Lucene search
K

1835 matches found

NVD
NVD
added 2026/05/29 4:16 p.m.18 views

CVE-2018-25394

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the releaseid parameter of boardsbuttons/updaterelease.php. The releaseid value is concatenated directly into SQL statements withou...

8.8CVSS0.00334EPSS
Exploits0References4
NVD
NVD
added 2026/05/29 4:16 p.m.13 views

CVE-2018-25386

HaPe PKH 1.1 contains multiple SQL injection vulnerabilities in admin/media.php that allow attackers to manipulate database queries by injecting SQL code through the 'id' parameter. An unauthenticated attacker can exploit the desa module module=desa&act=hapus, while authenticated users can exploi...

8.8CVSS0.00334EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/29 2:46 p.m.14 views

CVE-2018-25403

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to citygraph.php with crafted SQL payloads to extract sensitive database...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/29 2:46 p.m.11 views

CVE-2018-25402 The Open ISES Project 3.30A SQL Injection via inc_types_graph.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to inctypesgraph.php with crafted SQL payloads to extract sensitive...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/29 2:46 p.m.11 views

CVE-2018-25400

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the ajax/formpost.php endpoint with crafted SQL payloads to extract...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/29 2:46 p.m.9 views

EUVD-2018-21920

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the frmpasswd parameter. Attackers can send POST requests to main.php with crafted SQL payloads to extract sensitive...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/29 2:46 p.m.13 views

EUVD-2018-21917

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the featureid parameter of boardsbuttons/updatefeature.php. The featureid value is concatenated directly into SQL statements withou...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/29 2:46 p.m.11 views

CVE-2018-25394 Kados R10 GreenBee SQL Injection via update_release.php

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the releaseid parameter of boardsbuttons/updaterelease.php. The releaseid value is concatenated directly into SQL statements withou...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
CVE
CVE
added 2026/05/29 2:46 p.m.24 views

CVE-2018-25394

Kados R10 GreenBee contains an SQL injection in boards_buttons/update_release.php via the release_id parameter. The release_id value is concatenated directly into SQL statements without sanitization, enabling unauthenticated attackers to send a crafted GET request (Union-based payload) to extract...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/29 2:46 p.m.11 views

EUVD-2018-21908

HaPe PKH 1.1 contains multiple SQL injection vulnerabilities in admin/media.php that allow attackers to manipulate database queries by injecting SQL code through the 'id' parameter. An unauthenticated attacker can exploit the desa module module=desa&act=hapus, while authenticated users can exploi...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References4
CVE
CVE
added 2026/05/29 2:46 p.m.16 views

CVE-2018-25386

HaPe PKH 1.1 is affected by SQL injection in admin/media.php via the 'id' parameter. The vulnerability allows an unauthenticated attacker to target desa (module=desa&act=hapus), while authenticated users can hit pengurus, fasilitas, and kelompok modules (e.g., act=print, act=editpengurus, act=edi...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

Bylancer Zechat SQL注入漏洞

Bylancer Zechat is a PHP instant messaging system developed by Bylancer Corporation, which supports real-time messages, group chat, and social interactions. Version 1.5 of Bylancer Zechat has a SQL injection vulnerability. This vulnerability arises from injecting SQL code via the uname parameter,...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References4
NVD
NVD
added 2026/05/25 3:16 p.m.15 views

CVE-2018-25364

Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including username...

8.8CVSS0.00337EPSS
Exploits0References3
NVD
NVD
added 2026/05/23 7:16 p.m.11 views

CVE-2018-25342

Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in search.php. Attackers can send GET requests with malicious SQL payloads like SLEEP commands to extract...

8.8CVSS0.00334EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/23 6:30 p.m.12 views

CVE-2018-25351

Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username parameter. Attackers can submit POST requests to the login endpoint with SQL injection payloads ...

8.8CVSS6.2AI score0.00358EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/23 6:30 p.m.7 views

CVE-2018-25348

Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the userdetail view with malicious cid values containing SQL commands t...

8.8CVSS5.9AI score0.00358EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/17 12:11 p.m.18 views

CVE-2018-25339

Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the v parameter with sleep-based blind injection to confirm vulnerability and extract data...

8.8CVSS5.9AI score0.00267EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/17 12:11 p.m.41 views

CVE-2018-25338 Zechat 1.5 SQL Injection via hashtag parameter

Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit the hashtag parameter with union-based payloads to retrieve table and column names...

8.8CVSS0.00267EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/17 12:11 p.m.15 views

EUVD-2018-21859

Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit the hashtag parameter with union-based payloads to retrieve table and column names...

8.8CVSS5.9AI score0.00267EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/17 12:11 p.m.8 views

CVE-2018-25333

Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the login parameter in login.php. Attackers can submit crafted POST requests with SQL injection payloa...

8.8CVSS6.1AI score0.00343EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder