Total
17351 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17843 | 1 Mlmsoftwarez | 10 Add Clicking Mlm Software, Autopool Mlm Software, Bidding Mlm Software and 7 more | 2024-11-21 | N/A |
| SQL injection exists in ADD Clicking MLM Software 1.0, Binary MLM Software 1.0, Level MLM Software 1.0, Singleleg MLM Software 1.0, Autopool MLM Software 1.0, Investment MLM Software 1.0, Bidding MLM Software 1.0, Moneyorder MLM Software 1.0, Repurchase MLM Software 1.0, and Gift MLM Software 1.0 via the member/readmsg.php msg_id parameter, the member/tree.php pid parameter, or the member/downline.php m_id parameter. | ||||
| CVE-2018-17842 | 1 Scriptzee | 1 Hotel Booking Engine | 2024-11-21 | 9.8 Critical |
| SQL injection exists in Scriptzee Hotel Booking Engine 1.0 via the hotels h_room_type parameter. | ||||
| CVE-2018-17841 | 1 Flippa Marketplace Clone Project | 1 Flippa Marketplace Clone | 2024-11-21 | N/A |
| SQL injection exists in Scriptzee Flippa Marketplace Clone 1.0 via the site-search sortBy or sortDir parameter. | ||||
| CVE-2018-17840 | 1 Education Website Project | 1 Education Website | 2024-11-21 | N/A |
| SQL injection exists in Scriptzee Education Website 1.0 via the college_list.html subject, city, or country parameter. | ||||
| CVE-2018-17831 | 1 Redaxo | 1 Redaxo | 2024-11-21 | N/A |
| In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list were used. | ||||
| CVE-2018-17796 | 1 Mushroom Content Management System Project | 1 Mushroom Content Management System | 2024-11-21 | N/A |
| An issue was discovered in MRCMS (aka mushroom) through 3.1.2. The WebParam.java file directly accepts the FIELD_T parameter in a request and uses it as a hash of SQL statements without filtering, resulting in a SQL injection vulnerability in getChannel() in the ChannelService.java file. | ||||
| CVE-2018-17575 | 1 Swa | 1 Swa.jacad | 2024-11-21 | N/A |
| SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the /academico/aluno/esqueci-minha-senha/ studentId parameter. | ||||
| CVE-2018-17566 | 1 Thinkphp | 1 Thinkphp | 2024-11-21 | N/A |
| In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request. | ||||
| CVE-2018-17562 | 1 Multitech | 1 Faxfinder | 2024-11-21 | N/A |
| Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/call_details?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information through different injection points. | ||||
| CVE-2018-17552 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | N/A |
| SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie. | ||||
| CVE-2018-17542 | 1 Hgiga | 1 Oaklouds Mailsherlock | 2024-11-21 | N/A |
| SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request. | ||||
| CVE-2018-17446 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2024-11-21 | N/A |
| A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | ||||
| CVE-2018-17428 | 1 Nexusfi | 1 Opac Easyweb Five | 2024-11-21 | N/A |
| An issue was discovered in OPAC EasyWeb Five 5.7. There is SQL injection via the w2001/index.php?scelta=campi biblio parameter. | ||||
| CVE-2018-17420 | 1 Zrlog | 1 Zrlog | 2024-11-21 | N/A |
| An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywords parameter. | ||||
| CVE-2018-17416 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A |
| A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid parameter. | ||||
| CVE-2018-17415 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A |
| zzcms V8.3 has a SQL injection in /user/zs_elite.php via the id parameter. | ||||
| CVE-2018-17414 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A |
| zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass parameter. | ||||
| CVE-2018-17412 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A |
| zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For HTTP header. | ||||
| CVE-2018-17410 | 1 Horus Cms Project | 1 Horus Cms | 2024-11-21 | 9.8 Critical |
| Horus CMS allows SQL Injection, as demonstrated by a request to the /busca or /home URI. | ||||
| CVE-2018-17399 | 1 Jimtawl Project | 1 Jimtawl | 2024-11-21 | N/A |
| SQL Injection exists in the Jimtawl 2.2.7 component for Joomla! via the id parameter. | ||||