Total
15193 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-11309 | 1 Membermouse | 1 Membermouse | 2024-11-21 | N/A |
| Blind SQL injection in coupon_code in the MemberMouse plugin 2.2.8 and prior for WordPress allows an unauthenticated attacker to dump the WordPress MySQL database via an applyCoupon action in an admin-ajax.php request. | ||||
| CVE-2018-11231 | 1 Divido | 1 Divido | 2024-11-21 | N/A |
| In the Divido plugin for OpenCart, there is SQL injection. Attackers can use SQL injection to get some confidential information. | ||||
| CVE-2018-11140 | 1 Quest | 1 Kace System Management Appliance | 2024-11-21 | N/A |
| The 'reportID' parameter received by the '/common/run_report.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, an error-based type). | ||||
| CVE-2018-11136 | 1 Quest | 1 Kace System Management Appliance | 2024-11-21 | N/A |
| The 'orgID' parameter received by the '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, a blind time-based type). | ||||
| CVE-2018-11065 | 1 Rsa | 1 Archer | 2024-11-21 | N/A |
| The WorkPoint component, which is embedded in all RSA Archer, versions 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7 and 6.4.x prior to 6.4.0.1, contains a SQL injection vulnerability. A malicious user could potentially exploit this vulnerability to execute SQL commands on the back-end database to read certain data. Embedded WorkPoint is upgraded to version 4.10.16, which contains a fix for the vulnerability. | ||||
| CVE-2018-11032 | 1 Gouguoyin | 1 Phprap | 2024-11-21 | N/A |
| PHPRAP 1.0.4 through 1.0.8 has SQL Injection via the application/home/controller/project.php search() function. | ||||
| CVE-2018-10997 | 1 Etere | 1 Etereweb | 2024-11-21 | N/A |
| Etere EtereWeb before 28.1.20 has a pre-authentication blind SQL injection in the POST parameters txUserName and txPassword. | ||||
| CVE-2018-10969 | 1 Genetechsolutions | 1 Pie Register | 2024-11-21 | N/A |
| SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid. | ||||
| CVE-2018-10915 | 4 Canonical, Debian, Postgresql and 1 more | 12 Ubuntu Linux, Debian Linux, Postgresql and 9 more | 2024-11-21 | N/A |
| A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected. | ||||
| CVE-2018-10759 | 1 Projectpier | 1 Projectpier | 2024-11-21 | 9.8 Critical |
| PHP remote file inclusion vulnerability in public/patch/patch.php in Project Pier 0.8.8 and earlier allows remote attackers to execute arbitrary commands or SQL statements via the id parameter. | ||||
| CVE-2018-10757 | 1 Csp Mysql User Manager Project | 1 Csp Mysql User Manager | 2024-11-21 | N/A |
| CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authentication Bypass, via a crafted username during a login attempt. | ||||
| CVE-2018-10738 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | N/A |
| A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter. | ||||
| CVE-2018-10737 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | N/A |
| A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter. | ||||
| CVE-2018-10736 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | N/A |
| A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter. | ||||
| CVE-2018-10735 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | N/A |
| A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter. | ||||
| CVE-2018-10595 | 1 Bd | 6 Database Manager, Inoqula\+, Kiestra Tla and 3 more | 2024-11-21 | N/A |
| A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data. | ||||
| CVE-2018-10593 | 1 Bd | 6 Database Manager, Inoqula\+, Kiestra Tla and 3 more | 2024-11-21 | N/A |
| A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption. | ||||
| CVE-2018-10466 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-21 | N/A |
| Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind SQL Injection. | ||||
| CVE-2018-10356 | 1 Trendmicro | 1 Email Encryption Gateway | 2024-11-21 | N/A |
| A SQL injection remote code execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRequestDomains class. Authentication is required to exploit this vulnerability. | ||||
| CVE-2018-10353 | 1 Trendmicro | 1 Email Encryption Gateway | 2024-11-21 | N/A |
| A SQL injection information disclosure vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to disclose sensitive information on vulnerable installations due to a flaw in the formChangePass class. Authentication is required to exploit this vulnerability. | ||||