Total
15388 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15146 | 1 Open-emr | 1 Openemr | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in interface/de_identification_forms/find_immunization_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'search_term' parameter. | |||||
| CVE-2018-15145 | 1 Open-emr | 1 Openemr | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in portal/add_edit_event_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) eid, (2) userid, or (3) pid parameter. | |||||
| CVE-2018-15144 | 1 Open-emr | 1 Openemr | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in interface/de_identification_forms/find_drug_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the search_term parameter. | |||||
| CVE-2018-15143 | 1 Open-emr | 1 Openemr | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in portal/find_appt_popup_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) catid or (2) providerid parameter. | |||||
| CVE-2018-14968 | 1 Emlsoft Project | 1 Emlsoft | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in EMLsoft 5.4.5. upload\eml\action\action.address.php has SQL Injection via the numPerPage parameter. | |||||
| CVE-2018-14967 | 1 Emlsoft Project | 1 Emlsoft | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in EMLsoft 5.4.5. upload\eml\action\action.user.php has SQL Injection via the numPerPage parameter. | |||||
| CVE-2018-14961 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| dl/dl_sendmail.php in zzcms 8.3 has SQL Injection via the sql parameter. | |||||
| CVE-2018-14956 | 1 Isweb | 1 Isweb | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An attacker can inject malicious queries into the application and obtain sensitive information. | |||||
| CVE-2018-14874 | 1 Polarisft | 1 Intellect Core Banking | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. Input passed through the code parameter in three pages as collaterals/colexe3t.jsp and /references/refsuppu.jsp and /references/refbranu.jsp is mishandled before being used in SQL queries, allowing SQL injection with an authenticated session. | |||||
| CVE-2018-14623 | 1 Theforeman | 1 Katello | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is vulnerable. | |||||
| CVE-2018-14592 | 1 Cwjoomla | 2 Cw Article Attachments Free, Cw Article Attachments Pro | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php. | |||||
| CVE-2018-14515 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter. | |||||
| CVE-2018-14502 | 1 Kibokolabs | 1 Chained Quiz | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters. | |||||
| CVE-2018-14501 | 1 Joyplus Project | 1 Joyplus-cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data beginning with an "m_id=1 AND SLEEP(5)" substring. | |||||
| CVE-2018-14472 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in WUZHI CMS 4.1.0. The vulnerable file is coreframe/app/order/admin/goods.php. The $keywords parameter is taken directly into execution without any filtering, leading to SQL injection. | |||||
| CVE-2018-14440 | 1 Ssh Companywebsite Project | 1 Ssh Companywebsite | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. SQL injection exists via the admin/noticeManageAction_queryNotice.action noticeInfo parameter. | |||||
| CVE-2018-14418 | 1 Msvod | 1 Msvod Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Msvod Cms v10, SQL Injection exists via an images/lists?cid= URI. | |||||
| CVE-2018-14389 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val parameter. | |||||
| CVE-2018-14066 | 3 Google, Infinixmobility, Lenovo | 3 Android, Infinix X571, Lenovo A7020 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READ_SMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo phones (such as the A7020) that have since been fixed by Lenovo. | |||||
| CVE-2018-14058 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Pimcore before 5.3.0 allows SQL Injection via the REST web service API. | |||||