Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-6869 | 1 Sap | 1 Netweaver | 2018-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-7094 | 1 Sap | 1 Netweaver | 2018-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-5723 | 1 Sap | 1 Netweaver | 2018-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE." | |||||
| CVE-2018-19061 | 1 Dedecms | 1 Dedecms | 2018-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter. | |||||
| CVE-2018-18887 | 1 S-cms | 1 S-cms | 2018-12-07 | 7.5 HIGH | 9.8 CRITICAL |
| S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field). | |||||
| CVE-2018-18832 | 1 Dkcms | 1 Dkcms | 2018-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| admin/check.asp in DKCMS 9.4 allows SQL Injection via an ASPSESSIONID cookie to admin/admin.asp. | |||||
| CVE-2015-4633 | 1 Koha | 1 Koha | 2018-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow (1) remote attackers to execute arbitrary SQL commands via the number parameter to opac-tags_subject.pl in the OPAC interface or (2) remote authenticated users to execute arbitrary SQL commands via the Filter or (3) Criteria parameter to reports/borrowers_out.pl in the Staff interface. | |||||
| CVE-2018-18546 | 1 Thinkphp | 1 Thinkphp | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable. | |||||
| CVE-2018-18705 | 1 Phptpoint | 1 Hospital Management System | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| PhpTpoint hospital management system suffers from multiple SQL injection vulnerabilities via the index.php user parameter associated with LOGIN.php, or the rno parameter to ALIST.php, DUNDEL.php, PDEL.php, or PUNDEL.php. | |||||
| CVE-2018-18704 | 1 Phptpoint | 1 Pharmacy Management System | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| PhpTpoint Pharmacy Management System suffers from a SQL injection vulnerability in the index.php username parameter. | |||||
| CVE-2018-18702 | 1 Icmsdev | 1 Icms | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion. | |||||
| CVE-2018-18550 | 1 Serverscheck | 1 Serverscheck | 2018-12-04 | 6.5 MEDIUM | 8.8 HIGH |
| ServersCheck Monitoring Software before 14.3.4 allows SQL Injection by an authenticated user. | |||||
| CVE-2018-18527 | 1 Owndms | 1 Ownticket | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or editTicketStatusId parameter. | |||||
| CVE-2018-17446 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | |||||
| CVE-2018-18785 | 1 Zzcms | 1 Zzcms | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php. | |||||
| CVE-2018-18786 | 1 Zzcms | 1 Zzcms | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie. | |||||
| CVE-2018-18787 | 1 Zzcms | 1 Zzcms | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie. | |||||
| CVE-2018-18788 | 1 Zzcms | 1 Zzcms | 2018-12-04 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in zzcms 8.3. SQL Injection exists in admin/classmanage.php via the tablename parameter. (This needs an admin user login.) | |||||
| CVE-2018-18784 | 1 Zzcms | 1 Zzcms | 2018-12-04 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in zzcms 8.3. SQL Injection exists in admin/tagmanage.php via the tabletag parameter. (This needs an admin user login.) | |||||
| CVE-2018-18790 | 1 Zzcms | 1 Zzcms | 2018-12-04 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in zzcms 8.3. SQL Injection exists in admin/special_add.php via a zxbigclassid cookie. (This needs an admin user login.) | |||||