Total
14648 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6398 | 1 Joomlacalendars | 1 Event Calendar | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the CP Event Calendar 3.0.1 component for Joomla! via the id parameter in a task=load action. | |||||
| CVE-2018-6396 | 1 Google Map Landkarten Project | 1 Google Map Landkarten | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map parameter in a layout=default action. | |||||
| CVE-2018-6395 | 1 Joomlacalendars | 1 Visual Calendar | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla! via the id parameter in a view=load action. | |||||
| CVE-2018-6394 | 1 Techjoomla | 1 Invitex | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the InviteX 3.0.5 component for Joomla! via the invite_type parameter in a view=invites action. | |||||
| CVE-2018-6393 | 1 Sangoma | 1 Freepbx | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... [or] run shell scripts ... once ... logged in to the administration interface; there is no need to try to find input validation errors. | |||||
| CVE-2018-6382 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. NOTE: the vendor disputes the significance of this report because server.php is intended to execute arbitrary SQL statements on behalf of authenticated users from 127.0.0.1, and the issue does not have an authentication bypass | |||||
| CVE-2018-6376 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message. | |||||
| CVE-2018-6373 | 1 Fastballproductions | 1 Fastball | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Fastball 2.5 component for Joomla! via the season parameter in a view=player action. | |||||
| CVE-2018-6372 | 1 Joombooking | 1 Jb Bus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JB Bus 2.3 component for Joomla! via the order_number parameter. | |||||
| CVE-2018-6370 | 1 Neojoomla | 1 Neorecruit | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via the (1) PATH_INFO or (2) name of a .html file under the all-offers/ URI. | |||||
| CVE-2018-6368 | 1 Comdev | 1 Jomestate Pro | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JomEstate PRO through 3.7 component for Joomla! via the id parameter in a task=detailed action. | |||||
| CVE-2018-6367 | 1 Vastal | 1 I-tech Buddy Zone Facebook Clone | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via the /chat_im/chat_window.php request_id parameter or the /search_events.php category parameter. | |||||
| CVE-2018-6365 | 1 Datacomponents | 1 Tsitebuilder | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in TSiteBuilder 1.0 via the id parameter to /site.php, /pagelist.php, or /page_new.php. | |||||
| CVE-2018-6364 | 1 Multilanguage Real Estate Mlm Script Project | 1 Multilanguage Real Estate Mlm Script | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list.php srch parameter. | |||||
| CVE-2018-6363 | 1 Taskrabbit Clone Project | 1 Taskrabbit Clone | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Task Rabbit Clone 1.0 via the single_blog.php id parameter. | |||||
| CVE-2018-6330 | 1 Laravel | 1 Framework | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters. | |||||
| CVE-2018-6329 | 1 Unitrends | 1 Backup | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, allowing a remote attacker to place a privilege escalation exploit on the target system and subsequently execute arbitrary commands. | |||||
| CVE-2018-6308 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and below via the track parameter to modules\Campaigns\Tracker.php and modules\Campaigns\utils.php, the default_currency_name parameter to modules\Configurator\controller.php and modules\Currencies\Currency.php, the duplicate parameter to modules\Contacts\ShowDuplicates.php, the mergecur parameter to modules\Currencies\index.php and modules\Opportunities\Opportunity.php, and the load_signed_id parameter to modules\Documents\Document.php. | |||||
| CVE-2018-6230 | 1 Trendmicro | 1 Email Encryption Gateway | 2024-11-21 | 8.3 HIGH | 6.8 MEDIUM |
| A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 search configuration script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system. | |||||
| CVE-2018-6229 | 1 Trendmicro | 1 Email Encryption Gateway | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system. | |||||