Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8015 | 1 Emc | 1 Appsync | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system.
|
|||||
| CVE-2017-15993 | 1 Zomato Clone Script Project | 1 Zomato Clone Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Zomato Clone Script allows SQL Injection via the restaurant-menu.php resid parameter.
|
|||||
| CVE-2017-17822 | 1 Piwigo | 1 Piwigo | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
|
The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database.
|
|||||
| CVE-2017-6570 | 1 Mail-masta Project | 1 Mail-masta | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
|
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign-list.php with the GET Parameter: id.
|
|||||
| CVE-2017-10899 | 1 Ark-web | 1 A-reserve | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in the A-Reserve and A-Reserve for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2017-17613 | 1 Freelance Website Script Project | 1 Freelance Website Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php pr_id parameter or the searchbycat_list.php catid parameter.
|
|||||
| CVE-2017-17632 | 1 Responsive Events And Movie Ticket Booking Script Project | 1 Responsive Events And Movie Ticket Booking Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Responsive Events And Movie Ticket Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.
|
|||||
| CVE-2017-5598 | 1 Eclinicalworks | 1 Patient Portal | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in eClinicalWorks healow@work 8.0 build 8. This is a blind SQL injection within the EmployeePortalServlet, which can be exploited by un-authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects the EmployeePortalServlet page and the following parameter: employer.
|
|||||
| CVE-2017-14600 | 1 Pragyan Cms Project | 1 Pragyan Cms | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
|
Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure.
|
|||||
| CVE-2017-6550 | 1 Kinsey | 1 Infor-lawson | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute arbitrary SQL commands via the (1) TABLE parameter to esbus/servlet/GetSQLData or (2) QUERY parameter to KK_LS9ReportingPortal/GetData.
|
|||||
| CVE-2017-17823 | 1 Piwigo | 1 Piwigo | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
|
The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database.
|
|||||
| CVE-2017-14238 | 1 Dolibarr | 1 Dolibarr | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter.
|
|||||
| CVE-2017-11184 | 1 Glpi-project | 1 Glpi | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter.
|
|||||
| CVE-2017-17571 | 1 Foodpanda Clone Project | 1 Foodpanda Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
FS Foodpanda Clone 1.0 has SQL Injection via the /food keywords parameter.
|
|||||
| CVE-2016-10509 | 1 Opencart | 1 Opencart | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
|
SQL injection vulnerability in the updateAmazonOrderTracking function in upload/admin/model/openbay/amazon.php in OpenCart before version 2.3.0.0 allows remote authenticated administrators to execute arbitrary SQL commands via a carrier (aka courier_id) parameter to openbay.php.
|
|||||
| CVE-2017-11475 | 1 Glpi-project | 1 Glpi | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php.
|
|||||
| CVE-2017-14844 | 1 Dasinfomedia | 1 Wpgym Gym Management System | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter.
|
|||||
| CVE-2017-17641 | 1 Resume Clone Script Project | 1 Resume Clone Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Resume Clone Script 2.0.5 has SQL Injection via the preview.php id parameter.
|
|||||
| CVE-2017-14069 | 1 Nexusphp | 1 Nexusphp | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php.
|
|||||
| CVE-2017-1000060 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root
|
|||||
| CVE-2015-3637 | 1 Phpmybackuppro | 1 Phpmybackuppro | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
|
SQL injection vulnerability in phpMyBackupPro when run in multi-user mode before 2.5 allows remote attackers to execute arbitrary SQL commands via the username and password parameters.
|
|||||
| CVE-2017-15992 | 1 Website Broker Script Project | 1 Website Broker Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php.
|
|||||
| CVE-2017-11631 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL injection via the id parameter.
|
|||||
| CVE-2017-9427 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core\admin\modules\developer\modules\designer\form-create.php. The attacker creates a crafted table name at admin/developer/modules/designer/ and the injection is visible at admin/dashboard/vitals-statistics/integrity/check/?external=true.
|
|||||
| CVE-2016-7508 | 1 Glpi-project | 1 Glpi | 2025-04-20 | 6.0 MEDIUM | 7.5 HIGH |
|
Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authenticated remote attacker to execute arbitrary SQL commands by using a certain character when the database is configured to use Big5 Asian encoding.
|
|||||
| CVE-2017-2241 | 2 Apple, Hammock | 2 Mac Os X, Assetview | 2025-04-20 | 6.5 MEDIUM | 6.3 MEDIUM |
|
SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via "File Transfer Web Service".
|
|||||
| CVE-2017-16846 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter.
|
|||||
| CVE-2017-9759 | 1 Zenbership | 1 Zenbership | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL Injection exists in admin/index.php in Zenbership 1.0.8 via the filters array parameter, exploitable by a privileged account.
|
|||||
| CVE-2017-7410 | 1 Websitebaker | 1 Websitebaker | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter.
|
|||||
| CVE-2017-15982 | 1 Geniusocean | 1 News | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
|
|||||
| CVE-2017-14247 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue to CVE-2017-1000060.
|
|||||
| CVE-2017-15967 | 1 Mailing-manager | 1 Mailing List Manager Pro | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template.
|
|||||
| CVE-2016-6233 | 2 Fedoraproject, Zend | 2 Fedora, Zend Framework | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression.
|
|||||
| CVE-2017-7581 | 1 News System Project | 1 News System | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed.
|
|||||
| CVE-2017-17900 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter.
|
|||||
| CVE-2017-15965 | 1 Nswd | 1 Ns Download Shop | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action.
|
|||||
| CVE-2017-17941 | 1 Single Theater Booking Script Project | 1 Single Theater Booking Script | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
|
PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter.
|
|||||
| CVE-2016-8027 | 1 Mcafee | 1 Epolicy Orchestrator | 2025-04-20 | 7.5 HIGH | 10.0 CRITICAL |
|
SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post.
|
|||||
| CVE-2017-15980 | 1 Rowindex | 1 Us Zip Codes Database Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter.
|
|||||
| CVE-2017-5663 | 1 Apache | 1 Fineract | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. The 'sqlSearch' parameter on a number of endpoints is not sanitized and appended directly to the query.
|
|||||