Export limit exceeded: 328214 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 17577 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (17577 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-20730 | 1 Nedi | 1 Nedi | 2024-11-21 | N/A |
| A SQL injection vulnerability in NeDi before 1.7Cp3 allows any user to execute arbitrary SQL read commands via the query.php component. | ||||
| CVE-2018-20719 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | N/A |
| In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter. | ||||
| CVE-2018-20716 | 1 Cubecart | 1 Cubecart | 2024-11-21 | N/A |
| CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature. | ||||
| CVE-2018-20715 | 1 Oxid-esales | 1 Eshop | 2024-11-21 | N/A |
| The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php. | ||||
| CVE-2018-20713 | 1 Shopware | 1 Shopware | 2024-11-21 | N/A |
| Shopware before 5.4.3 allows SQL Injection by remote authenticated users, aka SW-21404. | ||||
| CVE-2018-20678 | 1 Librenms | 1 Librenms | 2024-11-21 | N/A |
| LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search. | ||||
| CVE-2018-20572 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | N/A |
| WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893. | ||||
| CVE-2018-20569 | 1 Generic Content Management System Project | 1 Generic Content Management System | 2024-11-21 | N/A |
| user/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass. | ||||
| CVE-2018-20568 | 1 Generic Content Management System Project | 1 Generic Content Management System | 2024-11-21 | N/A |
| Administrator/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass. | ||||
| CVE-2018-20556 | 1 Booking Calendar Project | 1 Booking Calendar | 2024-11-21 | N/A |
| SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the booking_id parameter. | ||||
| CVE-2018-20508 | 1 Crashfix Project | 1 Crashfix | 2024-11-21 | N/A |
| CrashFix 1.0.4 has SQL Injection via the User[status] parameter. This is related to actionIndex in UserController.php, and the protected\models\User.php search() function. | ||||
| CVE-2018-20505 | 3 Apple, Microsoft, Sqlite | 7 Icloud, Iphone Os, Itunes and 4 more | 2024-11-21 | N/A |
| SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). | ||||
| CVE-2018-20480 | 1 S-cms | 1 S-cms | 2024-11-21 | N/A |
| An issue was discovered in S-CMS 1.0. It allows SQL Injection via the js/pic.php P_id parameter. | ||||
| CVE-2018-20479 | 1 S-cms | 1 S-cms | 2024-11-21 | N/A |
| An issue was discovered in S-CMS 1.0. It allows SQL Injection via the wap_index.php?type=newsinfo S_id parameter. | ||||
| CVE-2018-20477 | 1 S-cms | 1 S-cms | 2024-11-21 | N/A |
| An issue was discovered in S-CMS 3.0. It allows SQL Injection via the bank/callback1.php P_no field. | ||||
| CVE-2018-20469 | 1 Sahipro | 1 Sahi Pro | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to h2 SQL injection. This can be exploited to inject SQL queries and run standard h2 system functions. | ||||
| CVE-2018-20338 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section. | ||||
| CVE-2018-20329 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | N/A |
| Chamilo LMS version 1.11.8 contains a main/inc/lib/CoursesAndSessionsCatalog.class.php SQL injection, allowing users with access to the sessions catalogue (which may optionally be made public) to extract and/or modify database information. | ||||
| CVE-2018-20173 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API. | ||||
| CVE-2018-20091 | 1 Cloudera | 1 Data Science Workbench | 2024-11-21 | N/A |
| An SQL injection vulnerability was found in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. This would allow any authenticated user to run arbitrary queries against CDSW's internal database. The database contains user contact information, encrypted CDSW passwords (in the case of local authentication), API keys, and stored Kerberos keytabs. | ||||