WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893.
The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php.
Administrator/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass.
The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection.
CrashFix 1.0.4 has SQL Injection via the User[status] parameter. This is related to actionIndex in UserController.php, and the protected\models\User.php search() function.
cPanel before 74.0.0 allows SQL injection during database backups (SEC-420).
SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string.
subscriber.php in Webgalamb through 7.0 is vulnerable to SQL injection via the Client-IP HTTP request header.
Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section.
An issue was discovered in S-CMS 1.0. It allows SQL Injection via the wap_index.php?type=newsinfo S_id parameter.
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection.
An issue was discovered in arcms through 2018-03-19. SQL injection exists via the json/newslist limit parameter because of ctl/main/Json.php, ctl/main/service/Data.php, and comp/Db/Mysql.php.
HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login URI.
Multiple SQL injection vulnerabilities in Plikli CMS 4.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to join_group.php or (2) comment_id parameter to story.php.
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. It has SQL injection via the member/member_order.php type parameter, related to the O_state parameter.
IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 154494.
CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter.
Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API.
An issue was discovered in LAOBANCMS 2.0. It allows SQL Injection via the admin/login.php guanliyuan parameter.
mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns.
The Tubigan "Welcome to our Resort" 1.0 software allows SQL Injection via index.php?p=accomodation&q=[SQL], index.php?p=rooms&q=[SQL], or admin/login.php.
WikidForum 2.20 has SQL Injection via the rpc.php parent_post_id or num_records parameter, or the index.php?action=search select_sort parameter.
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie.
PhpTpoint Pharmacy Management System suffers from a SQL injection vulnerability in the index.php username parameter.
Open Faculty Evaluation System 7 for PHP 7 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18757.
youke365 v1.1.5 has SQL injection via admin/login.html, as demonstrated by username=admin&pass=123456&code=9823&act=login&submit=%E7%99%BB+%E9%99%86.
SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection.
An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php.
School Equipment Monitoring System 1.0 allows SQL injection via the login screen, related to include/user.vb.
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie.
An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie.
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie.
AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters name, category_id and description in action/addproject.php; kind_id, priority_id, project_id, status_id and title in action/addticket.php; and kind_id and status_id in reports.php.
An issue was discovered in PHPSHE 1.7. SQL injection exists via the admin.php?mod=user&act=del user_id[] parameter.
ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Count method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4226.
Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings.
PhpTpoint hospital management system suffers from multiple SQL injection vulnerabilities via the index.php user parameter associated with LOGIN.php, or the rno parameter to ALIST.php, DUNDEL.php, PDEL.php, or PUNDEL.php.
SQL injection vulnerability in the "ContentPlaceHolder1_uxTitle" component in ArchiveNews.aspx in jco.ir KARMA 6.0.0 allows a remote attacker to execute arbitrary SQL commands via the "id" parameter.
Curriculum Evaluation System 1.0 allows SQL Injection via the login screen, related to frmCourse.vb and includes/user.vb.
spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion.
Busca.aspx.cs in Degrau Publicidade e Internet Plataforma de E-commerce allows SQL Injection via the busca/ URI.
Open Faculty Evaluation System 5.6 for PHP 5.6 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18758.
OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or editTicketStatusId parameter.
School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter.
ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI.
SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the login interface. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts.
There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4.
ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable.
Deltek Vision 7.x before 7.6 permits the execution of any attacker supplied SQL statement through a custom RPC over HTTP protocol. The Vision system relies on the client binary to enforce security rules and integrity of SQL statements and other content being sent to the server. Client HTTP calls can be manipulated by one of several means to execute arbitrary SQL statements (similar to SQLi) or possibly have unspecified other impact via this custom protocol. To perform these attacks an authenticated session is first required. In some cases client calls are obfuscated by encryption, which can be bypassed due to hard-coded keys and an insecure key rotation protocol. Impacts may include remote code execution in some deployments; however, the vendor states that this cannot occur when the installation documentation is heeded.