Total
15080 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19549 | 1 Interspire | 1 Email Marketer | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Interspire Email Marketer through 6.1.6 has SQL Injection via a tagids Delete action to Dynamiccontenttags.php. | |||||
| CVE-2018-19510 | 1 Ens | 1 Webgalamb | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| subscriber.php in Webgalamb through 7.0 is vulnerable to SQL injection via the Client-IP HTTP request header. | |||||
| CVE-2018-19468 | 1 Hucart | 1 Hucart | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login URI. | |||||
| CVE-2018-19462 | 1 Phome | 1 Empirecms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php. | |||||
| CVE-2018-19436 | 1 Weberp | 1 Weberp | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in the Manufacturing component in webERP 4.15. CollectiveWorkOrderCost.php has Blind SQL Injection via the SearchParts parameter. | |||||
| CVE-2018-19435 | 1 Weberp | 1 Weberp | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter. | |||||
| CVE-2018-19434 | 1 Weberp | 1 Weberp | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered on the "Bank Account Matching - Receipts" screen of the General Ledger component in webERP 4.15. BankMatching.php has Blind SQL injection via the AmtClear_ parameter. | |||||
| CVE-2018-19415 | 1 Plikli | 1 Plikli Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Plikli CMS 4.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to join_group.php or (2) comment_id parameter to story.php. | |||||
| CVE-2018-19349 | 1 Seacms | 1 Seacms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php. | |||||
| CVE-2018-19331 | 1 S-cms | 1 S-cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in S-CMS v1.5. There is a SQL injection vulnerability in search.php via the keyword parameter. | |||||
| CVE-2018-19312 | 1 Centreon | 1 Centreon | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.24) allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI. | |||||
| CVE-2018-19281 | 1 Centreon | 1 Centreon | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection. | |||||
| CVE-2018-19271 | 1 Centreon | 1 Centreon | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) allows SQL Injection via the main.php searchH parameter. | |||||
| CVE-2018-19221 | 1 Laobancms | 1 Laobancms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in LAOBANCMS 2.0. It allows SQL Injection via the admin/login.php guanliyuan parameter. | |||||
| CVE-2018-19061 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter. | |||||
| CVE-2018-18982 | 1 Nuuo | 1 Nuuo Cms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can be used to inject SQL into an executing statement and allow arbitrary code execution. | |||||
| CVE-2018-18963 | 1 Degraupublicidade | 1 Degraupublicidade | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Busca.aspx.cs in Degrau Publicidade e Internet Plataforma de E-commerce allows SQL Injection via the busca/ URI. | |||||
| CVE-2018-18949 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings. | |||||
| CVE-2018-18923 | 1 Abisoftgt | 1 Ticketly | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters name, category_id and description in action/addproject.php; kind_id, priority_id, project_id, status_id and title in action/addticket.php; and kind_id and status_id in reports.php. | |||||
| CVE-2018-18887 | 1 S-cms | 1 S-cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field). | |||||