Filtered by CWE-89
Total 16332 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-19436 1 Weberp 1 Weberp 2024-11-21 N/A
An issue was discovered in the Manufacturing component in webERP 4.15. CollectiveWorkOrderCost.php has Blind SQL Injection via the SearchParts parameter.
CVE-2018-19435 1 Weberp 1 Weberp 2024-11-21 N/A
An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter.
CVE-2018-19434 1 Weberp 1 Weberp 2024-11-21 N/A
An issue was discovered on the "Bank Account Matching - Receipts" screen of the General Ledger component in webERP 4.15. BankMatching.php has Blind SQL injection via the AmtClear_ parameter.
CVE-2018-19415 1 Plikli 1 Plikli Cms 2024-11-21 N/A
Multiple SQL injection vulnerabilities in Plikli CMS 4.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to join_group.php or (2) comment_id parameter to story.php.
CVE-2018-19349 1 Seacms 1 Seacms 2024-11-21 N/A
In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php.
CVE-2018-19331 1 S-cms 1 S-cms 2024-11-21 N/A
An issue was discovered in S-CMS v1.5. There is a SQL injection vulnerability in search.php via the keyword parameter.
CVE-2018-19312 1 Centreon 1 Centreon 2024-11-21 N/A
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.24) allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI.
CVE-2018-19281 1 Centreon 1 Centreon 2024-11-21 N/A
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection.
CVE-2018-19271 1 Centreon 1 Centreon 2024-11-21 N/A
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) allows SQL Injection via the main.php searchH parameter.
CVE-2018-19221 1 Laobancms 1 Laobancms 2024-11-21 N/A
An issue was discovered in LAOBANCMS 2.0. It allows SQL Injection via the admin/login.php guanliyuan parameter.
CVE-2018-19061 1 Dedecms 1 Dedecms 2024-11-21 N/A
DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter.
CVE-2018-18982 1 Nuuo 1 Nuuo Cms 2024-11-21 N/A
NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can be used to inject SQL into an executing statement and allow arbitrary code execution.
CVE-2018-18963 1 Degraupublicidade 1 Degraupublicidade 2024-11-21 N/A
Busca.aspx.cs in Degrau Publicidade e Internet Plataforma de E-commerce allows SQL Injection via the busca/ URI.
CVE-2018-18949 1 Zohocorp 1 Manageengine Opmanager 2024-11-21 N/A
Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings.
CVE-2018-18923 1 Abisoftgt 1 Ticketly 2024-11-21 N/A
AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters name, category_id and description in action/addproject.php; kind_id, priority_id, project_id, status_id and title in action/addticket.php; and kind_id and status_id in reports.php.
CVE-2018-18887 1 S-cms 1 S-cms 2024-11-21 N/A
S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field).
CVE-2018-18832 1 Dkcms 1 Dkcms 2024-11-21 N/A
admin/check.asp in DKCMS 9.4 allows SQL Injection via an ASPSESSIONID cookie to admin/admin.asp.
CVE-2018-18822 1 Grapixel 1 New Media 2024-11-21 N/A
Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pageref parameter.
CVE-2018-18806 1 School Equipment Monitoring System Project 1 School Equipment Monitoring System 2024-11-21 N/A
School Equipment Monitoring System 1.0 allows SQL injection via the login screen, related to include/user.vb.
CVE-2018-18805 1 Pointofsales Project 1 Pointofsales 2024-11-21 9.8 Critical
Point Of Sales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb.