探索與 SQL Injection 漏洞相關的 CVE,並依公開年份篩選。本清單預設優先展示最新揭露,並支援依 CVSS 與 EPSS 風險分數進一步篩選。
涵蓋最新漏洞揭露與趨勢,協助安全團隊快速識別高風險問題與被利用可能性。
目前為 SQL Injection 類型、2018 年公開的 CVE。 檢視完整 CVE 清單
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2018-20572 | WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893. | 9.8 | 0.26% | 2018-12-28 | 2024-11-21 |
| CVE-2018-20569 | user/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass. | 9.8 | 0.73% | 2018-12-28 | 2024-11-21 |
| CVE-2018-20568 | Administrator/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass. | 9.8 | 0.73% | 2018-12-28 | 2024-11-21 |
| CVE-2018-1000890 | FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application. | 7.5 | 0.60% | 2018-12-28 | 2024-11-21 |
| CVE-2018-1000631 | Battelle V2I Hub 3.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the tmx/TmxCtl/src/lib/PluginStatus.cpp and TmxControl::user_info() function, which could allow the attacker to view, add, modify or delete information in the back-end database. | 9.8 | 0.42% | 2018-12-28 | 2024-11-21 |
| CVE-2018-1000630 | Battelle V2I Hub 2.5.1 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to /api/PluginStatusActions.php and /status/pluginStatus.php using the jtSorting or id parameter, which could allow the attacker to view, add, modify or delete information in the back-end database. | 7.2 | 0.35% | 2018-12-28 | 2024-11-21 |
| CVE-2018-20508 | CrashFix 1.0.4 has SQL Injection via the User[status] parameter. This is related to actionIndex in UserController.php, and the protected\models\User.php search() function. | 9.8 | 0.26% | 2018-12-27 | 2024-11-21 |
| CVE-2018-20480 | An issue was discovered in S-CMS 1.0. It allows SQL Injection via the js/pic.php P_id parameter. | 9.8 | 0.26% | 2018-12-26 | 2024-11-21 |
| CVE-2018-20479 | An issue was discovered in S-CMS 1.0. It allows SQL Injection via the wap_index.php?type=newsinfo S_id parameter. | 9.8 | 0.26% | 2018-12-26 | 2024-11-21 |
| CVE-2018-20477 | An issue was discovered in S-CMS 3.0. It allows SQL Injection via the bank/callback1.php P_no field. | 9.8 | 0.26% | 2018-12-26 | 2024-11-21 |
| CVE-2018-7802 | A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could give access to the web interface with full privileges. | 8.8 | 0.60% | 2018-12-24 | 2024-11-21 |
| CVE-2018-20338 | Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section. | 9.8 | 5.22% | 2018-12-21 | 2024-11-21 |
| CVE-2018-20329 | Chamilo LMS version 1.11.8 contains a main/inc/lib/CoursesAndSessionsCatalog.class.php SQL injection, allowing users with access to the sessions catalogue (which may optionally be made public) to extract and/or modify database information. | 8.1 | 0.22% | 2018-12-21 | 2024-11-21 |
| CVE-2018-18399 | SQL injection vulnerability in the "ContentPlaceHolder1_uxTitle" component in ArchiveNews.aspx in jco.ir KARMA 6.0.0 allows a remote attacker to execute arbitrary SQL commands via the "id" parameter. | 9.8 | 1.04% | 2018-12-20 | 2024-11-21 |
| CVE-2018-1000871 | HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "id_utente_mod" parameter in gestione_utenti.php file that can result in An attacker can dump all the database records of backend webserver. This attack appear to be exploitable via the attack can be done by anyone via specially crafted sql query passed to the "id_utente_mod=1" parameter. | 9.8 | 0.29% | 2018-12-20 | 2024-11-21 |
| CVE-2018-1000869 | phpIPAM version 1.3.2 contains a CWE-89 vulnerability in /app/admin/nat/item-add-submit.php that can result in SQL Injection.. This attack appear to be exploitable via Rough user, exploiting the vulnerability to access information he/she does not have access to.. This vulnerability appears to have been fixed in 1.4. | 9.8 | 0.28% | 2018-12-20 | 2024-11-21 |
| CVE-2018-1000867 | WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions*.php scripts that can result in Database Read via Blind SQL Injection. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f. | 8.8 | 0.40% | 2018-12-20 | 2024-11-21 |
| CVE-2018-20173 | Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API. | 9.8 | 12.83% | 2018-12-17 | 2024-11-21 |
| CVE-2018-14623 | A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is vulnerable. | 4.3 | 0.14% | 2018-12-14 | 2024-11-21 |
| CVE-2018-18923 | AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters name, category_id and description in action/addproject.php; kind_id, priority_id, project_id, status_id and title in action/addticket.php; and kind_id and status_id in reports.php. | 9.8 | 2.67% | 2018-12-13 | 2024-11-21 |