Total
15098 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-9019 | 2 Dolibarr, Oracle | 2 Dolibarr, Data Integrator | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php. | |||||
| CVE-2018-8967 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in an adv2.php?action=modify request. | |||||
| CVE-2018-8953 | 1 Ca | 1 Workload Automation Ae | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request. | |||||
| CVE-2018-8943 | 1 Phpshe | 1 Phpshe | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| There is a SQL injection in the PHPSHE 1.6 userbank parameter. | |||||
| CVE-2018-8914 | 1 Synology | 1 Media Server | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654 allows remote attackers to execute arbitrary SQL commands via the ObjectID parameter. | |||||
| CVE-2018-8824 | 2 Prestashop, Responsive Mega Menu Pro Project | 2 Prestashop, Responsive Mega Menu Pro | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute a SQL Injection through function calls in the code parameter. | |||||
| CVE-2018-8820 | 1 Square-9 | 1 Globalforms | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Square 9 GlobalForms 6.2.x. A Time Based SQL injection vulnerability in the "match" parameter allows remote authenticated attackers to execute arbitrary SQL commands. It is possible to upgrade access to full server compromise via xp_cmdshell. In some cases, the authentication requirement for the attack can be met by sending the default admin credentials. | |||||
| CVE-2018-8802 | 1 Unisys | 2 Clearpath Eportal Manager, Eportal-2200 | 2024-11-21 | 6.5 MEDIUM | 8.1 HIGH |
| SQL injection vulnerability in the management interface in ePortal Manager allows remote attackers to execute arbitrary SQL commands via unspecified parameters. | |||||
| CVE-2018-8734 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter. | |||||
| CVE-2018-8733 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to make configuration changes and leverage an authenticated SQL injection vulnerability. | |||||
| CVE-2018-8057 | 1 Westernbridgegroup | 1 Razor | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection vulnerability exists in Western Bridge Cobub Razor 0.8.0 via the channel_name or platform parameter in a /index.php?/manage/channel/addchannel request, related to /application/controllers/manage/channel.php. | |||||
| CVE-2018-8045 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view. | |||||
| CVE-2018-7802 | 1 Schneider-electric | 2 Evlink Parking, Evlink Parking Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could give access to the web interface with full privileges. | |||||
| CVE-2018-7774 | 1 Schneider-electric | 1 U.motion Builder | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the username input parameter. | |||||
| CVE-2018-7773 | 1 Schneider-electric | 1 U.motion Builder | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the sessionid input parameter. | |||||
| CVE-2018-7772 | 1 Schneider-electric | 1 U.motion Builder | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The vulnerability exists within processing of applets which are exposed on the web service in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query to determine whether a user is logged in is subject to SQL injection on the loginSeed parameter, which can be embedded in the HTTP cookie of the request. | |||||
| CVE-2018-7769 | 1 Schneider-electric | 1 U.motion Builder | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter. | |||||
| CVE-2018-7768 | 1 Schneider-electric | 1 U.motion Builder | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The vulnerability exists within processing of loadtemplate.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the tpl input parameter. | |||||
| CVE-2018-7767 | 1 Schneider-electric | 1 U.motion Builder | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the type input parameter. | |||||
| CVE-2018-7766 | 1 Schneider-electric | 1 U.motion Builder | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The vulnerability exists within processing of track_getdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter. | |||||