LiveActive security incident?Get immediate response
CVE archive

2018 CVE Archive

Browse CVE records published in 2018 CVE Archive, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 16188 matching CVEs · Page 1 of 324.

Unknown · CVSS Not scored

CVE-2018-5354: The custom GINA/CP module in ANIXIS Password Reset Client before version 3.22 allows remote attackers to ex...

The custom GINA/CP module in ANIXIS Password Reset Client before version 3.22 allows remote attackers to execute code and escalate privileges via spoofing. When the client is configured to use HTTP, it does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP.

Published Sep 29, 2020 · Updated Jul 9, 2026

Unknown · CVSS Not scored

CVE-2018-5353: The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attac...

The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. It does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP. Additionally, if the web server has a misconfigured certificate then no spoofing attack is required

Published Sep 29, 2020 · Updated Jul 9, 2026

High · CVSS 7.8

CVE-2018-10902: It was found that the raw midi kernel driver does not protect against concurrent access which leads to a do...

It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.

Published Aug 21, 2018 · Updated Jul 7, 2026

Unknown · CVSS Not scored

CVE-2018-14519: An issue was discovered in Kirby 2.5.12.

An issue was discovered in Kirby 2.5.12. The delete page functionality suffers from a CSRF flaw. A remote attacker can craft a malicious CSRF page and force the user to delete a page.

Published Aug 24, 2022 · Updated Jul 4, 2026

Critical · CVSS 9.3

CVE-2018-25117: VestaCP Debian Installer Malicious Backdoor Supply Chain Compromise

VestaCP commit a3f0fa1 (2018-05-31) up to commit ee03eff (2018-06-13) contain embedded malicious code that resulted in a supply-chain compromise. New installations created from the compromised installer since at least May 2018 were subject to installation of Linux/ChachaDDoS, a multi-stage DDoS bot that uses Lua for second- and third-stage components. The compromise leaked administrative credentials (base64-encoded admin password and server domain) to an external URL during installation and/or resulted in the installer dropping and executing a DDoS malware payload under local system privileges. Compromised servers were subsequently observed participating in large-scale DDoS activity. Vesta acknowledged exploitation in the wild in October 2018.

Published Oct 15, 2025 · Updated Jun 23, 2026

High · CVSS 8.7

CVE-2018-25437: WordPress CherryFramework Themes 3.1.4 Backup File Download

WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download sensitive backup files by accessing the download_backup.php endpoint. Attackers can directly access the download_backup.php script in the admin/data_management directory to obtain ZIP archives containing the entire wp-content/themes directory contents.

Published Jun 15, 2026 · Updated Jun 15, 2026

Critical · CVSS 9.8

CVE-2018-25436: WordPress Plugin Baggage Freight Shipping Australia 0.1.0 Arbitrary File Upload

WordPress Plugin Baggage Freight Shipping Australia 0.1.0 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files by exploiting the upload-package.php endpoint. Attackers can submit POST requests with malicious file extensions to the upload handler, which moves files without validation to the plugin upload directory, enabling remote code execution.

Published Jun 15, 2026 · Updated Jun 15, 2026

Medium · CVSS 5.4

CVE-2018-25384: Wikidforum 2.20 Cross-Site Scripting via reply_text Parameter

Wikidforum 2.20 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted HTML in the reply_text parameter. Attackers can post comments containing JavaScript code through the rpc.php endpoint that executes in other users' browsers when viewing forum replies.

Published May 29, 2026 · Updated Jun 10, 2026

High · CVSS 7.5

CVE-2018-17924: Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthentic...

Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode. When the affected device accepts this new IP configuration, a loss of communication occurs between the device and the rest of the system as the system traffic is still attempting to communicate with the device via the overwritten IP address.

Published Dec 7, 2018 · Updated Jun 3, 2026

Critical · CVSS 9.8

CVE-2018-8859: Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all ver...

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can bypass the required authentication specified in the security configuration file by including extra characters in the directory name when specifying the directory to be accessed. This vulnerability does not affect the i.LON 600 product.

Published Jul 24, 2018 · Updated Jun 2, 2026

Critical · CVSS 9.8

CVE-2018-10627: Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all ver...

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change sensitive configuration items such as the usernames and passwords for the Web and FTP servers. This vulnerability does not affect the i.LON 600 product.

Published Jul 24, 2018 · Updated Jun 2, 2026

High · CVSS 7.1

CVE-2018-25431: No-Cms 1.0 SQL Injection via order_by Parameter

No-Cms 1.0 contains an SQL injection vulnerability in the order_by parameter of the manage_privilege export endpoint that allows authenticated attackers to manipulate database queries. Attackers can submit POST requests to /nocms/main/manage_privilege/index/export with malicious SQL code in the order_by[0] parameter to extract sensitive database information.

