Total
17351 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19895 | 1 Thinkcmf | 1 Thinkcmf | 2024-11-21 | N/A |
| ThinkCMF X2.2.2 has SQL Injection via the function edit_post() in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action. | ||||
| CVE-2018-19894 | 1 Thinkcmf | 1 Thinkcmf | 2024-11-21 | N/A |
| ThinkCMF X2.2.2 has SQL Injection via the functions check() and delete() in CommentadminController.class.php and is exploitable with the manager privilege via the ids[] parameter in a commentadmin action. | ||||
| CVE-2018-19893 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | N/A |
| SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string. | ||||
| CVE-2018-19559 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | N/A |
| CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter. | ||||
| CVE-2018-19558 | 1 Arcms Project | 1 Arcms | 2024-11-21 | N/A |
| An issue was discovered in arcms through 2018-03-19. SQL injection exists via the json/newslist limit parameter because of ctl/main/Json.php, ctl/main/service/Data.php, and comp/Db/Mysql.php. | ||||
| CVE-2018-19557 | 1 Arcms Project | 1 Arcms | 2024-11-21 | N/A |
| An issue was discovered in arcms through 2018-03-19. No authentication is required for index/main, user/useradd, or img/images. | ||||
| CVE-2018-19553 | 1 Interspire | 1 Email Marketer | 2024-11-21 | N/A |
| Interspire Email Marketer through 6.1.6 has SQL Injection via an updateblock sortorder request to Dynamiccontenttags.php | ||||
| CVE-2018-19552 | 1 Interspire | 1 Email Marketer | 2024-11-21 | N/A |
| Interspire Email Marketer through 6.1.6 has SQL Injection via a deleteblock blockid[] request to Dynamiccontenttags.php. | ||||
| CVE-2018-19551 | 1 Interspire | 1 Email Marketer | 2024-11-21 | N/A |
| Interspire Email Marketer through 6.1.6 has SQL Injection via a checkduplicatetags tagname request to Dynamiccontenttags.php. | ||||
| CVE-2018-19549 | 1 Interspire | 1 Email Marketer | 2024-11-21 | N/A |
| Interspire Email Marketer through 6.1.6 has SQL Injection via a tagids Delete action to Dynamiccontenttags.php. | ||||
| CVE-2018-19510 | 1 Ens | 1 Webgalamb | 2024-11-21 | N/A |
| subscriber.php in Webgalamb through 7.0 is vulnerable to SQL injection via the Client-IP HTTP request header. | ||||
| CVE-2018-19468 | 1 Hucart | 1 Hucart | 2024-11-21 | N/A |
| HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login URI. | ||||
| CVE-2018-19462 | 1 Phome | 1 Empirecms | 2024-11-21 | N/A |
| admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php. | ||||
| CVE-2018-19436 | 1 Weberp | 1 Weberp | 2024-11-21 | N/A |
| An issue was discovered in the Manufacturing component in webERP 4.15. CollectiveWorkOrderCost.php has Blind SQL Injection via the SearchParts parameter. | ||||
| CVE-2018-19435 | 1 Weberp | 1 Weberp | 2024-11-21 | N/A |
| An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter. | ||||
| CVE-2018-19434 | 1 Weberp | 1 Weberp | 2024-11-21 | N/A |
| An issue was discovered on the "Bank Account Matching - Receipts" screen of the General Ledger component in webERP 4.15. BankMatching.php has Blind SQL injection via the AmtClear_ parameter. | ||||
| CVE-2018-19415 | 1 Plikli | 1 Plikli Cms | 2024-11-21 | N/A |
| Multiple SQL injection vulnerabilities in Plikli CMS 4.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to join_group.php or (2) comment_id parameter to story.php. | ||||
| CVE-2018-19349 | 1 Seacms | 1 Seacms | 2024-11-21 | N/A |
| In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php. | ||||
| CVE-2018-19331 | 1 S-cms | 1 S-cms | 2024-11-21 | N/A |
| An issue was discovered in S-CMS v1.5. There is a SQL injection vulnerability in search.php via the keyword parameter. | ||||
| CVE-2018-19312 | 1 Centreon | 1 Centreon | 2024-11-21 | N/A |
| Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.24) allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI. | ||||