CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

232692 matches found

CVE-2018-25417

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the quality parameter. Attackers can send GET requests to quality.php with crafted SQL payloads in the quality parameter to extrac...

8.8CVSS0.00068EPSS

Exploits0References4

NVD•added 6 days ago•14 views

CVE-2018-25407

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across...

8.8CVSS0.00068EPSS

Exploits0References4

NVD•added 6 days ago•18 views

CVE-2018-25412

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docsupload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute th...

9.8CVSS0.00346EPSS

Exploits1References5

NVD•added 6 days ago•10 views

CVE-2018-25411

MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the 'id' parameter to...

8.8CVSS0.00068EPSS

Exploits0References4

NVD•added 6 days ago•11 views

CVE-2018-25406

8.8CVSS0.00068EPSS

Exploits0References4

CVE•added 6 days ago•10 views

CVE-2018-25425

Technical details about CVE-2018-25425 are not publicly available in the provided documents. Monitor for updates.

8.8CVSS6.2AI score0.00068EPSS

Exploits0References4

Cvelist•added 6 days ago•23 views

CVE-2018-25425 Yot CMS 3.3.1 SQL Injection via aid and cid Parameters

Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers can send GET requests to index.php with crafted SQL payloads in the aid or cid parameters to extra...

8.8CVSS0.00068EPSS

Exploits0References4

EUVD•added 6 days ago•7 views

EUVD-2018-21947

8.8CVSS6.2AI score0.00068EPSS

Exploits0References4

ATTACKERKB•added 6 days ago•9 views

CVE-2018-25424

Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters. Attackers can submit crafted POST requests to login-exec.php with SQL injection payloads in form...

8.8CVSS5.9AI score0.00167EPSS

Exploits0References4Affected Software1

CVE•added 6 days ago•14 views

CVE-2018-25424

The provided documents confirm a SQL injection vulnerability in Gate Pass Management System 2.1 affecting the login-exec.php authentication flow. Attackers can bypass authentication by submitting crafted POST requests with SQL payloads in the login and password parameters, enabling unauthenticate...

8.8CVSS5.9AI score0.00167EPSS

Exploits0References4

Cvelist•added 6 days ago•24 views

CVE-2018-25424 Gate Pass Management System 2.1 SQL Injection via login-exec.php

8.8CVSS0.00167EPSS

Exploits0References4

Vulnrichment•added 6 days ago•5 views

CVE-2018-25422 MOGG web simulator Script All Version SQL Injection via play.php

MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the id parameter. Attackers can send GET requests to play.php with crafted SQL payloads in the id parameter to extract...

8.8CVSS6.1AI score0.0007EPSS

Exploits0References3

ATTACKERKB•added 6 days ago•7 views

CVE-2018-25422

8.8CVSS6.1AI score0.0007EPSS

Exploits0References3

Cvelist•added 6 days ago•25 views

CVE-2018-25420 AiOPMSD Final 1.0.0 SQL Injection via watch.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to watch.php with crafted SQL payloads to extract sensitive database informati...

8.8CVSS0.00068EPSS

Exploits0References4

ATTACKERKB•added 6 days ago•6 views

CVE-2018-25420

8.8CVSS6.1AI score0.00068EPSS

Exploits0References4Affected Software1

Vulnrichment•added 6 days ago•6 views

CVE-2018-25420 AiOPMSD Final 1.0.0 SQL Injection via watch.php

8.8CVSS6.1AI score0.00068EPSS

Exploits0References4

Cvelist•added 6 days ago•26 views

CVE-2018-25418 AiOPMSD Final 1.0.0 SQL Injection via year.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the year parameter. Attackers can send GET requests to year.php with crafted SQL payloads in the year parameter to extract sensiti...

8.8CVSS0.00068EPSS

Exploits0References4

ATTACKERKB•added 6 days ago•10 views

CVE-2018-25418

8.8CVSS6.1AI score0.00068EPSS

Exploits0References4Affected Software1

Vulnrichment•added 6 days ago•5 views

CVE-2018-25419 AiOPMSD Final 1.0.0 SQL Injection via genre.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the genre parameter. Attackers can send GET requests to genre.php with crafted SQL payloads in the genre parameter to extract...

8.8CVSS6.1AI score0.00068EPSS

Exploits0References4

Cvelist•added 6 days ago•22 views

CVE-2018-25419 AiOPMSD Final 1.0.0 SQL Injection via genre.php

8.8CVSS0.00068EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by