Published Jun 1, 2026 · Updated Jun 2, 2026

High · CVSS 8.8

CVE-2018-25389: HaPe PKH 1.1 SQL Injection via nama_kelompok Parameter

HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'nama_kelompok' POST parameter sent to lap-anggota-kelompok-pdf.php. Attackers can send a crafted request with a time-based blind payload to infer and extract sensitive database information.

Published May 29, 2026 · Updated Jun 2, 2026

High · CVSS 8.8

CVE-2018-25414: AiOPMSD Final 1.0.0 SQL Injection via actor.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Attackers can send GET requests to actor.php with crafted SQL payloads in the actor parameter to extract sensitive database information including usernames, database names, and version details.

Published May 30, 2026 · Updated Jun 2, 2026

High · CVSS 8.8

CVE-2018-25394: Kados R10 GreenBee SQL Injection via update_release.php

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the release_id parameter of boards_buttons/update_release.php. The release_id value is concatenated directly into SQL statements without sanitization, allowing attackers to send a crafted GET request with a UNION-based payload to extract sensitive database information including the current user, database name, and DBMS version.

Published May 29, 2026 · Updated Jun 2, 2026

High · CVSS 8.8

CVE-2018-25404: The Open ISES Project 3.30A SQL Injection via add_facnote.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ticket_id parameter. Attackers can send GET requests to add_facnote.php with crafted SQL payloads to extract sensitive database information including version details and other data.

Published May 29, 2026 · Updated Jun 2, 2026

High · CVSS 7.5

CVE-2018-16561: A vulnerability has been identified in SIMATIC S7-300 CPUs (All versions < V3.X.16).

A vulnerability has been identified in SIMATIC S7-300 CPUs (All versions < V3.X.16). The affected CPUs improperly validate S7 communication packets which could cause a Denial-of-Service condition of the CPU. The CPU will remain in DEFECT mode until manual restart. Successful exploitation requires an attacker to be able to send a specially crafted S7 communication packet to a communication interface of the CPU. This includes Ethernet, PROFIBUS, and Multi Point Interfaces (MPI). No user interaction or privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue.

Published Apr 17, 2019 · Updated Jun 2, 2026

High · CVSS 8.8

CVE-2018-25434: WP AutoSuggest 0.24 SQL Injection via autosuggest.php

WP AutoSuggest 0.24 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpas_keys parameter. Attackers can send GET requests to autosuggest.php with crafted wpas_keys values to extract sensitive database information from WordPress posts and other tables.

Published Jun 1, 2026 · Updated Jun 2, 2026

High · CVSS 8.8

CVE-2018-25428: Paroiciel 11.20 SQL Injection via tRecIdListe Parameter

Paroiciel 11.20 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter. Attackers can send GET requests to the trec.php endpoint with crafted SQL payloads to extract database information including table and column names.

Published Jun 1, 2026 · Updated Jun 2, 2026

High · CVSS 7.1

CVE-2018-25430: Paroiciel 11.20 SQL Injection via eGeqIdEquipe Parameter

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the eGeqIdEquipe parameter. Attackers can send GET requests to the egeq.php endpoint with crafted SQL payloads to extract sensitive database information including version details and other data.

Published Jun 1, 2026 · Updated Jun 2, 2026

Critical · CVSS 9.8

CVE-2018-25427: Arm Whois 3.11 Buffer Overflow via SEH Overwrite

Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers can craft malicious input exceeding 658 bytes with shellcode to overwrite the structured exception handler and gain command execution when the application processes the input.

Published Jun 1, 2026 · Updated Jun 2, 2026

High · CVSS 8.8

CVE-2018-25433: Joomla JE Photo Gallery 1.1 SQL Injection via categoryid

Joomla Component JE Photo Gallery 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting malicious SQL code through the categoryid parameter. Attackers can send GET requests to index.php with crafted categoryid values in the com_jephotogallery component to execute arbitrary SQL queries and retrieve sensitive data like usernames and password hashes.

Published Jun 1, 2026 · Updated Jun 2, 2026

High · CVSS 8.6

CVE-2018-25432: Arm Whois 3.11 Buffer Overflow via ASLR Bypass

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input file with a 672-byte offset to overwrite the nSEH and SEH pointers, enabling code execution through exception handler hijacking.

Published Jun 1, 2026 · Updated Jun 2, 2026

Medium · CVSS 6.9

CVE-2018-25435: ZeusCart 4.0 Deactivate Customer Accounts CSRF

ZeusCart 4.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of victims by crafting malicious requests. Attackers can deactivate customer accounts via the admin interface by tricking users into visiting attacker-controlled pages that submit requests to the regstatus endpoint with action=deny parameters.

