Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15973 | 1 Sokial | 1 Sokial | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Sokial Social Network Script 1.0 allows SQL Injection via the id parameter to admin/members_view.php.
|
|||||
| CVE-2017-17579 | 1 Freelancer Clone Project | 1 Freelancer Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
FS Freelancer Clone 1.0 has SQL Injection via the profile.php u parameter.
|
|||||
| CVE-2017-17603 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter.
|
|||||
| CVE-2017-14402 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT CREATION" section, related to lack of input validation in include/function.php.
|
|||||
| CVE-2017-17627 | 1 Readymade Video Sharing Script Project | 1 Readymade Video Sharing Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter.
|
|||||
| CVE-2017-17111 | 1 Scubez | 1 Posty Readymade Classifieds | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request.
|
|||||
| CVE-2015-7346 | 1 Zcms Project | 1 Zcms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in ZCMS 1.1.
|
|||||
| CVE-2017-14242 | 1 Dolibarr | 1 Dolibarr | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter.
|
|||||
| CVE-2017-15381 | 1 Softwarepublico | 1 E-sic | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script).
|
|||||
| CVE-2017-17597 | 1 Nearbuy Clone Script Project | 1 Nearbuy Clone Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Nearbuy Clone Script 3.2 has SQL Injection via the category_list.php search parameter.
|
|||||
| CVE-2017-17872 | 1 Jextn | 1 Jextn Video Gallery | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection via the id parameter in a view=category action.
|
|||||
| CVE-2017-17594 | 1 Domainsale Php Script Project | 1 Domainsale Php Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter.
|
|||||
| CVE-2016-3046 | 1 Ibm | 5 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile, Security Access Manager For Mobile Appliance and 2 more | 2025-04-20 | 4.0 MEDIUM | 2.7 LOW |
|
IBM Security Access Manager for Web is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements which could allow the attacker to view information in the back-end database.
|
|||||
| CVE-2017-8789 | 1 Accellion | 1 File Transfer Appliance | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered on Accellion FTA devices before FTA_9_12_180. A report_error.php?year='payload SQL injection vector exists.
|
|||||
| CVE-2014-9558 | 1 Smartcms | 1 Smartcms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple SQL injection vulnerabilities in SmartCMS v.2.
|
|||||
| CVE-2016-0769 | 1 Elfden | 1 Eshop Plugin | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
Multiple SQL injection vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow (1) remote administrators to execute arbitrary SQL commands via the delid parameter or remote authenticated users to execute arbitrary SQL commands via the (2) view, (3) mark, or (4) change parameter.
|
|||||
| CVE-2017-15991 | 1 Vastal | 1 Agent Zone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type, city, or bedroom parameter, a different vulnerability than CVE-2008-3951, CVE-2009-3497, and CVE-2012-0982.
|
|||||
| CVE-2017-17638 | 1 Groupon Clone Script Project | 1 Groupon Clone Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php state_id parameter.
|
|||||
| CVE-2017-9449 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. The attacker creates a crafted table name at admin/developer/modules/views/create/ and the injection is visible at admin/ajax/auto-modules/views/searchable-page/ or admin/modules_name.
|
|||||
| CVE-2017-1002023 | 1 Daisythemes | 1 Easy Team Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php
|
|||||
| CVE-2017-9834 | 1 Calendarscripts | 1 Watupro | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the watupro_questions parameter in a watupro_submit action to wp-admin/admin-ajax.php.
|
|||||
| CVE-2017-5570 | 1 Eclinicalworks | 1 Patient Portal | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the messageJson.jsp, which can only be exploited by authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile().
|
|||||
| CVE-2017-9730 | 1 Dfsol | 1 Nuevomailer | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the "r" parameter.
|
|||||
| CVE-2017-14396 | 1 Osticket | 1 Osticket | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php.
|
|||||
| CVE-2017-14842 | 1 Dasinfomedia | 1 Smsmaster Multipurpose Sms Gateway | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter.
|
|||||
| CVE-2017-13137 | 1 Formcrafts | 1 Formcraft | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php.
|
|||||
| CVE-2017-15977 | 1 Protectedlinks | 1 Expiring Download Links | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Protected Links - Expiring Download Links 1.0 allows SQL Injection via the username parameter.
|
|||||
| CVE-2017-17648 | 1 Entrepreneur Dating Script Project | 1 Entrepreneur Dating Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter.
|
|||||
| CVE-2017-15578 | 1 Phpsugar | 1 Php Melody | 2025-04-20 | 6.0 MEDIUM | 8.8 HIGH |
|
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php.
|
|||||
| CVE-2015-4724 | 1 Concretecms | 1 Concrete Cms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in Concrete5 5.7.3.1.
|
|||||
| CVE-2017-11444 | 1 Intelliants | 1 Subrion Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array.
|
|||||
| CVE-2017-7717 | 1 Sap | 1 Netweaver Application Server Java | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504.
|
|||||
| CVE-2016-4468 | 2 Cloudfoundry, Pivotal Software | 5 Cloud Foundry Uaa Bosh, Cloud Foundry, Cloud Foundry Elastic Runtime and 2 more | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2017-17628 | 1 Responsive Realestate Script Project | 1 Responsive Realestate Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Responsive Realestate Script 3.2 has SQL Injection via the property-list tbud parameter.
|
|||||
| CVE-2017-1002021 | 1 Surveys Project | 1 Surveys | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query.
|
|||||
| CVE-2017-16961 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The attack uses an admin/trees/add/process request with a crafted _tags[] parameter that is mishandled in a later admin/ajax/dashboard/approve-change request.
|
|||||
| CVE-2017-14757 | 1 Opentext | 1 Document Sciences Xpression | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/downloadSupportFile.action, parameter: jobRunId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first.
|
|||||
| CVE-2015-5052 | 1 Sefrengo | 1 Sefrengo | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in Sefrengo before 1.6.5 beta2.
|
|||||
| CVE-2017-15979 | 1 Odallated | 1 Shareet | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via the photo parameter.
|
|||||
| CVE-2017-16847 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action.
|
|||||