Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10350 | 2 Linux, Trendmicro | 2 Linux Kernel, Smart Protection Server | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\_bwlists\_handler.php. Authentication is required in order to exploit this vulnerability.
|
|||||
| CVE-2018-10284 | 1 Adaltech | 1 G-ticket | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Adaltech G-Ticket v70 EME104 has SQL Injection via the mobile-loja/mensagem.asp eve_cod parameter.
|
|||||
| CVE-2018-10283 | 1 Cliquemania | 1 Loja Virtual | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
CliqueMania loja virtual 14 has SQL Injection via the patch/remote.php id parameter in a recomendar action.
|
|||||
| CVE-2018-10256 | 1 Hrsale Project | 1 Hrsale | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A SQL Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to directly modify the SQL query.
|
|||||
| CVE-2018-10225 | 1 Thinkphp | 1 Thinkphp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
thinkphp 3.1.3 has SQL Injection via the index.php s parameter.
|
|||||
| CVE-2018-10197 | 1 Elo | 1 Access Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
There is a time-based blind SQL injection vulnerability in the Access Manager component before 9.18.040 and 10.x before 10.18.040 in ELO ELOenterprise 9 and 10 and ELOprofessional 9 and 10 that makes it possible to read all database content. The vulnerability exists in the ticket HTTP GET parameter. For example, one can succeed in reading the password hash of the administrator user in the "userdata" table from the "eloam" database.
|
|||||
| CVE-2018-10094 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes.
|
|||||
| CVE-2018-10050 | 1 Iscripts | 1 Eswap | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
iScripts eSwap v2.4 has SQL injection via the "registration_settings.php" ddlFree parameter in the Admin Panel.
|
|||||
| CVE-2018-1002000 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request.
|
|||||
| CVE-2018-1000890 | 1 Frontaccounting | 1 Frontaccounting | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application.
|
|||||
| CVE-2018-1000871 | 1 Digitaldruid | 1 Hoteldruid | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "id_utente_mod" parameter in gestione_utenti.php file that can result in An attacker can dump all the database records of backend webserver. This attack appear to be exploitable via the attack can be done by anyone via specially crafted sql query passed to the "id_utente_mod=1" parameter.
|
|||||
| CVE-2018-1000869 | 1 Phpipam | 1 Phpipam | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
phpIPAM version 1.3.2 contains a CWE-89 vulnerability in /app/admin/nat/item-add-submit.php that can result in SQL Injection.. This attack appear to be exploitable via Rough user, exploiting the vulnerability to access information he/she does not have access to.. This vulnerability appears to have been fixed in 1.4.
|
|||||
| CVE-2018-1000867 | 1 Webidsupport | 1 Webid | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions*.php scripts that can result in Database Read via Blind SQL Injection. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f.
|
|||||
| CVE-2018-1000653 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
zzcms version 8.3 and earlier contains a SQL Injection vulnerability in zt/top.php line 5 that can result in could be attacked by sql injection in zzcms in nginx. This attack appear to be exploitable via running zzcms in nginx.
|
|||||
| CVE-2018-1000650 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters.
|
|||||
| CVE-2018-1000631 | 1 Battelle | 1 V2i Hub | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Battelle V2I Hub 3.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the tmx/TmxCtl/src/lib/PluginStatus.cpp and TmxControl::user_info() function, which could allow the attacker to view, add, modify or delete information in the back-end database.
|
|||||
| CVE-2018-1000630 | 1 Battelle | 1 V2i Hub | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Battelle V2I Hub 2.5.1 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to /api/PluginStatusActions.php and /status/pluginStatus.php using the jtSorting or id parameter, which could allow the attacker to view, add, modify or delete information in the back-end database.
|
|||||
| CVE-2018-1000558 | 1 Ocsinventory-ng | 1 Ocsinventory Ng | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database. This attack appear to be exploitable via By sending crafted requests it is possible to gain database access. This vulnerability appears to have been fixed in 2.4.1.
|
|||||
| CVE-2018-1000552 | 1 Trovebox | 1 Trovebox | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Trovebox version <= 4.0.0-rc6 contains a SQL Injection vulnerability in album component that can result in SQL code injection. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed.
|
|||||
| CVE-2018-1000131 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Pradeep Makone wordpress Support Plus Responsive Ticket System version 9.0.2 and earlier contains a SQL Injection vulnerability in the function to get tickets, the parameter email in cookie was injected that can result in filter the parameter. This attack appear to be exploitable via web site, without login. This vulnerability appears to have been fixed in 9.0.3 and later.
