Total
14648 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5979 | 1 Wchat Project | 1 Wchat | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat Script 1.5 via the login.php User field. | |||||
| CVE-2018-5978 | 1 Zechat Project | 1 Zechat | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via the login.php User field. | |||||
| CVE-2018-5977 | 1 Getaffiligator | 1 Affiligator | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Affiligator Affiliate Webshop Management System 2.1.0 via a search/?q=&price_type=range&price= request. | |||||
| CVE-2018-5975 | 1 Thekrotek | 1 Smart Shoutbox | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Smart Shoutbox 3.0.0 component for Joomla! via the shoutauthor parameter to the archive URI. | |||||
| CVE-2018-5974 | 1 Albonico | 1 Simplecalendar | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter. | |||||
| CVE-2018-5973 | 1 Eihitech | 1 Professional Local Directory Script | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Professional Local Directory Script 1.0 via the sellers_subcategories.php IndustryID parameter, or the suppliers.php IndustryID or CategoryID parameter. | |||||
| CVE-2018-5972 | 1 Quickad Project | 1 Quickad | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Classified Ads CMS Quickad 4.0 via the keywords, placeid, cat, or subcat parameter to the listing URI. | |||||
| CVE-2018-5971 | 1 Ordasoft | 1 Medialibrary | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or the mid array parameter. | |||||
| CVE-2018-5970 | 1 Techjoomla | 1 Jgive | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter. | |||||
| CVE-2018-5960 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of organizer.php or admin_boxes.ajax.php in the `Categories - Edit` module. | |||||
| CVE-2018-5778 | 1 Progress | 1 Whatsup Gold | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Multiple SQL injection vulnerabilities are present in the legacy .ASP pages, which could allow attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2018-5697 | 1 Icyphoenix | 1 Icyphoenix | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Icy Phoenix 2.2.0.105 allows SQL injection via an unapprove request to admin_kb_art.php or the order parameter to admin_jr_admin.php, related to functions_kb.php. | |||||
| CVE-2018-5696 | 1 Ijoomla | 1 Ad Agency | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL injection via the `advertiser_status` and `status_select` parameters to index.php. | |||||
| CVE-2018-5695 | 1 Wpjobboard | 1 Wpjobboard | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection via the order or sort parameter to the wpjb-job or wpjb-alerts module, with a request to wp-admin/admin.php. | |||||
| CVE-2018-5443 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. WebAccess/SCADA does not properly sanitize its inputs for SQL commands. | |||||
| CVE-2018-5404 | 1 Quest | 2 Kace Systems Management Appliance, Kace Systems Management Appliance Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. An authenticated remote attacker could leverage Blind SQL injections to obtain sensitive data. | |||||
| CVE-2018-5384 | 1 Navarino | 1 Infinity | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection. If successfully exploited the user can get info from the underlying postgresql database that could lead into to total compromise of the product. The said script is available with no authentication. | |||||
| CVE-2018-5374 | 1 Slidervilla | 1 Dbox Slider | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Dbox 3D Slider Lite plugin through 1.2.2 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter). | |||||
| CVE-2018-5373 | 1 Slidervilla | 1 Smooth Slider | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Smooth Slider plugin through 2.8.6 for WordPress has SQL Injection via smooth-slider.php (trid parameter). | |||||
| CVE-2018-5372 | 1 Slidervilla | 1 Testimonial Slider | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Testimonial Slider plugin through 1.2.4 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter). | |||||