How severe is CVE-2018-18251?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2018-18251?

This is classified as CWE-89, which is a common weakness in software security.

CVE-2018-18251

CRITICAL Year: 2018

CVSS v3 Score

9.8

Critical

CVSS v2 Score

7.5

High

Weakness Type

CWE-89

View all →

Vulnerability Description

Deltek Vision 7.x before 7.6 permits the execution of any attacker supplied SQL statement through a custom RPC over HTTP protocol. The Vision system relies on the client binary to enforce security rules and integrity of SQL statements and other content being sent to the server. Client HTTP calls can be manipulated by one of several means to execute arbitrary SQL statements (similar to SQLi) or possibly have unspecified other impact via this custom protocol. To perform these attacks an authenticated session is first required. In some cases client calls are obfuscated by encryption, which can be bypassed due to hard-coded keys and an insecure key rotation protocol. Impacts may include remote code execution in some deployments; however, the vendor states that this cannot occur when the installation documentation is heeded.

CVE-2005-4891

CRITICAL

CVSS:9.8(Critical)

Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements.

CWE-892005

CVE-2006-5603

CRITICAL

CVSS:9.8(Critical)

SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the RC parameter. NOTE: the provenance of this information is unkn...

CWE-892006

CVE-2007-10002

CRITICAL

CVSS:9.8(Critical)

A vulnerability, which was classified as critical, has been found in web-cyradm. Affected by this issue is some unknown functionality of the file auth.inc.php. The manipulation of the argument login/l...

CWE-892007

CVE-2007-2534

CRITICAL

CVSS:9.8(Critical)

Multiple SQL injection vulnerabilities in admin.php in phpHoo3 allow remote attackers to execute arbitrary SQL commands via the (1) ADMIN_USER (USER) and (2) ADMIN_PASS (PASS) parameters during a logi...

CWE-892007

CVE-2007-3652

CRITICAL

CVSS:9.8(Critical)

SQL injection vulnerability in class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might be the same iss...

CWE-892007

CVE-2008-10003

CRITICAL

CVSS:9.8(Critical)

A vulnerability was found in iGamingModules flashgames 1.1.0. It has been classified as critical. Affected is an unknown function of the file game.php. The manipulation of the argument lid leads to sq...

CWE-892008

CVE-2018-18251

Vulnerability Description

Related Vulnerabilities

CVE-2005-4891

CVE-2006-5603

CVE-2007-10002

CVE-2007-2534

CVE-2007-3652

CVE-2008-10003