Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1480 | 1 Phpnuke | 1 Php-nuke | 2018-08-13 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter. | |||||
| CVE-2011-1562 | 1 Ecava | 1 Integraxor | 2018-08-13 | 7.5 HIGH | N/A |
| Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote attackers to bypass authentication and execute arbitrary SQL statements via unspecified vectors related to a crafted POST request. NOTE: some sources have reported this issue as SQL injection, but this might not be accurate. | |||||
| CVE-2010-4166 | 1 Joomla | 1 Joomla\! | 2018-08-13 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3) the filter_order_Dir parameter in a com_messages action to administrator/index.php. | |||||
| CVE-2014-1671 | 1 Dell | 5 Kace K1000 Systems Management Appliance, Kace K1000 Systems Management Appliance Software, Kace K1000 Systems Management Virtual Appliance and 2 more | 2018-08-13 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Dell KACE K1000 5.4.76847 and possibly earlier allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the macAddress element in a (1) getUploadPath or (2) getKBot SOAP request to service/kbot_service.php; the ID parameter to (3) userui/advisory_detail.php or (4) userui/ticket.php; and the (5) ORDER[] parameter to userui/ticket_list.php. | |||||
| CVE-2011-1055 | 1 Lingxia273 | 1 Lingxia I.c.e Cms | 2018-08-13 | 7.5 HIGH | N/A |
| SQL injection vulnerability in api/ice_media.cfc in Lingxia I.C.E CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the session.user_id parameter to media.cfm. | |||||
| CVE-2018-13448 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2018-08-10 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter. | |||||
| CVE-2018-12630 | 1 Nmark | 1 Nmcms | 2018-08-10 | 7.5 HIGH | 9.8 CRITICAL |
| NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the sect_id parameter to the /catalog URI. | |||||
| CVE-2018-12534 | 1 Quick Chat Project | 1 Quick Chat | 2018-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection issue was discovered in the Quick Chat plugin before 4.00 for WordPress. | |||||
| CVE-2017-16847 | 1 Zohocorp | 1 Manageengine Applications Manager | 2018-08-06 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action. | |||||
| CVE-2017-16542 | 1 Zohocorp | 1 Manageengine Applications Manager | 2018-08-06 | 6.5 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request. | |||||
| CVE-2017-16543 | 1 Zohocorp | 1 Manageengine Applications Manager | 2018-08-06 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter. | |||||
| CVE-2017-16846 | 1 Zohocorp | 1 Manageengine Applications Manager | 2018-08-06 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter. | |||||
| CVE-2017-16849 | 1 Zohocorp | 1 Manageengine Applications Manager | 2018-08-06 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter. | |||||
| CVE-2017-16851 | 1 Zohocorp | 1 Manageengine Applications Manager | 2018-08-06 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter. | |||||
| CVE-2018-12254 | 1 Harmistechnology | 1 Ek Rishta | 2018-08-02 | 6.5 MEDIUM | 8.8 HIGH |
| router.php in the Harmis Ek rishta (aka ek-rishta) 2.10 component for Joomla! allows SQL Injection via the PATH_INFO to a home/requested_user/Sent%20interest/ URI. | |||||
| CVE-2018-12039 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2018-07-27 | 7.5 HIGH | 9.8 CRITICAL |
| joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring. | |||||
| CVE-2018-12110 | 1 Portfoliocms Project | 1 Portfoliocms | 2018-07-27 | 6.5 MEDIUM | 7.2 HIGH |
| portfolioCMS 1.0.5 has SQL Injection via the admin/portfolio.php preview parameter. | |||||
| CVE-2018-12498 | 1 Icmsdev | 1 Icms | 2018-07-27 | 7.5 HIGH | 9.8 CRITICAL |
| spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php. | |||||
| CVE-2017-18291 | 1 Pvpgn | 1 Stats | 2018-07-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET user parameter. | |||||
| CVE-2017-18290 | 1 Pvpgn | 1 Stats | 2018-07-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET sort_direction parameter. | |||||