Total
14642 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18784 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in zzcms 8.3. SQL Injection exists in admin/tagmanage.php via the tabletag parameter. (This needs an admin user login.) | |||||
| CVE-2018-18763 | 1 Saltos | 1 Saltos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection. | |||||
| CVE-2018-18761 | 1 Saltos | 1 Saltos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SaltOS 3.1 r8126 allows action=login&querystring=&user=[SQL] SQL Injection. | |||||
| CVE-2018-18758 | 1 Open Faculty Evaluation System Project | 1 Open Faculty Evaluation System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Open Faculty Evaluation System 7 for PHP 7 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18757. | |||||
| CVE-2018-18757 | 1 Open Faculty Evaluation System Project | 1 Open Faculty Evaluation System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Open Faculty Evaluation System 5.6 for PHP 5.6 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18758. | |||||
| CVE-2018-18755 | 1 K-iwi | 1 K-iwi | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| K-iwi Framework 1775 has SQL Injection via the admin/user/group/update user_group_id parameter or the admin/user/user/update user_id parameter. | |||||
| CVE-2018-18705 | 1 Phptpoint | 1 Hospital Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| PhpTpoint hospital management system suffers from multiple SQL injection vulnerabilities via the index.php user parameter associated with LOGIN.php, or the rno parameter to ALIST.php, DUNDEL.php, PDEL.php, or PUNDEL.php. | |||||
| CVE-2018-18704 | 1 Phptpoint | 1 Pharmacy Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| PhpTpoint Pharmacy Management System suffers from a SQL injection vulnerability in the index.php username parameter. | |||||
| CVE-2018-18702 | 1 Icmsdev | 1 Icms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion. | |||||
| CVE-2018-18619 | 1 Advanced Comment System Project | 1 Advanced Comment System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, allowing remote attackers to execute the sqli attack via a URL in the "page" parameter. NOTE: The product is discontinued. | |||||
| CVE-2018-18550 | 1 Serverscheck | 1 Serverscheck | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| ServersCheck Monitoring Software before 14.3.4 allows SQL Injection by an authenticated user. | |||||
| CVE-2018-18546 | 1 Thinkphp | 1 Thinkphp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable. | |||||
| CVE-2018-18530 | 1 Thinkphp | 1 Thinkphp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI. | |||||
| CVE-2018-18529 | 1 Thinkphp | 1 Thinkphp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI. | |||||
| CVE-2018-18527 | 1 Owndms | 1 Ownticket | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or editTicketStatusId parameter. | |||||
| CVE-2018-18488 | 1 Gxlcms | 1 Gxlcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL Injection exists via the ids[] parameter. | |||||
| CVE-2018-18486 | 1 Phpshe | 1 Phpshe | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PHPSHE 1.7. SQL injection exists via the admin.php?mod=user&act=del user_id[] parameter. | |||||
| CVE-2018-18476 | 1 Nedap | 1 Mysql-binuuid-rails | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns. | |||||
| CVE-2018-18450 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demonstrated by the POST data to the admin.php/Single/mod/mcode/1/id/3 URI. | |||||
| CVE-2018-18427 | 1 S-cms | 1 S-cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| s-cms 3.0 allows SQL Injection via the member/post.php 0_id parameter or the POST data to member/member_login.php. | |||||