探索与 SQL Injection 漏洞相关的 CVE,并按公开年份筛选。本列表默认优先展示最新披露,并支持按 CVSS 与 EPSS 风险分数进一步筛选。
覆盖最新漏洞披露与趋势,帮助安全团队快速识别高风险问题与被利用可能性。
当前为 SQL Injection 类型、2018 年公开的 CVE。 查看完整 CVE 列表
| CVE | 描述 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|
| CVE-2018-20572 | WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893. | 9.8 | 0.26% | 2018-12-28 | 2024-11-21 |
| CVE-2018-20569 | user/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass. | 9.8 | 0.73% | 2018-12-28 | 2024-11-21 |
| CVE-2018-20568 | Administrator/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass. | 9.8 | 0.73% | 2018-12-28 | 2024-11-21 |
| CVE-2018-1000890 | FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application. | 7.5 | 0.60% | 2018-12-28 | 2024-11-21 |
| CVE-2018-1000631 | Battelle V2I Hub 3.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the tmx/TmxCtl/src/lib/PluginStatus.cpp and TmxControl::user_info() function, which could allow the attacker to view, add, modify or delete information in the back-end database. | 9.8 | 0.42% | 2018-12-28 | 2024-11-21 |
| CVE-2018-1000630 | Battelle V2I Hub 2.5.1 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to /api/PluginStatusActions.php and /status/pluginStatus.php using the jtSorting or id parameter, which could allow the attacker to view, add, modify or delete information in the back-end database. | 7.2 | 0.35% | 2018-12-28 | 2024-11-21 |
| CVE-2018-20508 | CrashFix 1.0.4 has SQL Injection via the User[status] parameter. This is related to actionIndex in UserController.php, and the protected\models\User.php search() function. | 9.8 | 0.26% | 2018-12-27 | 2024-11-21 |
| CVE-2018-20480 | An issue was discovered in S-CMS 1.0. It allows SQL Injection via the js/pic.php P_id parameter. | 9.8 | 0.26% | 2018-12-26 | 2024-11-21 |
| CVE-2018-20479 | An issue was discovered in S-CMS 1.0. It allows SQL Injection via the wap_index.php?type=newsinfo S_id parameter. | 9.8 | 0.26% | 2018-12-26 | 2024-11-21 |
| CVE-2018-20477 | An issue was discovered in S-CMS 3.0. It allows SQL Injection via the bank/callback1.php P_no field. | 9.8 | 0.26% | 2018-12-26 | 2024-11-21 |
| CVE-2018-7802 | A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could give access to the web interface with full privileges. | 8.8 | 0.60% | 2018-12-24 | 2024-11-21 |
| CVE-2018-20338 | Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section. | 9.8 | 5.22% | 2018-12-21 | 2024-11-21 |
| CVE-2018-20329 | Chamilo LMS version 1.11.8 contains a main/inc/lib/CoursesAndSessionsCatalog.class.php SQL injection, allowing users with access to the sessions catalogue (which may optionally be made public) to extract and/or modify database information. | 8.1 | 0.22% | 2018-12-21 | 2024-11-21 |
| CVE-2018-18399 | SQL injection vulnerability in the "ContentPlaceHolder1_uxTitle" component in ArchiveNews.aspx in jco.ir KARMA 6.0.0 allows a remote attacker to execute arbitrary SQL commands via the "id" parameter. | 9.8 | 1.04% | 2018-12-20 | 2024-11-21 |
| CVE-2018-1000871 | HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "id_utente_mod" parameter in gestione_utenti.php file that can result in An attacker can dump all the database records of backend webserver. This attack appear to be exploitable via the attack can be done by anyone via specially crafted sql query passed to the "id_utente_mod=1" parameter. | 9.8 | 0.29% | 2018-12-20 | 2024-11-21 |
| CVE-2018-1000869 | phpIPAM version 1.3.2 contains a CWE-89 vulnerability in /app/admin/nat/item-add-submit.php that can result in SQL Injection.. This attack appear to be exploitable via Rough user, exploiting the vulnerability to access information he/she does not have access to.. This vulnerability appears to have been fixed in 1.4. | 9.8 | 0.28% | 2018-12-20 | 2024-11-21 |
| CVE-2018-1000867 | WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions*.php scripts that can result in Database Read via Blind SQL Injection. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f. | 8.8 | 0.40% | 2018-12-20 | 2024-11-21 |
| CVE-2018-20173 | Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API. | 9.8 | 12.83% | 2018-12-17 | 2024-11-21 |
| CVE-2018-14623 | A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is vulnerable. | 4.3 | 0.14% | 2018-12-14 | 2024-11-21 |
| CVE-2018-18923 | AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters name, category_id and description in action/addproject.php; kind_id, priority_id, project_id, status_id and title in action/addticket.php; and kind_id and status_id in reports.php. | 9.8 | 2.67% | 2018-12-13 | 2024-11-21 |