ReportizFlow
Filtered by vendor
Subscriptions
Total
17246 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-9493 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In the content provider of the download manager, there is a possible SQL injection due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111085900 | ||||
| CVE-2018-9309 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 9.8 Critical |
| An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in a dl/dl_sendsms.php request. | ||||
| CVE-2018-9250 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A |
| interface\super\edit_list.php in OpenEMR before v5_0_1_1 allows remote authenticated users to execute arbitrary SQL commands via the newlistname parameter. | ||||
| CVE-2018-9247 | 1 Gxlcms | 1 Gxlcms Qy | 2024-11-21 | N/A |
| The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gxlcms QY v1.0.0713 allows remote attackers to execute arbitrary SQL statements via the sql parameter. Consequently, an attacker can execute arbitrary PHP code by placing it after a <?php substring, and then using INTO OUTFILE with a .php filename. | ||||
| CVE-2018-9245 | 1 Ericssonlg | 1 Ipecs Nms | 2024-11-21 | N/A |
| The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection vulnerability in the User ID and password fields that allows users to bypass the login page and execute remote code on the operating system. | ||||
| CVE-2018-9230 | 1 Openresty | 1 Openresty | 2024-11-21 | N/A |
| In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.get_uri_args and ngx.req.get_post_args functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application Firewall (ngx_lua_waf or X-WAF) products. NOTE: the vendor has reported that 100 parameters is an intentional default setting, but is adjustable within the API. The vendor's position is that a security-relevant misuse of the API by a WAF product is a vulnerability in the WAF product, not a vulnerability in OpenResty | ||||
| CVE-2018-9102 | 1 Mitel | 2 Mivoice Connect, St 14.2 | 2024-11-21 | N/A |
| A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the signin interface. A successful exploit could allow an attacker to extract sensitive information from the database. | ||||
| CVE-2018-9029 | 1 Broadcom | 1 Privileged Access Manager | 2024-11-21 | N/A |
| An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks. | ||||
| CVE-2018-9019 | 2 Dolibarr, Oracle | 2 Dolibarr, Data Integrator | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php. | ||||
| CVE-2018-8967 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 9.8 Critical |
| An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in an adv2.php?action=modify request. | ||||
| CVE-2018-8953 | 1 Ca | 1 Workload Automation Ae | 2024-11-21 | N/A |
| CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request. | ||||
| CVE-2018-8943 | 1 Phpshe | 1 Phpshe | 2024-11-21 | N/A |
| There is a SQL injection in the PHPSHE 1.6 userbank parameter. | ||||
| CVE-2018-8914 | 1 Synology | 1 Media Server | 2024-11-21 | N/A |
| SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654 allows remote attackers to execute arbitrary SQL commands via the ObjectID parameter. | ||||
| CVE-2018-8824 | 2 Prestashop, Responsive Mega Menu Pro Project | 2 Prestashop, Responsive Mega Menu Pro | 2024-11-21 | N/A |
| modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute a SQL Injection through function calls in the code parameter. | ||||
| CVE-2018-8820 | 1 Square-9 | 1 Globalforms | 2024-11-21 | N/A |
| An issue was discovered in Square 9 GlobalForms 6.2.x. A Time Based SQL injection vulnerability in the "match" parameter allows remote authenticated attackers to execute arbitrary SQL commands. It is possible to upgrade access to full server compromise via xp_cmdshell. In some cases, the authentication requirement for the attack can be met by sending the default admin credentials. | ||||
| CVE-2018-8802 | 1 Unisys | 2 Clearpath Eportal Manager, Eportal-2200 | 2024-11-21 | N/A |
| SQL injection vulnerability in the management interface in ePortal Manager allows remote attackers to execute arbitrary SQL commands via unspecified parameters. | ||||
| CVE-2018-8734 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | N/A |
| SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter. | ||||
| CVE-2018-8733 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | N/A |
| Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to make configuration changes and leverage an authenticated SQL injection vulnerability. | ||||
| CVE-2018-8057 | 1 Westernbridgegroup | 1 Razor | 2024-11-21 | N/A |
| A SQL Injection vulnerability exists in Western Bridge Cobub Razor 0.8.0 via the channel_name or platform parameter in a /index.php?/manage/channel/addchannel request, related to /application/controllers/manage/channel.php. | ||||
| CVE-2018-8045 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view. | ||||