|
|||||
| CVE-2018-1000044 | 1 Securityonion | 1 Squert | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Security Onion Solutions Squert version 1.1.1 through 1.6.7 contains a SQL Injection vulnerability in .inc/callback.php that can result in execution of SQL commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the sensors parameter, used in ec(). This vulnerability appears to have been fixed in 1.7.0.
|
|||||
| CVE-2018-0685 | 1 Neo | 1 Debun Pop | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in the Denbun POP version V3.3P R4.0 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via HTTP requests for mail search.
|
|||||
| CVE-2018-0607 | 1 Cybozu | 1 Garoon | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2018-0606 | 1 Pixelpost | 1 Pixelpost | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
SQL injection vulnerability in the Pixelpost v1.7.3 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2018-0530 | 1 Cybozu | 1 Garoon | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2018-0404 | 1 Cisco | 2 Rv180w Wireless-n Multifunction Vpn Router, Rv220w Wireless Network Security Firewall | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could al ...
Show More |
|||||
| CVE-2018-0320 | 1 Cisco | 2 Prime Collaboration, Prime Collaboration Provisioning | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation on user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.1 and prior. ...
Show More |
|||||
| CVE-2018-0225 | 1 Cisco | 1 Appdynamics App Iq | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The Enterprise Console in Cisco AppDynamics App iQ Platform before 4.4.3.10598 (HF4) allows SQL injection, aka the Security Advisory 2089 issue.
|
|||||
| CVE-2018-0120 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct an SQL injection attack against an affected system. The vulnerability exists because the affected software fails to validate user-supplied input in certain SQL queries that bypass protection filters. An attacker could exploit this vulnerability by submitting crafted HTTP requests that contain malicious SQL statements to an affected system. A successful exploit cou ...
Show More |
|||||
| CVE-2017-9839 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php (type parameter).
|
|||||
| CVE-2017-9426 | 1 Facetag Project | 1 Facetag | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection via the imageId parameter in a facetag.changeTag or facetag.listTags action.
|
|||||
| CVE-2017-7997 | 1 Gespage | 1 Gespage | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow remote attackers to execute arbitrary SQL commands via the (1) show_prn parameter to webapp/users/prnow.jsp or show_month parameter to (2) webapp/users/blhistory.jsp or (3) webapp/users/prhistory.jsp.
|
|||||
| CVE-2017-7351 | 1 Vanderbilt | 1 Redcap | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
|
A SQL injection issue exists in a file upload handler in REDCap 7.x before 7.0.11 via a trailing substring to SendITController:upload.
|
|||||
| CVE-2017-5971 | 1 Newsbee Project | 1 Newsbee | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in NewsBee CMS allow remote attackers to execute arbitrary SQL commands.
|
|||||
| CVE-2017-5814 | 1 Hp | 1 Network Automation | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A remote sql injection authentication bypass in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
|
|||||
| CVE-2017-5812 | 1 Hp | 1 Network Automation | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A remote sql information disclosure vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
|
|||||
| CVE-2017-5810 | 1 Hp | 1 Network Automation | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A remote sql injection vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
|
|||||
| CVE-2017-3181 | 1 Tibco | 7 Spotfire Analyst, Spotfire Client, Spotfire Connectors and 4 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The following products and versions are affected: TIBCO Spotfire Analyst 7.7.0 TIBCO Spotfire Connectors 7.6.0 TIBCO Spotfire Deployment Kit 7.7.0 TIBCO Spot ...
Show More |
|||||
| CVE-2017-20173 | 1 Contentmap Project | 1 Contentmap | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
|
A vulnerability was found in AlexRed contentmap. It has been rated as critical. Affected by this issue is the function Load of the file contentmap.php. The manipulation of the argument contentid leads to sql injection. The name of the patch is dd265d23ff4abac97422835002c6a47f45ae2a66. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218492.
|
|||||
| CVE-2017-20172 | 1 Soundslike Project | 1 Soundslike | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
|
A vulnerability was found in ridhoq soundslike. It has been classified as critical. Affected is the function get_song_relations of the file app/api/songs.py. The manipulation leads to sql injection. The patch is identified as 90bb4fb667d9253d497b619b9adaac83bf0ce0f8. It is recommended to apply a patch to fix this issue. VDB-218490 is the identifier assigned to this vulnerability.
|
|||||