE-2018-16850 | 3 Canonical, Postgresql, Redhat | 3 Ubuntu Linux, Postgresql, Enterprise Linux | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.
|
|||||
| CVE-2018-16822 | 1 Seacms | 1 Seacms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter.
|
|||||
| CVE-2018-16809 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.
|
|||||
| CVE-2018-16803 | 1 Cimtechniques | 1 Cimscan | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows attackers to execute SQL code.
|
|||||
| CVE-2018-16762 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or search_term parameter to pages/items.
|
|||||
| CVE-2018-16724 | 1 Baijiacms Project | 1 Baijiacms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request.
|
|||||
| CVE-2018-16659 | 1 Rausoft | 1 Id.prove | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xp_cmdshell for the further privilege elevation.
|
|||||
| CVE-2018-16445 | 1 Seacms | 1 Seacms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in SeaCMS through 6.61. SQL injection exists via the tid parameter in an adm1n/admin_topic_vod.php request.
|
|||||
| CVE-2018-16436 | 1 Gxlcms | 1 Gxlcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Gxlcms 2.0 before bug fix 20180915 has SQL Injection exploitable by an administrator.
|
|||||
| CVE-2018-16432 | 1 Bluecms Project | 1 Bluecms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
BlueCMS 1.6 allows SQL Injection via the user_name parameter to uploads/user.php?act=index_login.
|
|||||