Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ihsan sencan vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-18800
The Tubigan "Welcome to our Resort" 1.0 software allows SQL Injection via index.php?p=accomodation&q=[SQL], index.php?p=rooms&q=[SQL], or admin/login.php.
Tubigan Welcome To Our Resort 1.0
1 EDB exploit
9.8
CVSSv3
CVE-2018-18801
The BSEN Ordering software 1.0 has SQL Injection via student/index.php?view=view&id=[SQL] or index.php?q=single-item&id=[SQL].
Bsen Ordering Software Project Bsen Ordering Software 1.0
1 EDB exploit
9.8
CVSSv3
CVE-2018-18803
Curriculum Evaluation System 1.0 allows SQL Injection via the login screen, related to frmCourse.vb and includes/user.vb.
Curriculum Evaluation System Project Curriculum Evaluation System 1.0
1 EDB exploit
9.8
CVSSv3
CVE-2018-18805
Point Of Sales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb.
Pointofsales Project Pointofsales 1.0
1 EDB exploit
9.8
CVSSv3
CVE-2018-7319
SQL Injection exists in the OS Property Real Estate 3.12.7 component for Joomla! via the cooling_system1, heating_system1, or laundry parameter.
Os Property Real Estate Project Os Property Real Estate 3.12.7
1 EDB exploit
9.8
CVSSv3
CVE-2018-5970
SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter.
Techjoomla Jgive 2.0.9
1 EDB exploit
9.8
CVSSv3
CVE-2018-5972
SQL Injection exists in Classified Ads CMS Quickad 4.0 via the keywords, placeid, cat, or subcat parameter to the listing URI.
Quickad Project Quickad 4.0
1 EDB exploit
9.8
CVSSv3
CVE-2018-5973
SQL Injection exists in Professional Local Directory Script 1.0 via the sellers_subcategories.php IndustryID parameter, or the suppliers.php IndustryID or CategoryID parameter.
Eihitech Professional Local Directory Script 1.0
1 EDB exploit
9.8
CVSSv3
CVE-2018-5975
SQL Injection exists in the Smart Shoutbox 3.0.0 component for Joomla! via the shoutauthor parameter to the archive URI.
Thekrotek Smart Shoutbox 3.0.0
1 EDB exploit
8.8
CVSSv3
CVE-2018-5976
Cross Site Request Forgery (CSRF) exists in RSVP Invitation Online 1.0 via function/account.php, as demonstrated by modifying the admin password.
Rsvp Invitation Online Project Rsvp Invitation Online 1.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »