Total
15388 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16822 | 1 Seacms | 1 Seacms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter. | |||||
| CVE-2018-16809 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit. | |||||
| CVE-2018-16803 | 1 Cimtechniques | 1 Cimscan | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows attackers to execute SQL code. | |||||
| CVE-2018-16762 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or search_term parameter to pages/items. | |||||
| CVE-2018-16724 | 1 Baijiacms Project | 1 Baijiacms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request. | |||||
| CVE-2018-16659 | 1 Rausoft | 1 Id.prove | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xp_cmdshell for the further privilege elevation. | |||||
| CVE-2018-16445 | 1 Seacms | 1 Seacms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in SeaCMS through 6.61. SQL injection exists via the tid parameter in an adm1n/admin_topic_vod.php request. | |||||
| CVE-2018-16436 | 1 Gxlcms | 1 Gxlcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Gxlcms 2.0 before bug fix 20180915 has SQL Injection exploitable by an administrator. | |||||
| CVE-2018-16432 | 1 Bluecms Project | 1 Bluecms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| BlueCMS 1.6 allows SQL Injection via the user_name parameter to uploads/user.php?act=index_login. | |||||
| CVE-2018-16410 | 1 Vanillaforums | 1 Vanilla | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php. | |||||
| CVE-2018-16389 | 1 E107 | 1 E107 | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter. | |||||
| CVE-2018-16385 | 1 Thinkphp | 1 Thinkphp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string. | |||||
| CVE-2018-16384 | 1 Owasp | 1 Owasp Modsecurity Core Rule Set | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and b is the SQL statement to be executed. | |||||
| CVE-2018-16357 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order parameter. | |||||
| CVE-2018-16356 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter. | |||||
| CVE-2018-16354 | 1 Fhcrm Project | 1 Fhcrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the index.php/User/read limit parameter. | |||||
| CVE-2018-16353 | 1 Fhcrm Project | 1 Fhcrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the /index.php/Customer/read limit parameter. | |||||
| CVE-2018-16278 | 1 Phpkaiyuancms | 1 Phpopensourcecms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| phpkaiyuancms PhpOpenSourceCMS (POSCMS) V3.2.0 allows an unauthenticated user to execute arbitrary SQL commands via the diy/module/member/controllers/Api.php ajax_save_draft function with the dir parameter. | |||||
| CVE-2018-16251 | 1 Creatiwity | 1 Witycms | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A "search for user discovery" injection issue exists in Creatiwity wityCMS 0.6.2 via the "Utilisateur" menu. No input parameters are filtered, e.g., the /admin/user/users Nickname, email, firstname, lastname, and groupe parameters. | |||||
| CVE-2018-16188 | 1 Ricoh | 16 D2200, D2200 Firmware, D5500 and 13 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||