Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14623 | 1 Theforeman | 1 Katello | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is vulnerable.
|
|||||
| CVE-2018-14592 | 1 Cwjoomla | 2 Cw Article Attachments Free, Cw Article Attachments Pro | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php.
|
|||||
| CVE-2018-14515 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter.
|
|||||
| CVE-2018-14502 | 1 Kibokolabs | 1 Chained Quiz | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters.
|
|||||
| CVE-2018-14501 | 1 Joyplus Project | 1 Joyplus-cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data beginning with an "m_id=1 AND SLEEP(5)" substring.
|
|||||
| CVE-2018-14472 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
An issue was discovered in WUZHI CMS 4.1.0. The vulnerable file is coreframe/app/order/admin/goods.php. The $keywords parameter is taken directly into execution without any filtering, leading to SQL injection.
|
|||||
| CVE-2018-14440 | 1 Ssh Companywebsite Project | 1 Ssh Companywebsite | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. SQL injection exists via the admin/noticeManageAction_queryNotice.action noticeInfo parameter.
|
|||||
| CVE-2018-14418 | 1 Msvod | 1 Msvod Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In Msvod Cms v10, SQL Injection exists via an images/lists?cid= URI.
|
|||||
| CVE-2018-14389 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val parameter.
|
|||||
| CVE-2018-14066 | 3 Google, Infinixmobility, Lenovo | 3 Android, Infinix X571, Lenovo A7020 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READ_SMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo phones (such as the A7020) that have since been fixed by Lenovo.
|
|||||
| CVE-2018-14058 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Pimcore before 5.3.0 allows SQL Injection via the REST web service API.
|
|||||
| CVE-2018-14012 | 1 Wolfsight | 1 Wolfsight Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
WolfSight CMS 3.2 allows SQL injection via the PATH_INFO to the default URI.
|
|||||
| CVE-2018-13850 | 1 Icanstudioz | 1 Firebase Push Notification On Ios \/ Fcm \+ Advance Admin Panel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The "Firebase Cloud Messaging (FCM) + Advance Admin Panel" component supporting Firebase Push Notification on iOS (through 2017-10-26) allows SQL injection via the /advance_push/public/login username parameter.
|
|||||
| CVE-2018-13824 | 2 Broadcom, Ca | 2 Project Portfolio Management, Project Portfolio Management | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks.
|
|||||
| CVE-2018-13792 | 1 Abbyy | 1 Flexicapture | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCapture before 12 Release 2 allow an attacker to execute arbitrary SQL commands via the mask, sortOrder, filter, or Order parameter.
|
|||||
| CVE-2018-13450 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the status_batch parameter.
|
|||||
| CVE-2018-13449 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut_buy parameter.
|
|||||
| CVE-2018-13448 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter.
|
|||||
| CVE-2018-13447 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter.
|
|||||
| CVE-2018-13442 | 1 Solarwinds | 1 Network Performance Monitor | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SolarWinds Network Performance Monitor 12.3 allows SQL Injection via the /api/ActiveAlertsOnThisEntity/GetActiveAlerts TriggeringObjectEntityNames parameter.
|
|||||
| CVE-2018-13350 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter.
|
|||||
| CVE-2018-13116 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
/user/del.php in zzcms 8.3 allows SQL injection via the tablename parameter after leveraging use of the zzcms_ask table.
|
|||||
| CVE-2018-13050 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request.
|
|||||
| CVE-2018-13049 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php.
|
|||||
| CVE-2018-13045 | 1 Yeswiki | 1 Cercopitheque | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in the "Bazar" page in Yeswiki Cercopitheque 2018-06-19-1 and earlier allows attackers to execute arbitrary SQL commands via the "id" parameter.
|
|||||
| CVE-2018-12977 | 1 Softexpert | 1 Excellence Suite | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A SQL injection vulnerability in the SoftExpert (SE) Excellence Suite 2.0 allows remote authenticated users to perform SQL heuristics by pulling information from the database with the "cddocument" parameter in the "Downloading Electronic Documents" section.
|
|||||
| CVE-2018-12942 | 1 Seeddms | 1 Seeddms | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
SQL injection vulnerability in the "Users management" functionality in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows authenticated attackers to manipulate an SQL query within the application by sending additional SQL commands to the application server. An attacker can use this vulnerability to perform malicious tasks such as to extract, change, or delete sensitive information within the database supporting the application, and potentially run system commands on the underlying operatin ...
Show More |
|||||
| CVE-2018-12912 | 1 Hongcms Project | 1 Hongcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. There is a SQL Injection vulnerability via an admin/index.php/database/operate?dbaction=emptytable&tablename= URI.
|
|||||
| CVE-2018-12636 | 1 Ithemes | 1 Security | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page.
|
|||||
| CVE-2018-12630 | 1 Nmark | 1 Nmcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the sect_id parameter to the /catalog URI.
|
|||||
| CVE-2018-12534 | 1 Quick Chat Project | 1 Quick Chat | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL injection issue was discovered in the Quick Chat plugin before 4.00 for WordPress.
|
|||||
| CVE-2018-12498 | 1 Icmsdev | 1 Icms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php.
|
|||||
| CVE-2018-12482 | 1 Ocsinventory-ng | 1 Ocsinventory Ng | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues.
|
|||||
| CVE-2018-12470 | 1 Suse | 1 Subscription Management Tool | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.
|
|||||
| CVE-2018-12464 | 1 Microfocus | 1 Secure Messaging Gateway | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
|
A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that u ...
Show More |
|||||
| CVE-2018-12295 | 1 Seagate | 1 Nas Os | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3.15.1 allows attackers to execute arbitrary SQL commands via the dirId URL parameter.
|
|||||
| CVE-2018-12254 | 1 Harmistechnology | 1 Ek Rishta | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
router.php in the Harmis Ek rishta (aka ek-rishta) 2.10 component for Joomla! allows SQL Injection via the PATH_INFO to a home/requested_user/Sent%20interest/ URI.
|
|||||
| CVE-2018-12250 | 1 Elitecms | 1 Elite Cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
An issue was discovered in Elite CMS Pro 2.01. In /admin/add_sidebar.php, the ?page= parameter is vulnerable to SQL injection.
|
|||||
| CVE-2018-12110 | 1 Portfoliocms Project | 1 Portfoliocms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
portfolioCMS 1.0.5 has SQL Injection via the admin/portfolio.php preview parameter.
|
|||||
| CVE-2018-12055 | 1 Schools Alert Management Script Project | 1 Schools Alert Management Script | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, and so on.
|
|||||