Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14066 | 3 Google, Infinixmobility, Lenovo | 3 Android, Infinix X571, Lenovo A7020 | 2018-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READ_SMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo phones (such as the A7020) that have since been fixed by Lenovo. | |||||
| CVE-2017-10936 | 1 Zte | 2 Zxcdn-sns, Zxcdn-sns Firmware | 2018-09-20 | 5.0 MEDIUM | 7.5 HIGH |
| SQL injection vulnerability in all versions prior to V4.01.01 of the ZTE ZXCDN-SNS product allows remote attackers to execute arbitrary SQL commands via the aoData parameter, resulting in the disclosure of database information. | |||||
| CVE-2017-10937 | 1 Zte | 2 Zxiptv-ucm, Zxiptv-ucm Firmware | 2018-09-20 | 5.0 MEDIUM | 7.5 HIGH |
| SQL injection vulnerability in all versions prior to V2.01.05.09 of the ZTE ZXIPTV-UCM product allows remote attackers to execute arbitrary SQL commands via the opertype parameter, resulting in the disclosure of database information. | |||||
| CVE-2018-14501 | 1 Joyplus Project | 1 Joyplus-cms | 2018-09-17 | 7.5 HIGH | 9.8 CRITICAL |
| manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data beginning with an "m_id=1 AND SLEEP(5)" substring. | |||||
| CVE-2018-14418 | 1 Msvod | 1 Msvod Cms | 2018-09-17 | 7.5 HIGH | 9.8 CRITICAL |
| In Msvod Cms v10, SQL Injection exists via an images/lists?cid= URI. | |||||
| CVE-2018-14440 | 1 Ssh Companywebsite Project | 1 Ssh Companywebsite | 2018-09-14 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. SQL injection exists via the admin/noticeManageAction_queryNotice.action noticeInfo parameter. | |||||
| CVE-2018-14515 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2018-09-14 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter. | |||||
| CVE-2018-14472 | 1 Wuzhicms | 1 Wuzhicms | 2018-09-14 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in WUZHI CMS 4.1.0. The vulnerable file is coreframe/app/order/admin/goods.php. The $keywords parameter is taken directly into execution without any filtering, leading to SQL injection. | |||||
| CVE-2018-14389 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2018-09-12 | 7.5 HIGH | 9.8 CRITICAL |
| joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val parameter. | |||||
| CVE-2018-10197 | 1 Elo | 1 Access Manager | 2018-09-11 | 7.5 HIGH | 9.8 CRITICAL |
| There is a time-based blind SQL injection vulnerability in the Access Manager component before 9.18.040 and 10.x before 10.18.040 in ELO ELOenterprise 9 and 10 and ELOprofessional 9 and 10 that makes it possible to read all database content. The vulnerability exists in the ticket HTTP GET parameter. For example, one can succeed in reading the password hash of the administrator user in the "userdata" table from the "eloam" database. | |||||
| CVE-2018-13850 | 1 Icanstudioz | 1 Firebase Push Notification On Ios \/ Fcm \+ Advance Admin Panel | 2018-09-07 | 7.5 HIGH | 9.8 CRITICAL |
| The "Firebase Cloud Messaging (FCM) + Advance Admin Panel" component supporting Firebase Push Notification on iOS (through 2017-10-26) allows SQL injection via the /advance_push/public/login username parameter. | |||||
| CVE-2018-14012 | 1 Wolfsight | 1 Wolfsight Cms | 2018-09-05 | 7.5 HIGH | 9.8 CRITICAL |
| WolfSight CMS 3.2 allows SQL injection via the PATH_INFO to the default URI. | |||||
| CVE-2018-13449 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2018-09-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut_buy parameter. | |||||
| CVE-2018-13450 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2018-09-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the status_batch parameter. | |||||
| CVE-2018-12977 | 1 Softexpert | 1 Excellence Suite | 2018-09-05 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability in the SoftExpert (SE) Excellence Suite 2.0 allows remote authenticated users to perform SQL heuristics by pulling information from the database with the "cddocument" parameter in the "Downloading Electronic Documents" section. | |||||
| CVE-2017-11088 | 1 Qualcomm | 28 Msm8909w, Msm8909w Firmware, Msm8996au and 25 more | 2018-09-04 | 7.5 HIGH | 9.8 CRITICAL |
| Improper Input Validation in Linux io-prefetch in Snapdragon Mobile and Snapdragon Wear, A SQL injection vulnerability exists in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 835, SD 845. | |||||
| CVE-2018-3754 | 1 Query-mysql Project | 1 Query-mysql | 2018-09-04 | 6.5 MEDIUM | 8.8 HIGH |
| Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database. | |||||
| CVE-2018-11643 | 1 Dialogic | 1 Powermedia Xms | 2018-08-31 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to execute arbitrary SQL commands via the filterPattern parameter. | |||||
| CVE-2018-13050 | 1 Zohocorp | 1 Manageengine Applications Manager | 2018-08-30 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request. | |||||
| CVE-2018-13049 | 1 Glpi-project | 1 Glpi | 2018-08-30 | 6.5 MEDIUM | 8.8 HIGH |
| The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php. | |||||