Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16410 | 1 Vanillaforums | 1 Vanilla | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php.
|
|||||
| CVE-2018-16389 | 1 E107 | 1 E107 | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter.
|
|||||
| CVE-2018-16385 | 1 Thinkphp | 1 Thinkphp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string.
|
|||||
| CVE-2018-16384 | 1 Owasp | 1 Owasp Modsecurity Core Rule Set | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and b is the SQL statement to be executed.
|
|||||
| CVE-2018-16357 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order parameter.
|
|||||
| CVE-2018-16356 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter.
|
|||||
| CVE-2018-16354 | 1 Fhcrm Project | 1 Fhcrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the index.php/User/read limit parameter.
|
|||||
| CVE-2018-16353 | 1 Fhcrm Project | 1 Fhcrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the /index.php/Customer/read limit parameter.
|
|||||
| CVE-2018-16278 | 1 Phpkaiyuancms | 1 Phpopensourcecms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
phpkaiyuancms PhpOpenSourceCMS (POSCMS) V3.2.0 allows an unauthenticated user to execute arbitrary SQL commands via the diy/module/member/controllers/Api.php ajax_save_draft function with the dir parameter.
|
|||||
| CVE-2018-16251 | 1 Creatiwity | 1 Witycms | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A "search for user discovery" injection issue exists in Creatiwity wityCMS 0.6.2 via the "Utilisateur" menu. No input parameters are filtered, e.g., the /admin/user/users Nickname, email, firstname, lastname, and groupe parameters.
|
|||||
| CVE-2018-16188 | 1 Ricoh | 16 D2200, D2200 Firmware, D5500 and 13 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2018-16175 | 1 Thimpress | 1 Learnpress | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
SQL injection vulnerability in the LearnPress prior to version 3.1.0 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2018-16159 | 1 Codemenschen | 1 Gift Vouchers | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request.
|
|||||
| CVE-2018-16137 | 1 Ipbrick | 1 Ipbrick Os | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An issue was discovered in the Web Management Console in IPBRICK OS 6.3. There are multiple SQL injections.
|
|||||
| CVE-2018-16116 | 1 Sophos | 2 Sfos, Xg Firewall | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in AccountStatus.jsp in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary SQL commands via the "username" GET parameter.
|
|||||
| CVE-2018-15918 | 1 Jorani Project | 1 Jorani | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
An issue was discovered in Jorani 0.6.5. SQL Injection (error-based) allows a user of the application without permissions to read and modify sensitive information from the database used by the application via the startdate or enddate parameter to leaves/validate.
|
|||||
| CVE-2018-15904 | 1 A10networks | 1 Acos Web Application Firewall | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A10 ACOS Web Application Firewall (WAF) 2.7.1 and 2.7.2 before 2.7.2-P12, 4.1.0 before 4.1.0-P11, 4.1.1 before 4.1.1-P8, and 4.1.2 before 4.1.2-P4 mishandles the configured rules for blocking SQL injection attacks, aka A10-2017-0008.
|
|||||
| CVE-2018-15894 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL injection was discovered in /coreframe/app/admin/pay/admin/index.php in WUZHI CMS 4.1.0 via the index.php?m=pay&f=index&v=listing keyValue parameter.
|
|||||
| CVE-2018-15893 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL injection was discovered in /coreframe/app/admin/copyfrom.php in WUZHI CMS 4.1.0 via the index.php?m=core&f=copyfrom&v=listing keywords parameter.
|
|||||
| CVE-2018-15892 | 1 Freepbx | 1 Disa | 2024-11-21 | 6.0 MEDIUM | 4.3 MEDIUM |
|
FreePBX 13 and 14 has SQL Injection in the DISA module via the hangup variable on the /admin/config.php?display=disa&view=form page.
|
|||||
| CVE-2018-15873 | 1 Sapplica | 1 Sentrifugo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL Injection issue was discovered in Sentrifugo 3.2 via the deptid parameter.
