Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6581 | 1 Joommasters | 1 Jms Music | 2018-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, artist, or username parameter. | |||||
| CVE-2018-6578 | 1 Jextn | 1 Je Paypervideo | 2018-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request. | |||||
| CVE-2018-6367 | 1 Vastal | 1 I-tech Buddy Zone Facebook Clone | 2018-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via the /chat_im/chat_window.php request_id parameter or the /search_events.php category parameter. | |||||
| CVE-2018-6365 | 1 Datacomponents | 1 Tsitebuilder | 2018-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in TSiteBuilder 1.0 via the id parameter to /site.php, /pagelist.php, or /page_new.php. | |||||
| CVE-2018-6364 | 1 Multilanguage Real Estate Mlm Script Project | 1 Multilanguage Real Estate Mlm Script | 2018-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list.php srch parameter. | |||||
| CVE-2018-6376 | 1 Joomla | 1 Joomla\! | 2018-02-13 | 7.5 HIGH | 9.8 CRITICAL |
| In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message. | |||||
| CVE-2018-6308 | 1 Sugarcrm | 1 Sugarcrm | 2018-02-12 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and below via the track parameter to modules\Campaigns\Tracker.php and modules\Campaigns\utils.php, the default_currency_name parameter to modules\Configurator\controller.php and modules\Currencies\Currency.php, the duplicate parameter to modules\Contacts\ShowDuplicates.php, the mergecur parameter to modules\Currencies\index.php and modules\Opportunities\Opportunity.php, and the load_signed_id parameter to modules\Documents\Document.php. | |||||
| CVE-2017-17999 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2018-02-09 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in RISE Ultimate Project Manager 1.9 allows remote attackers to execute arbitrary SQL commands via the search parameter to index.php/knowledge_base/get_article_suggestion/. | |||||
| CVE-2018-5778 | 1 Ipswitch | 1 Whatsup Gold | 2018-02-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Multiple SQL injection vulnerabilities are present in the legacy .ASP pages, which could allow attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2018-5973 | 1 Eihitech | 1 Professional Local Directory Script | 2018-02-09 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Professional Local Directory Script 1.0 via the sellers_subcategories.php IndustryID parameter, or the suppliers.php IndustryID or CategoryID parameter. | |||||
| CVE-2018-5972 | 1 Quickad Project | 1 Quickad | 2018-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Classified Ads CMS Quickad 4.0 via the keywords, placeid, cat, or subcat parameter to the listing URI. | |||||
| CVE-2018-5985 | 1 Livecrm | 1 Livecrm Saas Cloud | 2018-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component for Joomla! via an r=site/login&company_id= request. | |||||
| CVE-2018-5988 | 1 Flexible Poll Project | 1 Flexible Poll | 2018-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Flexible Poll 1.2 via the id parameter to mobile_preview.php or index.php. | |||||
| CVE-2018-5984 | 1 Tumder Project | 1 Tumder | 2018-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Tumder (An Arcade Games Platform) 2.1 component for Joomla! via the PATH_INFO to the category/ URI. | |||||
| CVE-2018-5979 | 1 Wchat Project | 1 Wchat | 2018-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat Script 1.5 via the login.php User field. | |||||
| CVE-2018-5978 | 1 Zechat Project | 1 Zechat | 2018-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via the login.php User field. | |||||
| CVE-2018-5977 | 1 Getaffiligator | 1 Affiligator | 2018-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Affiligator Affiliate Webshop Management System 2.1.0 via a search/?q=&price_type=range&price= request. | |||||
| CVE-2017-16510 | 1 Wordpress | 1 Wordpress | 2018-02-03 | 7.5 HIGH | 9.8 CRITICAL |
| WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723. | |||||
| CVE-2017-16716 | 1 Advantech | 1 Webaccess | 2018-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands. | |||||
| CVE-2017-7997 | 1 Gespage | 1 Gespage | 2018-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow remote attackers to execute arbitrary SQL commands via the (1) show_prn parameter to webapp/users/prnow.jsp or show_month parameter to (2) webapp/users/blhistory.jsp or (3) webapp/users/prhistory.jsp. | |||||