Export limit exceeded: 17944 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (17944 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17842 | 1 Scriptzee | 1 Hotel Booking Engine | 2024-11-21 | 9.8 Critical |
| SQL injection exists in Scriptzee Hotel Booking Engine 1.0 via the hotels h_room_type parameter. | ||||
| CVE-2018-17841 | 1 Flippa Marketplace Clone Project | 1 Flippa Marketplace Clone | 2024-11-21 | N/A |
| SQL injection exists in Scriptzee Flippa Marketplace Clone 1.0 via the site-search sortBy or sortDir parameter. | ||||
| CVE-2018-17840 | 1 Education Website Project | 1 Education Website | 2024-11-21 | N/A |
| SQL injection exists in Scriptzee Education Website 1.0 via the college_list.html subject, city, or country parameter. | ||||
| CVE-2018-17831 | 1 Redaxo | 1 Redaxo | 2024-11-21 | N/A |
| In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list were used. | ||||
| CVE-2018-17796 | 1 Mushroom Content Management System Project | 1 Mushroom Content Management System | 2024-11-21 | N/A |
| An issue was discovered in MRCMS (aka mushroom) through 3.1.2. The WebParam.java file directly accepts the FIELD_T parameter in a request and uses it as a hash of SQL statements without filtering, resulting in a SQL injection vulnerability in getChannel() in the ChannelService.java file. | ||||
| CVE-2018-17575 | 1 Swa | 1 Swa.jacad | 2024-11-21 | N/A |
| SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the /academico/aluno/esqueci-minha-senha/ studentId parameter. | ||||
| CVE-2018-17566 | 1 Thinkphp | 1 Thinkphp | 2024-11-21 | N/A |
| In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request. | ||||
| CVE-2018-17562 | 1 Multitech | 1 Faxfinder | 2024-11-21 | N/A |
| Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/call_details?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information through different injection points. | ||||
| CVE-2018-17552 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | N/A |
| SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie. | ||||
| CVE-2018-17542 | 1 Hgiga | 1 Oaklouds Mailsherlock | 2024-11-21 | N/A |
| SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request. | ||||
| CVE-2018-17446 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2024-11-21 | N/A |
| A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | ||||
| CVE-2018-17428 | 1 Nexusfi | 1 Opac Easyweb Five | 2024-11-21 | N/A |
| An issue was discovered in OPAC EasyWeb Five 5.7. There is SQL injection via the w2001/index.php?scelta=campi biblio parameter. | ||||
| CVE-2018-17420 | 1 Zrlog | 1 Zrlog | 2024-11-21 | N/A |
| An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywords parameter. | ||||
| CVE-2018-17416 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A |
| A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid parameter. | ||||
| CVE-2018-17415 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A |
| zzcms V8.3 has a SQL injection in /user/zs_elite.php via the id parameter. | ||||
| CVE-2018-17414 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A |
| zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass parameter. | ||||
| CVE-2018-17412 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A |
| zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For HTTP header. | ||||
| CVE-2018-17410 | 1 Horus Cms Project | 1 Horus Cms | 2024-11-21 | 9.8 Critical |
| Horus CMS allows SQL Injection, as demonstrated by a request to the /busca or /home URI. | ||||
| CVE-2018-17399 | 1 Jimtawl Project | 1 Jimtawl | 2024-11-21 | N/A |
| SQL Injection exists in the Jimtawl 2.2.7 component for Joomla! via the id parameter. | ||||
| CVE-2018-17398 | 1 Arenam | 1 Amgallery | 2024-11-21 | N/A |
| SQL Injection exists in the AMGallery 1.2.3 component for Joomla! via the filter_category_id parameter. | ||||