|
|||||
| CVE-2018-15868 | 1 Chronoscan | 1 Chronoscan | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in ChronoScan version 1.5.4.3 and earlier allows an unauthenticated attacker to execute arbitrary SQL commands via the wcr_machineid cookie.
|
|||||
| CVE-2018-15755 | 1 Cloud Foundry | 1 Cf-networking | 2024-11-21 | 6.5 MEDIUM | 6.6 MEDIUM |
|
Cloud Foundry CF Networking Release, versions 2.11.0 prior to 2.16.0, contain an internal api endpoint vulnerable to SQL injection between Diego cells and the policy server. A remote authenticated malicious user with mTLS certs can issue arbitrary SQL queries and gain access to the policy server.
|
|||||
| CVE-2018-15447 | 1 Cisco | 1 Integrated Management Controller | 2024-11-21 | 7.5 HIGH | 6.5 MEDIUM |
|
A vulnerability in the web framework code of Cisco Integrated Management Controller (IMC) Supervisor could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application.
|
|||||
| CVE-2018-15441 | 1 Cisco | 1 Prime License Manager | 2024-11-21 | 7.5 HIGH | 9.4 CRITICAL |
|
A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted HTTP POST requests that contain malicious SQL statements to an affected application. A successful exploit could allow the attacker to modify and delete arbitrary data in the PLM da ...
Show More |
|||||
| CVE-2018-15168 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request.
|
|||||
| CVE-2018-15151 | 1 Open-emr | 1 Openemr | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in interface/de_identification_forms/find_code_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'search_term' parameter.
|
|||||
| CVE-2018-15150 | 1 Open-emr | 1 Openemr | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in interface/de_identification_forms/de_identification_screen2.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'temporary_files_dir' variable in interface/super/edit_globals.php.
|
|||||
| CVE-2018-15149 | 1 Open-emr | 1 Openemr | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in interface/forms/eye_mag/php/Anything_simple.php from library/forms.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'encounter' parameter.
|
|||||
| CVE-2018-15148 | 1 Open-emr | 1 Openemr | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in interface/patient_file/encounter/search_code.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'text' parameter.
|
|||||
| CVE-2018-15147 | 1 Open-emr | 1 Openemr | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in interface/forms_admin/forms_admin.php from library/registry.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'id' parameter.
|
|||||
| CVE-2018-15146 | 1 Open-emr | 1 Openemr | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in interface/de_identification_forms/find_immunization_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'search_term' parameter.
|
|||||
| CVE-2018-15145 | 1 Open-emr | 1 Openemr | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple SQL injection vulnerabilities in portal/add_edit_event_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) eid, (2) userid, or (3) pid parameter.
|
|||||
| CVE-2018-15144 | 1 Open-emr | 1 Openemr | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in interface/de_identification_forms/find_drug_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the search_term parameter.
|
|||||
| CVE-2018-15143 | 1 Open-emr | 1 Openemr | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple SQL injection vulnerabilities in portal/find_appt_popup_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) catid or (2) providerid parameter.
|
|||||
| CVE-2018-14968 | 1 Emlsoft Project | 1 Emlsoft | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in EMLsoft 5.4.5. upload\eml\action\action.address.php has SQL Injection via the numPerPage parameter.
|
|||||
| CVE-2018-14967 | 1 Emlsoft Project | 1 Emlsoft | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An issue was discovered in EMLsoft 5.4.5. upload\eml\action\action.user.php has SQL Injection via the numPerPage parameter.
|
|||||
| CVE-2018-14961 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
dl/dl_sendmail.php in zzcms 8.3 has SQL Injection via the sql parameter.
|
|||||
| CVE-2018-14956 | 1 Isweb | 1 Isweb | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An attacker can inject malicious queries into the application and obtain sensitive information.
|
|||||
| CVE-2018-14874 | 1 Polarisft | 1 Intellect Core Banking | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. Input passed through the code parameter in three pages as collaterals/colexe3t.jsp and /references/refsuppu.jsp and /references/refbranu.jsp is mishandled before being used in SQL queries, allowing SQL injection with an authenticated session.
|
|||||