Explore CVEs related to SQL Injection vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing SQL Injection CVEs published in 2018. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2018-19551 | Interspire Email Marketer through 6.1.6 has SQL Injection via a checkduplicatetags tagname request to Dynamiccontenttags.php. | 8.8 | 0.98% | 2018-11-26 | 2026-06-16 |
| CVE-2018-19549 | Interspire Email Marketer through 6.1.6 has SQL Injection via a tagids Delete action to Dynamiccontenttags.php. | 8.8 | 0.98% | 2018-11-26 | 2026-06-16 |
| CVE-2018-19468 | HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login URI. | 9.8 | 1.14% | 2018-11-23 | 2026-06-16 |
| CVE-2018-19436 | An issue was discovered in the Manufacturing component in webERP 4.15. CollectiveWorkOrderCost.php has Blind SQL Injection via the SearchParts parameter. | 7.2 | 1.06% | 2018-11-22 | 2026-06-16 |
| CVE-2018-19435 | An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter. | 7.2 | 1.06% | 2018-11-22 | 2026-06-16 |
| CVE-2018-19434 | An issue was discovered on the "Bank Account Matching - Receipts" screen of the General Ledger component in webERP 4.15. BankMatching.php has Blind SQL injection via the AmtClear_ parameter. | 7.2 | 1.06% | 2018-11-22 | 2026-06-16 |
| CVE-2018-19349 | In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php. | 7.2 | 1.00% | 2018-11-17 | 2026-06-16 |
| CVE-2018-19331 | An issue was discovered in S-CMS v1.5. There is a SQL injection vulnerability in search.php via the keyword parameter. | 7.5 | 1.08% | 2018-11-17 | 2026-06-16 |
| CVE-2018-19312 | Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.24) allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI. | 8.8 | 1.93% | 2018-11-16 | 2026-06-16 |
| CVE-2018-18806 | School Equipment Monitoring System 1.0 allows SQL injection via the login screen, related to include/user.vb. | 9.8 | 1.59% | 2018-11-16 | 2026-06-16 |
| CVE-2018-18805 | Point Of Sales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb. | 9.8 | 5.20% | 2018-11-16 | 2026-06-16 |
| CVE-2018-18804 | Bakeshop Inventory System 1.0 has SQL injection via the login screen, related to include/publicfunction.vb. | 9.8 | 3.21% | 2018-11-16 | 2026-06-16 |
| CVE-2018-18803 | Curriculum Evaluation System 1.0 allows SQL Injection via the login screen, related to frmCourse.vb and includes/user.vb. | 9.8 | 3.21% | 2018-11-16 | 2026-06-16 |
| CVE-2018-18801 | The BSEN Ordering software 1.0 has SQL Injection via student/index.php?view=view&id=[SQL] or index.php?q=single-item&id=[SQL]. | 9.8 | 3.21% | 2018-11-16 | 2026-06-16 |
| CVE-2018-18796 | Library Management System 1.0 has SQL Injection via the "Search for Books" screen. | 9.8 | 1.59% | 2018-11-16 | 2026-06-16 |
| CVE-2018-18795 | School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter. | 9.8 | 3.21% | 2018-11-16 | 2026-06-16 |
| CVE-2018-18763 | SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection. | 9.8 | 3.21% | 2018-11-16 | 2026-06-16 |
| CVE-2018-18761 | SaltOS 3.1 r8126 allows action=login&querystring=&user=[SQL] SQL Injection. | 9.8 | 16.46% | 2018-11-16 | 2026-06-16 |
| CVE-2018-18755 | K-iwi Framework 1775 has SQL Injection via the admin/user/group/update user_group_id parameter or the admin/user/user/update user_id parameter. | 9.8 | 3.10% | 2018-11-16 | 2026-06-16 |
| CVE-2018-0685 | SQL injection vulnerability in the Denbun POP version V3.3P R4.0 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via HTTP requests for mail search. | 8.8 | 1.24% | 2018-11-15 | 2026-06-16 |