Results for

sql injection

NA
CVE-2018-19558

An issue was discovered in arcms through 2018-03-19. SQL injection exists via the json/newslist limit parameter because of ctl/main/Json.php, ctl/main/service/Data.php, and comp/Db/Mysql.php.

NA
CVE-2018-19553

Interspire Email Marketer through 6.1.6 has SQL Injection via an updateblock sortorder request to Dynamiccontenttags.php

NA
CVE-2018-19468

HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login URI.

NA
CVE-2018-19434

An issue was discovered on the "Bank Account Matching - Receipts" screen of the General Ledger component in webERP 4.15. BankMatching.php has Blind SQL injection via the AmtClear_ parameter.

NA
CVE-2018-19435

An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter.

NA
CVE-2018-19436

An issue was discovered in the Manufacturing component in webERP 4.15. CollectiveWorkOrderCost.php has Blind SQL Injection via the SearchParts parameter.

NA
CVE-2018-19349

In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php.

NA
CVE-2018-19331

An issue was discovered in S-CMS v1.5. There is a SQL injection vulnerability in search.php via the keyword parameter.

NA
CVE-2018-19312

Centreon 3.4.x allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI.

NA
CVE-2018-18795

School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter.