CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

215462 matches found

Cvelist•added 2026/05/30 2:55 p.m.•26 views

CVE-2018-25417 AiOPMSD Final 1.0.0 SQL Injection via quality.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the quality parameter. Attackers can send GET requests to quality.php with crafted SQL payloads in the quality parameter to extrac...

8.8CVSS0.0009EPSS

Exploits0References4

CVE•added 2026/05/30 2:55 p.m.•16 views

CVE-2018-25417

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability via the quality parameter in quality.php. Unauthenticated attackers can send crafted SQL payloads to extract sensitive data (usernames, database names, version details). CVSS metrics indicate high severity (CVSS 3.1: 8.2; CVSS 4.0: 8.8)....

8.8CVSS6.1AI score0.0009EPSS

Exploits0References4

Vulnrichment•added 2026/05/30 2:55 p.m.•6 views

CVE-2018-25414 AiOPMSD Final 1.0.0 SQL Injection via actor.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Attackers can send GET requests to actor.php with crafted SQL payloads in the actor parameter to extract...

8.8CVSS6.1AI score0.0009EPSS

Exploits0References4

Cvelist•added 2026/05/30 2:55 p.m.•20 views

CVE-2018-25414 AiOPMSD Final 1.0.0 SQL Injection via actor.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Attackers can send GET requests to actor.php with crafted SQL payloads in the actor parameter to extract...

8.8CVSS0.0009EPSS

Exploits0References4

EUVD•added 2026/05/30 2:55 p.m.•11 views

EUVD-2018-21936

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Attackers can send GET requests to actor.php with crafted SQL payloads in the actor parameter to extract...

8.8CVSS6.1AI score0.0009EPSS

Exploits0References4

ATTACKERKB•added 2026/05/30 2:55 p.m.•11 views

CVE-2018-25414

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Attackers can send GET requests to actor.php with crafted SQL payloads in the actor parameter to extract...

8.8CVSS6.1AI score0.0009EPSS

Exploits0References4Affected Software1

CVE•added 2026/05/30 2:55 p.m.•15 views

CVE-2018-25414

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability in actor.php that can be exploited by unauthenticated attackers via the actor parameter. The vulnerability is triggered by crafted SQL payloads in GET requests to actor.php, allowing extraction of sensitive database information such as u...

8.8CVSS6.1AI score0.0009EPSS

Exploits0References4

Vulnrichment•added 2026/05/30 2:55 p.m.•5 views

CVE-2018-25413 AiOPMSD Final 1.0.0 SQL Injection via search.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to search.php with crafted SQL payloads to extract sensitive database informati...

8.8CVSS6.1AI score0.0009EPSS

Exploits0References4

EUVD•added 2026/05/30 2:55 p.m.•5 views

EUVD-2018-21932

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters containing SQ...

7.1CVSS6.2AI score0.00029EPSS

Exploits0References4

Vulnrichment•added 2026/05/30 2:55 p.m.•7 views

CVE-2018-25410 SIM-PKH 2.4.1 SQL Injection via media.php id Parameter

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters containing SQ...

7.1CVSS6.2AI score0.00029EPSS

Exploits0References4

CVE•added 2026/05/30 2:55 p.m.•12 views

CVE-2018-25411

CVE-2018-25411 affects MGB OpenSource Guestbook 0.7.0.2. The vulnerability is an SQL injection in the email.php endpoint vulnerable to crafted payloads via the id parameter, allowing unauthenticated attackers to execute arbitrary SQL and potentially enumerate database tables and columns. The issu...

8.8CVSS6.1AI score0.0009EPSS

Exploits0References4

ATTACKERKB•added 2026/05/30 2:55 p.m.•8 views

CVE-2018-25410

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters containing SQ...

7.1CVSS6.2AI score0.00029EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/05/30 2:55 p.m.•25 views

CVE-2018-25411 MGB OpenSource Guestbook 0.7.0.2 SQL Injection via email.php

MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the 'id' parameter to...

8.8CVSS0.0009EPSS

Exploits0References4

CVE•added 2026/05/30 2:55 p.m.•11 views

CVE-2018-25410

SIM-PKH 2.4.1 contains an SQL injection in admin/media.php via the id parameter. In the affected flow, an authenticated attacker can craft GET requests with module=pengurus and act=editpengurus to inject SQL UNION statements, enabling extraction of database information (usernames, database names,...

7.1CVSS6.2AI score0.00029EPSS

Exploits0References4

Cvelist•added 2026/05/30 2:55 p.m.•28 views

CVE-2018-25407 eNdonesia Portal 8.7 SQL Injection via mod.php

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across...

8.8CVSS0.0009EPSS

Exploits0References4

ATTACKERKB•added 2026/05/30 2:55 p.m.•6 views

CVE-2018-25406

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across...

8.8CVSS6.2AI score0.0009EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2026/05/30 2:55 p.m.•7 views

CVE-2018-25407 eNdonesia Portal 8.7 SQL Injection via mod.php

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across...

8.8CVSS6.2AI score0.0009EPSS

Exploits0References4

CVE•added 2026/05/30 2:55 p.m.•10 views

CVE-2018-25407

CVE-2018-25407 affects eNdonesia Portal 8.7, where multiple SQL injection flaws in mod.php allow unauthenticated attackers to execute arbitrary SQL via parameters such as artid, cid, did, contid, and aboutid across the publisher, diskusi, galeri, content, and about modules. The issue can be used ...

8.8CVSS6.2AI score0.0009EPSS

Exploits0References4

EUVD•added 2026/05/30 2:55 p.m.•5 views

EUVD-2018-21928

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across...

8.8CVSS6.2AI score0.0009EPSS

Exploits0References4

CVE•added 2026/05/30 2:55 p.m.•11 views

CVE-2018-25406

CVE-2018-25406 affects the eNdonesia Portal 8.7, where multiple SQL injection vulnerabilities allow unauthenticated attackers to run arbitrary SQL queries via mod.php. The attacker can inject SQL through parameters artid, cid, did, contid, and aboutid across modules including publisher, diskusi, ...

8.8CVSS6.2AI score0.0009EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by