Published Jun 1, 2026 · Updated Jun 2, 2026

High · CVSS 7.1

CVE-2018-25429: Paroiciel 11.20 SQL Injection via zProIdPro Parameter

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter. Attackers can send GET requests to zpro.php with crafted SQL payloads in the zProIdPro parameter to extract sensitive database information including usernames, databases, and version details.

Published Jun 1, 2026 · Updated Jun 2, 2026

High · CVSS 8.8

CVE-2018-25424: Gate Pass Management System 2.1 SQL Injection via login-exec.php

Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters. Attackers can submit crafted POST requests to login-exec.php with SQL injection payloads in form parameters to authenticate without valid credentials and gain access to the application.

Published May 30, 2026 · Updated Jun 2, 2026

High · CVSS 8.8

CVE-2018-25418: AiOPMSD Final 1.0.0 SQL Injection via year.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the year parameter. Attackers can send GET requests to year.php with crafted SQL payloads in the year parameter to extract sensitive database information including usernames, database names, and version details.

Published May 30, 2026 · Updated Jun 2, 2026

Critical · CVSS 9.8

CVE-2018-25412: Delta Sql 1.8.2 Arbitrary File Upload via docs_upload.php

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute them on the server for remote code execution.

Published May 30, 2026 · Updated Jun 2, 2026

High · CVSS 8.8

CVE-2018-25406: eNdonesia Portal 8.7 SQL Injection via mod.php

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across publisher, diskusi, galeri, content, and about modules to extract database credentials, usernames, and version information.

Published May 30, 2026 · Updated Jun 2, 2026

High · CVSS 8.8

CVE-2018-25402: The Open ISES Project 3.30A SQL Injection via inc_types_graph.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to inc_types_graph.php with crafted SQL payloads to extract sensitive database information including schema names and other data.

Published May 29, 2026 · Updated Jun 2, 2026

High · CVSS 8.8

CVE-2018-25399: The Open ISES Project 3.30A SQL Injection via nearby.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tick_lat and tick_lng parameters. Attackers can send GET requests to nearby.php with crafted SQL payloads to extract sensitive database information including usernames, database names, and version details.

Published May 29, 2026 · Updated Jun 2, 2026

Medium · CVSS 6.9

CVE-2018-25397: PHP-SHOP 1.0 Cross-Site Request Forgery via users.php

PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that automatically submits POST requests to the users.php endpoint with parameters like name, email, password, and permissions set to admin to create unauthorized admin accounts.

Published May 29, 2026 · Updated Jun 2, 2026

High · CVSS 7.1

CVE-2018-25392: MaxOn ERP Software 8.x-9.x SQL Injection via nomor Parameter

MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries through the nomor, user, and jenis parameters in the log_activity function. Attackers can send POST requests to /index.php/user/log_activity with malicious SQL code in these parameters to extract sensitive database information including version and database names.

Published May 29, 2026 · Updated Jun 2, 2026

Medium · CVSS 6.9

CVE-2018-25387: HaPe PKH 1.1 Cross-Site Request Forgery via aksi_user.php

HaPe PKH 1.1 contains a cross-site request forgery vulnerability that allows attackers to change administrator passwords by submitting forged requests to the user update endpoint. Attackers can craft malicious forms targeting the aksi_user.php script with parameters like id_user, password, and level to modify admin credentials without authentication.

Published May 29, 2026 · Updated Jun 2, 2026

High · CVSS 8.8

CVE-2018-25382: Zechat 1.5 SQL Injection via uname Parameter

Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted requests to profile.php with UNION-based SQL injection payloads to retrieve table names, column names, and sensitive data from the information_schema database.

Published May 29, 2026 · Updated Jun 2, 2026

High · CVSS 8.8

CVE-2018-25409: SIM-PKH 2.4.1 Arbitrary File Upload via aksi_pengurus.php

SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksi_pengurus.php endpoint with module=pengurus and act=update parameters, which are stored in the foto directory and executed as web scripts.

Published May 30, 2026 · Updated Jun 1, 2026

High · CVSS 8.8

CVE-2018-25415: AiOPMSD Final 1.0.0 SQL Injection via director Parameter

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the director parameter. Attackers can send GET requests to director.php with crafted SQL payloads in the director parameter to extract sensitive database information including usernames, database names, and version details.

Published May 30, 2026 · Updated Jun 1, 2026

High · CVSS 7.1

CVE-2018-25421: Open STA Manager 2.3 Arbitrary File Download via Path Traversal

Open STA Manager 2.3 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by manipulating the file parameter. Attackers can send GET requests to modules/backup/actions.php with op=getfile and traverse directories using ../ sequences to access sensitive system files.

Published May 30, 2026 · Updated Jun 1, 2026