Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19557 | 1 Arcms Project | 1 Arcms | 2018-12-19 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in arcms through 2018-03-19. No authentication is required for index/main, user/useradd, or img/images. | |||||
| CVE-2018-19558 | 1 Arcms Project | 1 Arcms | 2018-12-19 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in arcms through 2018-03-19. SQL injection exists via the json/newslist limit parameter because of ctl/main/Json.php, ctl/main/service/Data.php, and comp/Db/Mysql.php. | |||||
| CVE-2018-19559 | 1 Cuppacms | 1 Cuppacms | 2018-12-18 | 7.5 HIGH | 9.8 CRITICAL |
| CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter. | |||||
| CVE-2018-18822 | 1 Grapixel | 1 New Media | 2018-12-18 | 7.5 HIGH | 9.8 CRITICAL |
| Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pageref parameter. | |||||
| CVE-2016-10731 | 1 Projectsend | 1 Projectsend | 2018-12-18 | 7.5 HIGH | 9.8 CRITICAL |
| ProjectSend (formerly cFTP) r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selected_clients, clients.php with the request parameter status, process-zip-download.php with the request parameter file, or home-log.php with the request parameter action. | |||||
| CVE-2014-8367 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2018-12-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.3.6, and 6.4.x before 6.4.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2018-19434 | 1 Weberp | 1 Weberp | 2018-12-18 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered on the "Bank Account Matching - Receipts" screen of the General Ledger component in webERP 4.15. BankMatching.php has Blind SQL injection via the AmtClear_ parameter. | |||||
| CVE-2018-19435 | 1 Weberp | 1 Weberp | 2018-12-18 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter. | |||||
| CVE-2018-19436 | 1 Weberp | 1 Weberp | 2018-12-18 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in the Manufacturing component in webERP 4.15. CollectiveWorkOrderCost.php has Blind SQL Injection via the SearchParts parameter. | |||||
| CVE-2018-18801 | 1 Bsen Ordering Software Project | 1 Bsen Ordering Software | 2018-12-18 | 7.5 HIGH | 9.8 CRITICAL |
| The BSEN Ordering software 1.0 has SQL Injection via student/index.php?view=view&id=[SQL] or index.php?q=single-item&id=[SQL]. | |||||
| CVE-2018-18796 | 1 Library Management System Project | 1 Library Management System | 2018-12-18 | 7.5 HIGH | 9.8 CRITICAL |
| Library Management System 1.0 has SQL Injection via the "Search for Books" screen. | |||||
| CVE-2018-18795 | 1 School Event Management System Project | 1 School Event Management System | 2018-12-18 | 7.5 HIGH | 9.8 CRITICAL |
| School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter. | |||||
| CVE-2018-18763 | 1 Saltos | 1 Saltos | 2018-12-18 | 7.5 HIGH | 9.8 CRITICAL |
| SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection. | |||||
| CVE-2018-19331 | 1 S-cms | 1 S-cms | 2018-12-18 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in S-CMS v1.5. There is a SQL injection vulnerability in search.php via the keyword parameter. | |||||
| CVE-2018-18806 | 1 School Equipment Monitoring System Project | 1 School Equipment Monitoring System | 2018-12-17 | 7.5 HIGH | 9.8 CRITICAL |
| School Equipment Monitoring System 1.0 allows SQL injection via the login screen, related to include/user.vb. | |||||
| CVE-2018-18804 | 1 Bakeshop Inventory System Project | 1 Bakeshop Inventory System | 2018-12-17 | 7.5 HIGH | 9.8 CRITICAL |
| Bakeshop Inventory System 1.0 has SQL injection via the login screen, related to include/publicfunction.vb. | |||||
| CVE-2018-18803 | 1 Curriculum Evaluation System Project | 1 Curriculum Evaluation System | 2018-12-17 | 7.5 HIGH | 9.8 CRITICAL |
| Curriculum Evaluation System 1.0 allows SQL Injection via the login screen, related to frmCourse.vb and includes/user.vb. | |||||
| CVE-2018-19349 | 1 Seacms | 1 Seacms | 2018-12-17 | 6.5 MEDIUM | 7.2 HIGH |
| In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php. | |||||
| CVE-2018-0685 | 1 Neo | 1 Debun Pop | 2018-12-17 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the Denbun POP version V3.3P R4.0 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via HTTP requests for mail search. | |||||
| CVE-2018-18476 | 1 Nedap | 1 Mysql-binuuid-rails | 2018-12-13 | 7.5 HIGH | 9.8 CRITICAL |
| mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns. | |||||