CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

Veracode•added 2026/03/14 5:22 a.m.•4 views

SQL Injection

Craft CMS is vulnerable to SQL Injection. The vulnerability is due to missing input sanitization in the ElementSearchController::actionSearch endpoint, which allows an attacker to inject malicious SQL queries via parameters like criteriawhere or criteriaorderBy and extract sensitive database...

8.8CVSS5.9AI score0.00043EPSS

Exploits0References2Affected Software1

OSV•added 2026/03/11 12:27 a.m.•1 views

GHSA-G7J6-FMWX-7VP8 CraftCMS's `ElementSearchController` Affected by Blind SQL Injection

The ElementSearchController::actionSearch endpoint is missing the unset protection that was added to ElementIndexesController in GHSA-2453-mppf-46cj. The exact same SQL injection vulnerability including criteriaorderBy, the original advisory vector works on this controller because the fix was nev...

8.7CVSS5.9AI score0.00043EPSS

Exploits0References5

CNNVD•added 2026/03/11 12:0 a.m.•2 views

Craft CMS SQL注入漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions of Craft CMS prior to 5.9.9 had a SQL injection vulnerability. This vulnerability stemmed from insufficient input sanitization in the ElementSearchController::actionSearch endpoint, which could lead to SQL...

8.8CVSS5.8AI score0.00043EPSS

Exploits0References2

NVD•added 2023/07/20 7:15 p.m.•7 views

CVE-2023-37164

Diafan CMS v6.0 was discovered to contain a reflected cross-site scripting via the catid parameter at /shop/?module=shop&action=search...

6.1CVSS6.1AI score0.00445EPSS

Exploits1References1

CNNVD•added 2021/05/14 12:0 a.m.•1 views

DedeCMS 跨站脚本漏洞

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing, content management, content editing and content retrieval functions. A cross-site scripting vulnerability...

5.4CVSS5.9AI score0.0036EPSS

Exploits1References2

NVD•added 2018/10/09 5:29 p.m.•8 views

CVE-2018-18075

WikidForum 2.20 has SQL Injection via the rpc.php parentpostid or numrecords parameter, or the index.php?action=search selectsort parameter...

9.8CVSS10AI score0.00572EPSS

Exploits1References2

Prion•added 2018/10/09 5:29 p.m.•8 views

Sql injection

WikidForum 2.20 has SQL Injection via the rpc.php parentpostid or numrecords parameter, or the index.php?action=search selectsort parameter...

7.5CVSS9.9AI score0.00572EPSS

Exploits1References2Affected Software1

Cvelist•added 2018/10/09 4:0 p.m.•11 views

CVE-2018-18075

WikidForum 2.20 has SQL Injection via the rpc.php parentpostid or numrecords parameter, or the index.php?action=search selectsort parameter...

10AI score0.00572EPSS

Exploits1References2

CNVD•added 2017/07/27 12:0 a.m.•1 views

IBOS Enterprise Collaboration Management software open source latest version ApiController.php page actionSearch function has SQL injection vulnerability

IBOS is a new enterprise co-location management platform that offers services such as commercial licensing, program customization, data conversion, storage services and more. IBOS enterprise collaborative management software open source latest version of ApiController.php page actionSearch functi...

7.7AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by