Total
14524 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11722 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard coded. | |||||
| CVE-2018-11643 | 1 Dialogic | 1 Powermedia Xms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to execute arbitrary SQL commands via the filterPattern parameter. | |||||
| CVE-2018-11589 | 1 Centreon | 2 Centreon, Centreon Web | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php. | |||||
| CVE-2018-11535 | 1 Sitemakin | 1 Slac | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in SITEMAKIN SLAC (Site Login and Access Control) v1.0. The parameter "my_item_search" in users.php is exploitable using SQL injection. | |||||
| CVE-2018-11528 | 1 Wuzhicms | 1 Wuzhi Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI. | |||||
| CVE-2018-11515 | 1 Gvectors | 1 Wpforo | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| The wpForo plugin through 2018-02-05 for WordPress has SQL Injection via a search with the /forum/ wpfo parameter. | |||||
| CVE-2018-11511 | 1 Asustor | 1 Asustor Data Master | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'album_id' or 'scope' parameter via a photo-gallery/api/album/tree_lists/ URI. | |||||
| CVE-2018-11470 | 1 Iscripts | 1 Eswap | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel. | |||||
| CVE-2018-11444 | 1 Easyservice Billing Project | 1 Easyservice Billing | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection issue was observed in the parameter "q" in jobcard-ongoing.php in EasyService Billing 1.0. | |||||
| CVE-2018-11414 | 1 Bearadmin Project | 1 Bearadmin | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in BearAdmin 0.5. There is admin/admin_log/index.html?user_id= SQL injection because admin\controller\AdminLog.php constructs a MySQL query improperly. | |||||
| CVE-2018-11373 | 1 Iscripts | 1 Eswap | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter. | |||||
| CVE-2018-11372 | 1 Iscripts | 1 Eswap | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter. | |||||
| CVE-2018-11369 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PbootCMS v1.0.9. There is a SQL Injection that can get important information from the database via the \apps\home\controller\ParserController.php scode parameter. | |||||
| CVE-2018-11309 | 1 Membermouse | 1 Membermouse | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Blind SQL injection in coupon_code in the MemberMouse plugin 2.2.8 and prior for WordPress allows an unauthenticated attacker to dump the WordPress MySQL database via an applyCoupon action in an admin-ajax.php request. | |||||
| CVE-2018-11231 | 1 Divido | 1 Divido | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| In the Divido plugin for OpenCart, there is SQL injection. Attackers can use SQL injection to get some confidential information. | |||||
| CVE-2018-11140 | 1 Quest | 1 Kace System Management Appliance | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The 'reportID' parameter received by the '/common/run_report.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, an error-based type). | |||||
| CVE-2018-11136 | 1 Quest | 1 Kace System Management Appliance | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The 'orgID' parameter received by the '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, a blind time-based type). | |||||
| CVE-2018-11065 | 1 Rsa | 1 Archer | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| The WorkPoint component, which is embedded in all RSA Archer, versions 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7 and 6.4.x prior to 6.4.0.1, contains a SQL injection vulnerability. A malicious user could potentially exploit this vulnerability to execute SQL commands on the back-end database to read certain data. Embedded WorkPoint is upgraded to version 4.10.16, which contains a fix for the vulnerability. | |||||
| CVE-2018-11032 | 1 Gouguoyin | 1 Phprap | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| PHPRAP 1.0.4 through 1.0.8 has SQL Injection via the application/home/controller/project.php search() function. | |||||
| CVE-2018-10997 | 1 Etere | 1 Etereweb | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Etere EtereWeb before 28.1.20 has a pre-authentication blind SQL injection in the POST parameters txUserName and txPassword. | |||||