CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/23 7:16 p.m.•9 views

CVE-2018-25341

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to product.php with union-based SQL injection payloads in the id parameter to extract...

8.8CVSS0.0009EPSS

ATTACKERKB•added 2026/05/23 6:30 p.m.•7 views

CVE-2018-25352

WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the entryid POST parameter. Attackers can send POST requests to the admin-ajax.php endpoint...

7.1CVSS5.9AI score0.00027EPSS

Exploits0References3

Cvelist•added 2026/05/23 6:30 p.m.•23 views

CVE-2018-25351 Joomla! Component EkRishta 2.10 SQL Injection via username

Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username parameter. Attackers can submit POST requests to the login endpoint with SQL injection payloads ...

8.8CVSS0.0009EPSS

EUVD•added 2026/05/23 6:30 p.m.•8 views

EUVD-2018-21873

CVE•added 2026/05/23 6:30 p.m.•30 views

CVE-2018-25351

CVE-2018-25351 affects Joomla! Component EkRishta 2.10. The connected documents describe an error-based SQL injection in the username parameter that allows unauthenticated attackers to execute arbitrary SQL queries by sending POST requests to the login endpoint, leaking database information inclu...

ATTACKERKB•added 2026/05/23 6:30 p.m.•9 views

CVE-2018-25351

Exploits0References4Affected Software1

Vulnrichment•added 2026/05/23 6:30 p.m.•11 views

CVE-2018-25351 Joomla! Component EkRishta 2.10 SQL Injection via username

Vulnrichment•added 2026/05/23 6:30 p.m.•5 views

CVE-2018-25348 Joomla! Component Ek Rishta 2.10 SQL Injection via user_detail

Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the userdetail view with malicious cid values containing SQL commands t...

ATTACKERKB•added 2026/05/23 6:30 p.m.•4 views

CVE-2018-25348

Exploits0References4Affected Software1

ATTACKERKB•added 2026/05/23 6:30 p.m.•5 views

CVE-2018-25347

WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generetecsvfmc AJAX actions. Attackers can inject malicious SQL code via the 'name' and 'searchlabels' parameter...

7.1CVSS5.9AI score0.00027EPSS

Exploits0References3

ATTACKERKB•added 2026/05/23 6:30 p.m.•3 views

CVE-2018-25346

WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMapping and generetecsv actions. Attackers can submit POST requests with malicious SQL payloads in t...

7.1CVSS5.9AI score0.00029EPSS

Exploits0References2

EUVD•added 2026/05/23 6:30 p.m.•5 views

EUVD-2018-21864

Vulnrichment•added 2026/05/23 6:30 p.m.•5 views

CVE-2018-25342 Smartshop 1 SQL Injection via search.php

EUVD•added 2026/05/23 6:30 p.m.•8 views

EUVD-2018-21862

8.8CVSS6.1AI score0.0009EPSS

CNNVD•added 2026/05/23 12:0 a.m.•5 views

Smartshop SQL注入漏洞

Smartshop is an e-commerce website development template created by Ismail Ghallou. Version 1 of Smartshop has a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the id parameter, which may allow unauthenticated attackers to execute arbitrary SQL queries...

CNNVD•added 2026/05/23 12:0 a.m.•5 views

Dolibarr ERP CRM 代码注入漏洞

Dolibarr ERP CRM is an open-source enterprise and sales management system developed by Dolibarr. Version 7.0.3 of Dolibarr ERP CRM contains a code injection vulnerability. This vulnerability stems from injecting PHP code via the dbname parameter, which may allow unauthenticated attackers to execu...

9.8CVSS6.1AI score0.0061EPSS

Exploits1References4

Positive Technologies•added 2026/05/23 12:0 a.m.•7 views

PT-2026-43096

Name of the Vulnerable Software and Affected Versions Dolibarr ERP CRM version 7.0.3 Description Unauthenticated attackers can achieve remote code execution by injecting PHP code through the db name parameter. This is performed by sending a POST request to the 'install/step1.php' endpoint...

9.8CVSS6.4AI score0.0061EPSS

Exploits1References7

CNNVD•added 2026/05/23 12:0 a.m.•3 views

Joomla Component Ek Rishta SQL注入漏洞

The Joomla component Ek Rishta is a Joomla-based dating and networking website component developed by the Ek Rishta team. Version 2.10 of the Ek Rishta component contains a SQL injection vulnerability. This vulnerability arises from injecting SQL code via the cid parameter, which may allow...