Total
16332 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19998 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | N/A |
| SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter. | ||||
| CVE-2018-19994 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | N/A |
| An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter. | ||||
| CVE-2018-19952 | 1 Qnap | 2 Music Station, Qts | 2024-11-21 | 7.5 High |
| If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. | ||||
| CVE-2018-19925 | 1 Sales \& Company Management System Project | 1 Sales \& Company Management System | 2024-11-21 | N/A |
| An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. It has SQL injection via the member/member_order.php type parameter, related to the O_state parameter. | ||||
| CVE-2018-19898 | 1 Thinkcmf | 1 Thinkcmf | 2024-11-21 | N/A |
| ThinkCMF X2.2.2 has SQL Injection via the method edit_post in ArticleController.class.php and is exploitable by normal authenticated users via the post[id][1] parameter in an article edit_post action. | ||||
| CVE-2018-19897 | 1 Thinkcmf | 1 Thinkcmf | 2024-11-21 | N/A |
| ThinkCMF X2.2.2 has SQL Injection via the function _listorders() in AdminbaseController.class.php and is exploitable with the manager privilege via the listorders[key][1] parameter in a Link listorders action. | ||||
| CVE-2018-19896 | 1 Thinkcmf | 1 Thinkcmf | 2024-11-21 | N/A |
| ThinkCMF X2.2.2 has SQL Injection via the function delete() in SlideController.class.php and is exploitable with the manager privilege via the ids[] parameter in a slide action. | ||||
| CVE-2018-19895 | 1 Thinkcmf | 1 Thinkcmf | 2024-11-21 | N/A |
| ThinkCMF X2.2.2 has SQL Injection via the function edit_post() in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action. | ||||
| CVE-2018-19894 | 1 Thinkcmf | 1 Thinkcmf | 2024-11-21 | N/A |
| ThinkCMF X2.2.2 has SQL Injection via the functions check() and delete() in CommentadminController.class.php and is exploitable with the manager privilege via the ids[] parameter in a commentadmin action. | ||||
| CVE-2018-19893 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | N/A |
| SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string. | ||||
| CVE-2018-19559 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | N/A |
| CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter. | ||||
| CVE-2018-19558 | 1 Arcms Project | 1 Arcms | 2024-11-21 | N/A |
| An issue was discovered in arcms through 2018-03-19. SQL injection exists via the json/newslist limit parameter because of ctl/main/Json.php, ctl/main/service/Data.php, and comp/Db/Mysql.php. | ||||
| CVE-2018-19557 | 1 Arcms Project | 1 Arcms | 2024-11-21 | N/A |
| An issue was discovered in arcms through 2018-03-19. No authentication is required for index/main, user/useradd, or img/images. | ||||
| CVE-2018-19553 | 1 Interspire | 1 Email Marketer | 2024-11-21 | N/A |
| Interspire Email Marketer through 6.1.6 has SQL Injection via an updateblock sortorder request to Dynamiccontenttags.php | ||||
| CVE-2018-19552 | 1 Interspire | 1 Email Marketer | 2024-11-21 | N/A |
| Interspire Email Marketer through 6.1.6 has SQL Injection via a deleteblock blockid[] request to Dynamiccontenttags.php. | ||||
| CVE-2018-19551 | 1 Interspire | 1 Email Marketer | 2024-11-21 | N/A |
| Interspire Email Marketer through 6.1.6 has SQL Injection via a checkduplicatetags tagname request to Dynamiccontenttags.php. | ||||
| CVE-2018-19549 | 1 Interspire | 1 Email Marketer | 2024-11-21 | N/A |
| Interspire Email Marketer through 6.1.6 has SQL Injection via a tagids Delete action to Dynamiccontenttags.php. | ||||
| CVE-2018-19510 | 1 Ens | 1 Webgalamb | 2024-11-21 | N/A |
| subscriber.php in Webgalamb through 7.0 is vulnerable to SQL injection via the Client-IP HTTP request header. | ||||
| CVE-2018-19468 | 1 Hucart | 1 Hucart | 2024-11-21 | N/A |
| HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login URI. | ||||
| CVE-2018-19462 | 1 Phome | 1 Empirecms | 2024-11-21 | N/A |
| admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php. | ||||