Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10225 | 1 Thinkphp | 1 Thinkphp | 2018-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| thinkphp 3.1.3 has SQL Injection via the index.php s parameter. | |||||
| CVE-2018-0530 | 1 Cybozu | 1 Garoon | 2018-05-17 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-9839 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2018-05-16 | 6.5 MEDIUM | 8.8 HIGH |
| Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php (type parameter). | |||||
| CVE-2017-18260 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2018-05-16 | 6.5 MEDIUM | 8.8 HIGH |
| Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities in versions through 7.0.0 via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka search_statut parameter). | |||||
| CVE-2018-9247 | 1 Gxlcms | 1 Gxlcms Qy | 2018-05-09 | 7.5 HIGH | 9.8 CRITICAL |
| The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gxlcms QY v1.0.0713 allows remote attackers to execute arbitrary SQL statements via the sql parameter. Consequently, an attacker can execute arbitrary PHP code by placing it after a <?php substring, and then using INTO OUTFILE with a .php filename. | |||||
| CVE-2018-10050 | 1 Iscripts | 1 Eswap | 2018-05-09 | 6.5 MEDIUM | 7.2 HIGH |
| iScripts eSwap v2.4 has SQL injection via the "registration_settings.php" ddlFree parameter in the Admin Panel. | |||||
| CVE-2016-1000118 | 1 Huge-it | 1 Slideshow | 2018-05-02 | 6.5 MEDIUM | 7.2 HIGH |
| XSS & SQLi in HugeIT slideshow v1.0.4 | |||||
| CVE-2016-1000119 | 1 Huge-it | 1 Catalog | 2018-05-02 | 6.5 MEDIUM | 7.2 HIGH |
| SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla | |||||
| CVE-2014-4959 | 1 Google | 1 Android | 2018-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| **DISPUTED** SQL injection vulnerability in SQLiteDatabase.java in the SQLi Api in Android allows remote attackers to execute arbitrary SQL commands via the delete method. | |||||
| CVE-2018-8820 | 1 Square-9 | 1 Globalforms | 2018-04-23 | 6.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Square 9 GlobalForms 6.2.x. A Time Based SQL injection vulnerability in the "match" parameter allows remote authenticated attackers to execute arbitrary SQL commands. It is possible to upgrade access to full server compromise via xp_cmdshell. In some cases, the authentication requirement for the attack can be met by sending the default admin credentials. | |||||
| CVE-2014-2652 | 1 Unify | 1 Openscape Deployment Service | 2018-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in OpenScape Deployment Service (DLS) before 6.x and 7.x before R1.11.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2018-7269 | 1 Yiiframework | 1 Yii | 2018-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer recognizes an undocumented need to sanitize array input. | |||||
| CVE-2018-8943 | 1 Phpshe | 1 Phpshe | 2018-04-18 | 7.5 HIGH | 9.8 CRITICAL |
| There is a SQL injection in the PHPSHE 1.6 userbank parameter. | |||||
| CVE-2018-9924 | 1 Icmsdev | 1 Icms | 2018-04-17 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in idreamsoft iCMS through 7.0.7. SQL injection exists via the pid array parameter in an admincp.php?app=tag&do=save&frame=iPHP request. | |||||
| CVE-2018-1000131 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2018-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| Pradeep Makone wordpress Support Plus Responsive Ticket System version 9.0.2 and earlier contains a SQL Injection vulnerability in the function to get tickets, the parameter email in cookie was injected that can result in filter the parameter. This attack appear to be exploitable via web site, without login. This vulnerability appears to have been fixed in 9.0.3 and later. | |||||
| CVE-2017-17959 | 1 Php Multivendor Ecommerce Project | 1 Php Multivendor Ecommerce | 2018-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter. | |||||
| CVE-2017-17957 | 1 Php Multivendor Ecommerce Project | 1 Php Multivendor Ecommerce | 2018-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter. | |||||
| CVE-2017-17951 | 1 Php Multivendor Ecommerce Project | 1 Php Multivendor Ecommerce | 2018-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter. | |||||
| CVE-2017-17950 | 1 Cells | 1 Blog | 2018-04-13 | 6.5 MEDIUM | 8.8 HIGH |
| Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid parameter. | |||||
| CVE-2018-6843 | 1 Kentico | 1 Kentico Cms | 2018-04-12 | 6.5 MEDIUM | 7.2 HIGH |
| Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL injection in the administration interface. | |||||