Total
14640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14066 | 3 Google, Infinixmobility, Lenovo | 3 Android, Infinix X571, Lenovo A7020 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READ_SMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo phones (such as the A7020) that have since been fixed by Lenovo. | |||||
| CVE-2018-14058 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Pimcore before 5.3.0 allows SQL Injection via the REST web service API. | |||||
| CVE-2018-14012 | 1 Wolfsight | 1 Wolfsight Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| WolfSight CMS 3.2 allows SQL injection via the PATH_INFO to the default URI. | |||||
| CVE-2018-13850 | 1 Icanstudioz | 1 Firebase Push Notification On Ios \/ Fcm \+ Advance Admin Panel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The "Firebase Cloud Messaging (FCM) + Advance Admin Panel" component supporting Firebase Push Notification on iOS (through 2017-10-26) allows SQL injection via the /advance_push/public/login username parameter. | |||||
| CVE-2018-13824 | 2 Broadcom, Ca | 2 Project Portfolio Management, Project Portfolio Management | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks. | |||||
| CVE-2018-13792 | 1 Abbyy | 1 Flexicapture | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCapture before 12 Release 2 allow an attacker to execute arbitrary SQL commands via the mask, sortOrder, filter, or Order parameter. | |||||
| CVE-2018-13450 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the status_batch parameter. | |||||
| CVE-2018-13449 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut_buy parameter. | |||||
| CVE-2018-13448 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter. | |||||
| CVE-2018-13447 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter. | |||||
| CVE-2018-13442 | 1 Solarwinds | 1 Network Performance Monitor | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SolarWinds Network Performance Monitor 12.3 allows SQL Injection via the /api/ActiveAlertsOnThisEntity/GetActiveAlerts TriggeringObjectEntityNames parameter. | |||||
| CVE-2018-13350 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter. | |||||
| CVE-2018-13116 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| /user/del.php in zzcms 8.3 allows SQL injection via the tablename parameter after leveraging use of the zzcms_ask table. | |||||
| CVE-2018-13050 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request. | |||||
| CVE-2018-13049 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php. | |||||
| CVE-2018-13045 | 1 Yeswiki | 1 Cercopitheque | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the "Bazar" page in Yeswiki Cercopitheque 2018-06-19-1 and earlier allows attackers to execute arbitrary SQL commands via the "id" parameter. | |||||
| CVE-2018-12977 | 1 Softexpert | 1 Excellence Suite | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability in the SoftExpert (SE) Excellence Suite 2.0 allows remote authenticated users to perform SQL heuristics by pulling information from the database with the "cddocument" parameter in the "Downloading Electronic Documents" section. | |||||
| CVE-2018-12942 | 1 Seeddms | 1 Seeddms | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| SQL injection vulnerability in the "Users management" functionality in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows authenticated attackers to manipulate an SQL query within the application by sending additional SQL commands to the application server. An attacker can use this vulnerability to perform malicious tasks such as to extract, change, or delete sensitive information within the database supporting the application, and potentially run system commands on the underlying operating system. | |||||
| CVE-2018-12912 | 1 Hongcms Project | 1 Hongcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. There is a SQL Injection vulnerability via an admin/index.php/database/operate?dbaction=emptytable&tablename= URI. | |||||
| CVE-2018-12636 | 1 Ithemes | 1 Security | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page. | |||||