Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5733 | 1 Php-fusion | 2 Php-fusion, Team Impact Ti Blog System Module | 2018-10-30 | 7.5 HIGH | N/A |
| SQL injection vulnerability in blog.php in the Team Impact TI Blog System mod for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5882 | 2 Avaya, Citrix | 4 Ag250, Broadcast Server, Application Gateway For Avaya and 1 more | 2018-10-30 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in Citrix Application Gateway - Broadcast Server (BCS) before 6.1, as used by Avaya AG250 - Broadcast Server before 2.0 and possibly other products, allows remote attackers to execute arbitrary SQL commands via the txtUID parameter. | |||||
| CVE-2008-2384 | 2 Apache, Joey Schulze | 2 Http Server, Mod Auth Mysql | 2018-10-30 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request. | |||||
| CVE-2018-16762 | 1 Thedaylightstudio | 1 Fuel Cms | 2018-10-29 | 7.5 HIGH | 9.8 CRITICAL |
| FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or search_term parameter to pages/items. | |||||
| CVE-2018-16724 | 1 Baijiacms Project | 1 Baijiacms | 2018-10-26 | 7.5 HIGH | 9.8 CRITICAL |
| An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request. | |||||
| CVE-2007-6171 | 1 Digium | 1 Asterisk | 2018-10-26 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2007-6170 | 2 Debian, Digium | 2 Debian Linux, Asterisk | 2018-10-26 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments. | |||||
| CVE-2018-16410 | 1 Vanillaforums | 1 Vanilla | 2018-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php. | |||||
| CVE-2018-16353 | 1 Fhcrm Project | 1 Fhcrm | 2018-10-25 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the /index.php/Customer/read limit parameter. | |||||
| CVE-2018-16354 | 1 Fhcrm Project | 1 Fhcrm | 2018-10-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the index.php/User/read limit parameter. | |||||
| CVE-2018-16445 | 1 Seacms | 1 Seacms | 2018-10-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in SeaCMS through 6.61. SQL injection exists via the tid parameter in an adm1n/admin_topic_vod.php request. | |||||
| CVE-2018-16432 | 1 Bluecms Project | 1 Bluecms | 2018-10-24 | 7.5 HIGH | 9.8 CRITICAL |
| BlueCMS 1.6 allows SQL Injection via the user_name parameter to uploads/user.php?act=index_login. | |||||
| CVE-2018-16278 | 1 Phpkaiyuancms | 1 Phpopensourcecms | 2018-10-23 | 7.5 HIGH | 9.8 CRITICAL |
| phpkaiyuancms PhpOpenSourceCMS (POSCMS) V3.2.0 allows an unauthenticated user to execute arbitrary SQL commands via the diy/module/member/controllers/Api.php ajax_save_draft function with the dir parameter. | |||||
| CVE-2018-15893 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2018-10-23 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection was discovered in /coreframe/app/admin/copyfrom.php in WUZHI CMS 4.1.0 via the index.php?m=core&f=copyfrom&v=listing keywords parameter. | |||||
| CVE-2018-15894 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2018-10-23 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection was discovered in /coreframe/app/admin/pay/admin/index.php in WUZHI CMS 4.1.0 via the index.php?m=pay&f=index&v=listing keyValue parameter. | |||||
| CVE-2016-4861 | 2 Fedoraproject, Zend | 2 Fedora, Zend Framework | 2018-10-21 | 7.5 HIGH | 9.8 CRITICAL |
| The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation. | |||||
| CVE-2016-6233 | 2 Fedoraproject, Zend | 2 Fedora, Zend Framework | 2018-10-21 | 7.5 HIGH | 9.8 CRITICAL |
| The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression. | |||||
| CVE-2018-16159 | 1 Codemenschen | 1 Gift Vouchers | 2018-10-19 | 7.5 HIGH | 9.8 CRITICAL |
| The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request. | |||||
| CVE-2007-1034 | 1 Php-nuke | 1 Emporium Module | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the category file in modules.php in the Emporium 2.3.0 and earlier module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | |||||
| CVE-2006-0750 | 1 Supersmashbrothers | 1 Army System | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in army.php in supersmashbrothers (SSB) Army System 2.1.0 for Invision Power Board (IPB) allows remote attackers to execute arbitrary SQL commands via the userstat parameter in an army action to index.php. | |||||