Total
16216 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-20887 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 74.0.0 allows SQL injection during database backups (SEC-420). | ||||
| CVE-2018-20779 | 1 Traq | 1 Traq | 2024-11-21 | N/A |
| Traq 3.7.1 allows SQL Injection via a tickets?search= URI. | ||||
| CVE-2018-20770 | 1 Xerox | 58 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 55 more | 2024-11-21 | N/A |
| An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is Blind SQL Injection. | ||||
| CVE-2018-20730 | 1 Nedi | 1 Nedi | 2024-11-21 | N/A |
| A SQL injection vulnerability in NeDi before 1.7Cp3 allows any user to execute arbitrary SQL read commands via the query.php component. | ||||
| CVE-2018-20719 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | N/A |
| In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter. | ||||
| CVE-2018-20716 | 1 Cubecart | 1 Cubecart | 2024-11-21 | N/A |
| CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature. | ||||
| CVE-2018-20715 | 1 Oxid-esales | 1 Eshop | 2024-11-21 | N/A |
| The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php. | ||||
| CVE-2018-20713 | 1 Shopware | 1 Shopware | 2024-11-21 | N/A |
| Shopware before 5.4.3 allows SQL Injection by remote authenticated users, aka SW-21404. | ||||
| CVE-2018-20678 | 1 Librenms | 1 Librenms | 2024-11-21 | N/A |
| LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search. | ||||
| CVE-2018-20572 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | N/A |
| WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893. | ||||
| CVE-2018-20569 | 1 Generic Content Management System Project | 1 Generic Content Management System | 2024-11-21 | N/A |
| user/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass. | ||||
| CVE-2018-20568 | 1 Generic Content Management System Project | 1 Generic Content Management System | 2024-11-21 | N/A |
| Administrator/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass. | ||||
| CVE-2018-20556 | 1 Booking Calendar Project | 1 Booking Calendar | 2024-11-21 | N/A |
| SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the booking_id parameter. | ||||
| CVE-2018-20508 | 1 Crashfix Project | 1 Crashfix | 2024-11-21 | N/A |
| CrashFix 1.0.4 has SQL Injection via the User[status] parameter. This is related to actionIndex in UserController.php, and the protected\models\User.php search() function. | ||||
| CVE-2018-20505 | 3 Apple, Microsoft, Sqlite | 7 Icloud, Iphone Os, Itunes and 4 more | 2024-11-21 | N/A |
| SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). | ||||
| CVE-2018-20480 | 1 S-cms | 1 S-cms | 2024-11-21 | N/A |
| An issue was discovered in S-CMS 1.0. It allows SQL Injection via the js/pic.php P_id parameter. | ||||
| CVE-2018-20479 | 1 S-cms | 1 S-cms | 2024-11-21 | N/A |
| An issue was discovered in S-CMS 1.0. It allows SQL Injection via the wap_index.php?type=newsinfo S_id parameter. | ||||
| CVE-2018-20477 | 1 S-cms | 1 S-cms | 2024-11-21 | N/A |
| An issue was discovered in S-CMS 3.0. It allows SQL Injection via the bank/callback1.php P_no field. | ||||
| CVE-2018-20469 | 1 Sahipro | 1 Sahi Pro | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to h2 SQL injection. This can be exploited to inject SQL queries and run standard h2 system functions. | ||||
| CVE-2018-20338 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section. | ||||