Vulnerabilities (CVE)

CWE filter

CWE-89

Filter

5184 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-18887 1 S-cms 1 S-cms 2018-12-08 7.5
S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field).
CVE-2018-18832 1 Dkcms 1 Dkcms 2018-12-06 7.5
admin/check.asp in DKCMS 9.4 allows SQL Injection via an ASPSESSIONID cookie to admin/admin.asp.
CVE-2015-4633 1 Koha 1 Koha 2018-12-06 7.5
Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow (1) remote attackers to execute arbitrary SQL commands via the number parameter to...
CVE-2018-18546 1 Thinkphp 1 Thinkphp 2018-12-04 7.5
ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable.
CVE-2018-18705 1 Phptpoint 1 Hospital Management System 2018-12-04 7.5
PhpTpoint hospital management system suffers from multiple SQL injection vulnerabilities via the index.php user parameter associated with LOGIN.php, or the rno parameter to ALIST.php, DUNDEL.php, PDEL.php, or PUNDEL.php.
CVE-2018-18704 1 Phptpoint 1 Pharmacy Management System 2018-12-04 7.5
PhpTpoint Pharmacy Management System suffers from a SQL injection vulnerability in the index.php username parameter.
CVE-2018-18702 1 Icmsdev 1 Icms 2018-12-04 7.5
spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion.
CVE-2018-18550 1 Serverscheck 1 Serverscheck 2018-12-04 6.5
ServersCheck Monitoring Software before 14.3.4 allows SQL Injection by an authenticated user.
CVE-2018-18527 1 Owndms 1 Ownticket 2018-12-04 7.5
OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or editTicketStatusId parameter.
CVE-2018-15755 1 Cloud Foundry 1 Cf-networking 2018-12-04 6.5
Cloud Foundry CF Networking Release, versions 2.11.0 prior to 2.16.0, contain an internal api endpoint vulnerable to SQL injection between Diego cells and the policy server. A remote authenticated malicious user with mTLS certs can issue...
CVE-2018-0404 1 Cisco 2 Rv180w Wireless-n Multifunction Vpn Router, Rv220w Wireless Network Security Firewall 2018-12-04 5.0
A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL...
CVE-2018-17446 1 Citrix 1 Sd-wan 2018-12-04 7.5
A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
CVE-2018-18785 1 Zzcms 1 Zzcms 2018-12-04 7.5
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php.
CVE-2018-18786 1 Zzcms 1 Zzcms 2018-12-04 7.5
An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie.
CVE-2018-18784 1 Zzcms 1 Zzcms 2018-12-04 6.5
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/tagmanage.php via the tabletag parameter. (This needs an admin user login.)
CVE-2018-18787 1 Zzcms 1 Zzcms 2018-12-04 7.5
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie.
CVE-2018-18788 1 Zzcms 1 Zzcms 2018-12-04 6.5
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/classmanage.php via the tablename parameter. (This needs an admin user login.)
CVE-2018-18789 1 Zzcms 1 Zzcms 2018-12-04 7.5
An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php.
CVE-2018-18790 1 Zzcms 1 Zzcms 2018-12-04 6.5
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/special_add.php via a zxbigclassid cookie. (This needs an admin user login.)
CVE-2018-18791 1 Zzcms 1 Zzcms 2018-12-04 7.5
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie.