Skip to main content
CVE-2018-18806 CRITICAL POC Act Now

School Equipment Monitoring System 1.0 allows SQL injection via the login screen, related to include/user.vb. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi School Equipment Monitoring System
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-18805 CRITICAL POC Act Now

Point Of Sales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Pointofsales
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
5.2%
CVE-2018-18804 CRITICAL POC Act Now

Bakeshop Inventory System 1.0 has SQL injection via the login screen, related to include/publicfunction.vb. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Bakeshop Inventory System
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-18803 CRITICAL POC Act Now

Curriculum Evaluation System 1.0 allows SQL Injection via the login screen, related to frmCourse.vb and includes/user.vb. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Curriculum Evaluation System
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-18801 CRITICAL POC Act Now

The BSEN Ordering software 1.0 has SQL Injection via student/index.php?view=view&id=[SQL] or index.php?q=single-item&id=[SQL]. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Bsen Ordering Software
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-18796 CRITICAL POC Act Now

Library Management System 1.0 has SQL Injection via the "Search for Books" screen. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Library Management System
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-18795 CRITICAL POC Act Now

School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Event Management System
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-18793 CRITICAL POC Act Now

School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP School Event Management System
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
9.5%
CVE-2018-18763 CRITICAL POC Act Now

SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Saltos
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-18761 CRITICAL POC THREAT Act Now

SaltOS 3.1 r8126 allows action=login&querystring=&user=[SQL] SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Saltos
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
16.5%
CVE-2018-18755 CRITICAL POC Act Now

K-iwi Framework 1775 has SQL Injection via the admin/user/group/update user_group_id parameter or the admin/user/user/update user_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi K Iwi
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
3.1%
CVE-2018-16395 CRITICAL PATCH Act Now

An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Ruby Ubuntu Linux Debian Linux +1
NVD
CVSS 3.0
9.8
EPSS
10.7%
CVE-2018-7359 CRITICAL Act Now

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by heap-based buffer overflow vulnerability, which may allow an attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Zte Buffer Overflow RCE Zxhn F670 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy