Total
14524 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-25066 | 1 Nodebatis Project | 1 Nodebatis | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in PeterMu nodebatis up to 2.1.x. It has been classified as critical. Affected is an unknown function. The manipulation leads to sql injection. Upgrading to version 2.2.0 is able to address this issue. The patch is identified as 6629ff5b7e3d62ad8319007a54589ec1f62c7c35. It is recommended to upgrade the affected component. VDB-217554 is the identifier assigned to this vulnerability. | |||||
| CVE-2018-25057 | 1 Mikebharris | 1 Simple Php Link Shortener | 2024-11-21 | N/A | 5.5 MEDIUM |
| A vulnerability was found in simple_php_link_shortener. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument $link["id"] leads to sql injection. The name of the patch is b26ac6480761635ed94ccb0222ba6b732de6e53f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216996. | |||||
| CVE-2018-21022 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter. | |||||
| CVE-2018-21021 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter. | |||||
| CVE-2018-21004 | 1 Carrcommunications | 1 Rsvpmaker | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection. | |||||
| CVE-2018-21003 | 1 Themekraft | 1 Buddyforms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The buddyforms plugin before 2.2.8 for WordPress has SQL injection. | |||||
| CVE-2018-20887 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| cPanel before 74.0.0 allows SQL injection during database backups (SEC-420). | |||||
| CVE-2018-20779 | 1 Traq | 1 Traq | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Traq 3.7.1 allows SQL Injection via a tickets?search= URI. | |||||
| CVE-2018-20770 | 1 Xerox | 58 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 55 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is Blind SQL Injection. | |||||
| CVE-2018-20730 | 1 Nedi | 1 Nedi | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL injection vulnerability in NeDi before 1.7Cp3 allows any user to execute arbitrary SQL read commands via the query.php component. | |||||
| CVE-2018-20719 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter. | |||||
| CVE-2018-20716 | 1 Cubecart | 1 Cubecart | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature. | |||||
| CVE-2018-20715 | 1 Oxid-esales | 1 Eshop | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php. | |||||
| CVE-2018-20713 | 1 Shopware | 1 Shopware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Shopware before 5.4.3 allows SQL Injection by remote authenticated users, aka SW-21404. | |||||
| CVE-2018-20678 | 1 Librenms | 1 Librenms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search. | |||||
| CVE-2018-20572 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893. | |||||
| CVE-2018-20569 | 1 Generic Content Management System Project | 1 Generic Content Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| user/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass. | |||||
| CVE-2018-20568 | 1 Generic Content Management System Project | 1 Generic Content Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Administrator/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass. | |||||
| CVE-2018-20556 | 1 Booking Calendar Project | 1 Booking Calendar | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the booking_id parameter. | |||||
| CVE-2018-20508 | 1 Crashfix Project | 1 Crashfix | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CrashFix 1.0.4 has SQL Injection via the User[status] parameter. This is related to actionIndex in UserController.php, and the protected\models\User.php search() function. | |||||