• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-89

CVE-2018-11373

February 26, 2023 by

iScripts eSwap v2.4 has SQL injection via the “salelistdetailed.php” User Panel ToId parameter.

CVE-2018-1132

February 26, 2023 by

A flaw was found in Opendaylight’s SDNInterfaceapp (SDNI). Attackers can SQL inject the component’s database (SQLite) without authenticating to the controller or SDNInterfaceapp. SDNInterface has been deprecated in OpenDayLight since it was last used in the final Carbon series release. In addition to the component not being included in OpenDayLight in newer releases, the SDNInterface component is not packaged in the opendaylight package included in RHEL.

CVE-2018-11309

February 26, 2023 by

Blind SQL injection in coupon_code in the MemberMouse plugin 2.2.8 and prior for WordPress allows an unauthenticated attacker to dump the WordPress MySQL database via an applyCoupon action in an admin-ajax.php request.

CVE-2018-11231

February 26, 2023 by

In the Divido plugin for OpenCart, there is SQL injection. Attackers can use SQL injection to get some confidential information.

CVE-2018-11140

February 26, 2023 by

The ‘reportID’ parameter received by the ‘/common/run_report.php’ script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, an error-based type).

CVE-2018-11136

February 26, 2023 by

The ‘orgID’ parameter received by the ‘/common/download_agent_installer.php’ script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, a blind time-based type).

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 366
  • Go to page 367
  • Go to page 368
  • Go to page 369
  • Go to page 370
  • Interim pages omitted …
  • Go to page 956
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE