Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19435 | 1 Weberp | 1 Weberp | 2018-12-18 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter. | |||||
| CVE-2018-19436 | 1 Weberp | 1 Weberp | 2018-12-18 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in the Manufacturing component in webERP 4.15. CollectiveWorkOrderCost.php has Blind SQL Injection via the SearchParts parameter. | |||||
| CVE-2018-18801 | 1 Bsen Ordering Software Project | 1 Bsen Ordering Software | 2018-12-18 | 7.5 HIGH | 9.8 CRITICAL |
| The BSEN Ordering software 1.0 has SQL Injection via student/index.php?view=view&id=[SQL] or index.php?q=single-item&id=[SQL]. | |||||
| CVE-2018-18796 | 1 Library Management System Project | 1 Library Management System | 2018-12-18 | 7.5 HIGH | 9.8 CRITICAL |
| Library Management System 1.0 has SQL Injection via the "Search for Books" screen. | |||||
| CVE-2018-18795 | 1 School Event Management System Project | 1 School Event Management System | 2018-12-18 | 7.5 HIGH | 9.8 CRITICAL |
| School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter. | |||||
| CVE-2018-18763 | 1 Saltos | 1 Saltos | 2018-12-18 | 7.5 HIGH | 9.8 CRITICAL |
| SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection. | |||||
| CVE-2018-19331 | 1 S-cms | 1 S-cms | 2018-12-18 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in S-CMS v1.5. There is a SQL injection vulnerability in search.php via the keyword parameter. | |||||
| CVE-2018-18806 | 1 School Equipment Monitoring System Project | 1 School Equipment Monitoring System | 2018-12-17 | 7.5 HIGH | 9.8 CRITICAL |
| School Equipment Monitoring System 1.0 allows SQL injection via the login screen, related to include/user.vb. | |||||
| CVE-2018-18804 | 1 Bakeshop Inventory System Project | 1 Bakeshop Inventory System | 2018-12-17 | 7.5 HIGH | 9.8 CRITICAL |
| Bakeshop Inventory System 1.0 has SQL injection via the login screen, related to include/publicfunction.vb. | |||||
| CVE-2018-18803 | 1 Curriculum Evaluation System Project | 1 Curriculum Evaluation System | 2018-12-17 | 7.5 HIGH | 9.8 CRITICAL |
| Curriculum Evaluation System 1.0 allows SQL Injection via the login screen, related to frmCourse.vb and includes/user.vb. | |||||
| CVE-2018-19349 | 1 Seacms | 1 Seacms | 2018-12-17 | 6.5 MEDIUM | 7.2 HIGH |
| In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php. | |||||
| CVE-2018-0685 | 1 Neo | 1 Debun Pop | 2018-12-17 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the Denbun POP version V3.3P R4.0 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via HTTP requests for mail search. | |||||
| CVE-2018-18476 | 1 Nedap | 1 Mysql-binuuid-rails | 2018-12-13 | 7.5 HIGH | 9.8 CRITICAL |
| mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns. | |||||
| CVE-2018-18963 | 1 Degraupublicidade | 1 Degraupublicidade | 2018-12-13 | 7.5 HIGH | 9.8 CRITICAL |
| Busca.aspx.cs in Degrau Publicidade e Internet Plataforma de E-commerce allows SQL Injection via the busca/ URI. | |||||
| CVE-2018-19221 | 1 Laobancms | 1 Laobancms | 2018-12-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in LAOBANCMS 2.0. It allows SQL Injection via the admin/login.php guanliyuan parameter. | |||||
| CVE-2014-8588 | 1 Sap | 1 Hana | 2018-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-7239 | 1 Sap | 1 Netweaver J2ee Engine | 2018-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-6818 | 1 Sap | 1 Business Intelligence Platform | 2018-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service (data deletion), or launch administrative operations or possibly OS commands via a crafted SQL query. The vendor response is SAP Security Note 2361633. | |||||
| CVE-2015-1310 | 1 Sybase | 1 Adaptive Server Enterprise | 2018-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SAP Adaptive Server Enterprise (Sybase ASE) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Note 2113333. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2013-7096 | 1 Sap | 1 Emr Unwired | 2018-12-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SAP EMR Unwired allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||