Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

216133 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/30 2:55 p.m.8 views

CVE-2018-25410

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters containing SQ...

7.1CVSS6.2AI score0.00221EPSS
Exploits0References4Affected Software1
EUVD
EUVDadded 2026/05/30 2:55 p.m.6 views

EUVD-2018-21932

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters containing SQ...

7.1CVSS6.2AI score0.00221EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/05/30 2:55 p.m.7 views

CVE-2018-25410 SIM-PKH 2.4.1 SQL Injection via media.php id Parameter

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters containing SQ...

7.1CVSS6.2AI score0.00221EPSS
Exploits0References4
CVE
CVEadded 2026/05/30 2:55 p.m.13 views

CVE-2018-25410

SIM-PKH 2.4.1 contains an SQL injection in admin/media.php via the id parameter. In the affected flow, an authenticated attacker can craft GET requests with module=pengurus and act=editpengurus to inject SQL UNION statements, enabling extraction of database information (usernames, database names,...

7.1CVSS6.2AI score0.00221EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/05/30 2:55 p.m.7 views

CVE-2018-25406 eNdonesia Portal 8.7 SQL Injection via mod.php

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/30 2:55 p.m.31 views

CVE-2018-25407 eNdonesia Portal 8.7 SQL Injection via mod.php

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across...

8.8CVSS0.0027EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/30 2:55 p.m.30 views

CVE-2018-25406 eNdonesia Portal 8.7 SQL Injection via mod.php

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across...

8.8CVSS0.0027EPSS
Exploits0References4
CVE
CVEadded 2026/05/30 2:55 p.m.10 views

CVE-2018-25407

CVE-2018-25407 affects eNdonesia Portal 8.7, where multiple SQL injection flaws in mod.php allow unauthenticated attackers to execute arbitrary SQL via parameters such as artid, cid, did, contid, and aboutid across the publisher, diskusi, galeri, content, and about modules. The issue can be used ...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4
CVE
CVEadded 2026/05/30 2:55 p.m.12 views

CVE-2018-25406

CVE-2018-25406 affects the eNdonesia Portal 8.7, where multiple SQL injection vulnerabilities allow unauthenticated attackers to run arbitrary SQL queries via mod.php. The attacker can inject SQL through parameters artid, cid, did, contid, and aboutid across modules including publisher, diskusi, ...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/30 2:55 p.m.6 views

CVE-2018-25406

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/30 2:55 p.m.8 views

CVE-2018-25407 eNdonesia Portal 8.7 SQL Injection via mod.php

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4
EUVD
EUVDadded 2026/05/30 2:55 p.m.7 views

EUVD-2018-21928

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4
EUVD
EUVDadded 2026/05/30 2:55 p.m.5 views

EUVD-2018-21929

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/30 2:55 p.m.32 views

CVE-2018-25405 eNdonesia Portal 8.7 SQL Injection via mod.php

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters to extract...

8.8CVSS0.0027EPSS
Exploits0References4
CVE
CVEadded 2026/05/30 2:55 p.m.12 views

CVE-2018-25405

The CVE-2018-25405 entry describes SQL injection vulnerabilities in eNdonesia Portal 8.7. Specifically, unauthenticated attackers can inject SQL through mod.php parameters artid, cid, did, contid, and aboutid to retrieve sensitive data (usernames, database names, version details). Metrics show CV...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/30 2:55 p.m.5 views

CVE-2018-25405

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters to extract...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4Affected Software1
EUVD
EUVDadded 2026/05/30 2:55 p.m.6 views

EUVD-2018-21927

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters to extract...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4
NVD
NVDadded 2026/05/30 10:16 a.m.16 views

CVE-2026-9757

The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' parameters in all versions up to, and including, 4.5.5 The parameters are read from $SERVER'QUERYSTRING' via parsestr bypassing WordPress's wpmagicquotes protection, which only covers...

7.5CVSS0.00344EPSS
Exploits0References8
EUVD
EUVDadded 2026/05/30 9:28 a.m.9 views

EUVD-2026-33453

The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' parameters in all versions up to, and including, 4.5.5 The parameters are read from $SERVER'QUERYSTRING' via parsestr bypassing WordPress's wpmagicquotes protection, which only covers...

7.5CVSS5.8AI score0.00344EPSS
Exploits0References8
ATTACKERKB
ATTACKERKBadded 2026/05/30 9:28 a.m.8 views

CVE-2026-9757

The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' parameters in all versions up to, and including, 4.5.5 The parameters are read from $SERVER'QUERYSTRING' via parsestr bypassing WordPress's wpmagicquotes protection, which only covers...

7.5CVSS5.8AI score0.00344EPSS
Exploits0References9
Rows per page
Query Builder