• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-89

CVE-2018-16822

February 26, 2023 by

SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter.

CVE-2018-16762

February 26, 2023 by

FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or search_term parameter to pages/items.

CVE-2018-16724

February 26, 2023 by

An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request.

CVE-2018-1674

February 26, 2023 by

IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145109.

CVE-2018-16659

February 26, 2023 by

An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xp_cmdshell for the further privilege elevation.

CVE-2018-16410

February 26, 2023 by

Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 347
  • Go to page 348
  • Go to page 349
  • Go to page 350
  • Go to page 351
  • Interim pages omitted …
  • Go to page 956
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE