Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17588 | 1 Imdb Clone Project | 1 Imdb Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
FS IMDB Clone 1.0 has SQL Injection via the movie.php f parameter, tvshow.php s parameter, or show_misc_video.php id parameter.
|
|||||
| CVE-2017-17602 | 1 Advance B2b Script Project | 1 Advance B2b Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter.
|
|||||
| CVE-2017-17621 | 1 Multivendor Penny Auction Clone Script Project | 1 Multivendor Penny Auction Clone Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI.
|
|||||
| CVE-2015-9098 | 1 Red-gate | 1 Sql Monitor | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monitor is connecting to these machines using an account with SQL admin privileges, then code execution on the operating system can result in full system compromise (if Microsoft SQL Server is running with local administrator privileges).
|
|||||
| CVE-2017-14760 | 1 Eventespresso | 1 Event Espresso Lite | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in /includes/event-management/index.php in the event-espresso-free (aka Event Espresso Lite) plugin v3.1.37.12.L for WordPress via the recurrence_id parameter to /wp-admin/admin.php.
|
|||||
| CVE-2017-9246 | 1 Newrelic | 1 .net Agent | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLAN_ALL ON protection mechanism.
|
|||||
| CVE-2016-7803 | 1 Cybozu | 1 Garoon | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function.
|
|||||
| CVE-2017-11161 | 1 Synology | 1 Photo Station | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php.
|
|||||
| CVE-2017-11418 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_list.php via $_GET['cat'], $_GET['user'], $_GET['level'], and $_GET['iSortCol_'.$i].
|
|||||
| CVE-2017-17567 | 1 Scubez | 1 Posty Readymade Classifieds | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Scubez Posty Readymade Classifieds has SQL Injection via the admin/user_activate_submit.php ID parameter.
|
|||||
| CVE-2016-4905 | 1 Wp-olivecart | 2 Olivecart, Olivecartpro | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in the WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows attackers with administrator rights to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2017-17721 | 1 Zuuse | 1 Beims Contractorweb .net | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter.
|
|||||
| CVE-2017-11678 | 1 Hashtopus Project | 1 Hashtopus | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php.
|
|||||
| CVE-2017-17892 | 1 Readymade Video Sharing Script Project | 1 Readymade Video Sharing Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter.
|
|||||
| CVE-2017-15989 | 1 Online Exam Test Application Project | 1 Online Exam Test Application | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Online Exam Test Application allows SQL Injection via the resources.php sort parameter in a category action.
|
|||||
| CVE-2016-4338 | 1 Zabbix | 1 Zabbix | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
|
The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size parameter.
|
|||||
| CVE-2016-5939 | 1 Ibm | 1 Kenexa Lms On Cloud | 2025-04-20 | 6.5 MEDIUM | 6.3 MEDIUM |
|
IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
|
|||||
| CVE-2017-6096 | 1 Mail-masta Project | 1 Mail-masta | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
|
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to Wordpress admin) with the GET Parameter: filter_list.
|
|||||
| CVE-2017-15378 | 1 Softwarepublico | 1 E-sic | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL Injection exists in the E-Sic 1.0 password reset parameter (aka the cpfcnpj parameter to the /reset URI).
|
|||||
| CVE-2016-5742 | 1 Sixapart | 2 Movable Type, Movable Type Open Source | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2017-11329 | 1 Glpi-project | 1 Glpi | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php request with an entity_restrict parameter that is not a list of integers.
|
|||||
| CVE-2016-7400 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id parameter in a showComments expComment controller action.
|
|||||
| CVE-2015-8355 | 1 Orion-soft | 1 Bitrix | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) "by" parameter to admin/orion.extfeedbackform_efbf_forms.php.
|
|||||
| CVE-2017-7879 | 1 Flatcore | 1 Flatcore-cms | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database.
|
|||||
| CVE-2017-14703 | 1 Cashbackcomparisonscript | 1 Cash Back Comparison | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to search/.
|
|||||
| CVE-2017-17870 | 1 Jbuildozer | 1 Jbuildozer | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the appid parameter in an entriessearch action.
|
|||||
| CVE-2017-7991 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.
|
|||||
| CVE-2017-17875 | 1 Jextn | 1 Jextn Faq Pro | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
The JEXTN FAQ Pro extension 4.0.0 for Joomla! has SQL Injection via the id parameter in a view=category action.
|
|||||
| CVE-2017-1002013 | 1 Anblik | 1 Image-gallery-with-slideshow | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php.
|
|||||
| CVE-2017-6095 | 1 Mail-masta Project | 1 Mail-masta | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php (Unauthenticated) with the GET Parameter: list_id.
|
|||||
| CVE-2017-1002015 | 1 Anblik | 1 Image-gallery-with-slideshow | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter.
|
|||||
| CVE-2017-17598 | 1 Affiliate Mlm Script Project | 1 Affiliate Mlm Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Affiliate MLM Script 1.0 has SQL Injection via the product-category.php key parameter.
|
|||||
| CVE-2017-8377 | 1 Genixcms | 1 Genixcms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid parameter.
|
|||||
| CVE-2017-17584 | 1 Makemytrip Clone Project | 1 Makemytrip Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
FS Makemytrip Clone 1.0 has SQL Injection via the show-flight-result.php fl_orig or fl_dest parameter.
|
|||||
| CVE-2017-6754 | 1 Cisco | 1 Smart Net Total Care Collector Appliance | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A vulnerability in the web-based management interface of the Cisco Smart Net Total Care (SNTC) Software Collector Appliance 3.11 could allow an authenticated, remote attacker to perform a read-only, blind SQL injection attack, which could allow the attacker to compromise the confidentiality of the system through SQL timing attacks. The vulnerability is due to insufficient input validation of certain user-supplied fields that are subsequently used by the affected software to build SQL queries. An ...
Show More |
|||||
| CVE-2017-6572 | 1 Mail-masta Project | 1 Mail-masta | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
|
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/add_member.php with the GET Parameter: filter_list.
|
|||||
| CVE-2017-15983 | 1 Geniusocean | 1 Mymagazine Magazine \& Blog Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
|
|||||
| CVE-2017-17575 | 1 Groupon Clone Project | 1 Groupon Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter.
|
|||||
| CVE-2017-5527 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
|
TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks.
|
|||||
| CVE-2017-12679 | 1 Nexusphp | 1 Nexusphp | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php.
|
|||||