Total
14640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12630 | 1 Nmark | 1 Nmcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the sect_id parameter to the /catalog URI. | |||||
| CVE-2018-12534 | 1 Quick Chat Project | 1 Quick Chat | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection issue was discovered in the Quick Chat plugin before 4.00 for WordPress. | |||||
| CVE-2018-12498 | 1 Icmsdev | 1 Icms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php. | |||||
| CVE-2018-12482 | 1 Ocsinventory-ng | 1 Ocsinventory Ng | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues. | |||||
| CVE-2018-12470 | 1 Suse | 1 Subscription Management Tool | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37. | |||||
| CVE-2018-12464 | 1 Microfocus | 1 Secure Messaging Gateway | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5). | |||||
| CVE-2018-12295 | 1 Seagate | 1 Nas Os | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3.15.1 allows attackers to execute arbitrary SQL commands via the dirId URL parameter. | |||||
| CVE-2018-12254 | 1 Harmistechnology | 1 Ek Rishta | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| router.php in the Harmis Ek rishta (aka ek-rishta) 2.10 component for Joomla! allows SQL Injection via the PATH_INFO to a home/requested_user/Sent%20interest/ URI. | |||||
| CVE-2018-12250 | 1 Elitecms | 1 Elite Cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in Elite CMS Pro 2.01. In /admin/add_sidebar.php, the ?page= parameter is vulnerable to SQL injection. | |||||
| CVE-2018-12110 | 1 Portfoliocms Project | 1 Portfoliocms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| portfolioCMS 1.0.5 has SQL Injection via the admin/portfolio.php preview parameter. | |||||
| CVE-2018-12055 | 1 Schools Alert Management Script Project | 1 Schools Alert Management Script | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, and so on. | |||||
| CVE-2018-12052 | 1 Schools Alert Management Script Project | 1 Schools Alert Management Script | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php. | |||||
| CVE-2018-12039 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring. | |||||
| CVE-2018-11801 | 1 Apache | 1 Fineract | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on a m_center data related table. | |||||
| CVE-2018-11800 | 1 Apache | 1 Fineract | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table. | |||||
| CVE-2018-11774 | 1 Apache | 1 Virtual Computing Lab | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of security seem to protect against malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech. | |||||
| CVE-2018-11772 | 1 Apache | 1 Virtual Computing Lab | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Apache VCL versions 2.1 through 2.5 do not properly validate cookie input when determining what node (if any) was previously selected in the privilege tree. The cookie data is then used in an SQL statement. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of security seem to protect against malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech. | |||||
| CVE-2018-11722 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard coded. | |||||
| CVE-2018-11643 | 1 Dialogic | 1 Powermedia Xms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to execute arbitrary SQL commands via the filterPattern parameter. | |||||
| CVE-2018-11589 | 1 Centreon | 2 Centreon, Centreon Web | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php. | |||||