Export limit exceeded: 17936 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (17936 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-21022 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 8.8 High |
| makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter. | ||||
| CVE-2018-21021 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 8.8 High |
| img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter. | ||||
| CVE-2018-21004 | 1 Carrcommunications | 1 Rsvpmaker | 2024-11-21 | N/A |
| The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection. | ||||
| CVE-2018-21003 | 1 Themekraft | 1 Buddyforms | 2024-11-21 | N/A |
| The buddyforms plugin before 2.2.8 for WordPress has SQL injection. | ||||
| CVE-2018-20887 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 74.0.0 allows SQL injection during database backups (SEC-420). | ||||
| CVE-2018-20779 | 1 Traq | 1 Traq | 2024-11-21 | N/A |
| Traq 3.7.1 allows SQL Injection via a tickets?search= URI. | ||||
| CVE-2018-20770 | 1 Xerox | 58 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 55 more | 2024-11-21 | N/A |
| An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is Blind SQL Injection. | ||||
| CVE-2018-20730 | 1 Nedi | 1 Nedi | 2024-11-21 | N/A |
| A SQL injection vulnerability in NeDi before 1.7Cp3 allows any user to execute arbitrary SQL read commands via the query.php component. | ||||
| CVE-2018-20719 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | N/A |
| In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter. | ||||
| CVE-2018-20716 | 1 Cubecart | 1 Cubecart | 2024-11-21 | N/A |
| CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature. | ||||
| CVE-2018-20715 | 1 Oxid-esales | 1 Eshop | 2024-11-21 | N/A |
| The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php. | ||||
| CVE-2018-20713 | 1 Shopware | 1 Shopware | 2024-11-21 | N/A |
| Shopware before 5.4.3 allows SQL Injection by remote authenticated users, aka SW-21404. | ||||
| CVE-2018-20678 | 1 Librenms | 1 Librenms | 2024-11-21 | N/A |
| LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search. | ||||
| CVE-2018-20572 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | N/A |
| WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893. | ||||
| CVE-2018-20569 | 1 Generic Content Management System Project | 1 Generic Content Management System | 2024-11-21 | N/A |
| user/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass. | ||||
| CVE-2018-20568 | 1 Generic Content Management System Project | 1 Generic Content Management System | 2024-11-21 | N/A |
| Administrator/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass. | ||||
| CVE-2018-20556 | 1 Booking Calendar Project | 1 Booking Calendar | 2024-11-21 | N/A |
| SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the booking_id parameter. | ||||
| CVE-2018-20508 | 1 Crashfix Project | 1 Crashfix | 2024-11-21 | N/A |
| CrashFix 1.0.4 has SQL Injection via the User[status] parameter. This is related to actionIndex in UserController.php, and the protected\models\User.php search() function. | ||||
| CVE-2018-20505 | 3 Apple, Microsoft, Sqlite | 7 Icloud, Iphone Os, Itunes and 4 more | 2024-11-21 | N/A |
| SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). | ||||
| CVE-2018-20480 | 1 S-cms | 1 S-cms | 2024-11-21 | N/A |
| An issue was discovered in S-CMS 1.0. It allows SQL Injection via the js/pic.php P_id parameter. | ||||