Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12977 | 1 10web | 1 Photo Gallery | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
|
The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It is exploitable by administrators via the tag_id parameter.
|
|||||
| CVE-2017-17578 | 1 Crowdfunding Script Project | 1 Crowdfunding Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter.
|
|||||
| CVE-2016-7788 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2017-9418 | 1 Goldplugins | 1 Testimonials Plugin Easy Testimonials | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php.
|
|||||
| CVE-2017-17636 | 1 Mlm Forced Matrix Project | 1 Mlm Forced Matrix | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter.
|
|||||
| CVE-2015-7517 | 1 Labwebdesigns | 1 Double Opt-in For Download | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin before 2.0.9 for WordPress allow remote attackers to execute arbitrary SQL commands via the ver parameter to (1) class-doifd-download.php or (2) class-doifd-landing-page.php in public/includes/.
|
|||||
| CVE-2017-11417 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_status.php via $_GET['id'].
|
|||||
| CVE-2016-7780 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.
|
|||||
| CVE-2016-1218 | 1 Cybozu | 1 Garoon | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in Cybozu Garoon before 4.2.2.
|
|||||
| CVE-2017-11419 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Fiyo CMS 2.0.7 has SQL injection in /apps/app_article/controller/editor.php via $_POST['id'] and $_POST['art_title'].
|
|||||
| CVE-2017-14507 | 1 Shindiristudio | 1 Content Timeline | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) timeline parameter in content_timeline_class.php; or the id parameter to (2) pages/content_timeline_edit.php or (3) pages/content_timeline_index.php.
|
|||||
| CVE-2017-0304 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2025-04-20 | 5.5 MEDIUM | 5.4 MEDIUM |
|
A SQL injection vulnerability exists in the BIG-IP AFM management UI on versions 12.0.0, 12.1.0, 12.1.1, 12.1.2 and 13.0.0 that may allow a copy of the firewall rules to be tampered with and impact the Configuration Utility until there is a resync of the rules. Traffic processing and the live firewall rules in use are not affected.
|
|||||
| CVE-2017-17635 | 1 Mlm Forex Market Plan Script Project | 1 Mlm Forex Market Plan Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
MLM Forex Market Plan Script 2.0.4 has SQL Injection via the news_detail.php newid parameter or the event_detail.php eventid parameter.
|
|||||
| CVE-2017-17601 | 1 Cab Booking Script Project | 1 Cab Booking Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Cab Booking Script 1.0 has SQL Injection via the /service-list city parameter.
|
|||||
| CVE-2017-5346 | 1 Genixcms | 1 Genixcms | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
|
SQL injection vulnerability in inc/lib/Control/Backend/posts.control.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to gxadmin/index.php.
|
|||||
| CVE-2017-17620 | 1 Lawyer Search Script Project | 1 Lawyer Search Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city parameter.
|
|||||
| CVE-2017-9437 | 1 Openbravo | 1 Openbravo Erp | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
Openbravo Business Suite 3.0 is affected by SQL injection. This vulnerability could allow remote authenticated attackers to inject arbitrary SQL code.
|
|||||
| CVE-2017-15081 | 1 Phpsugar | 1 Php Melody | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php.
|
|||||
| CVE-2015-7670 | 1 Support Ticket System Project | 1 Support Ticket System | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple SQL injection vulnerabilities in includes/update.php in the Support Ticket System plugin before 1.2.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) id parameter.
|
|||||
| CVE-2017-5347 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
|
SQL injection vulnerability in inc/mod/newsletter/options.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the recipient parameter to gxadmin/index.php.
|
|||||
| CVE-2017-17608 | 1 Kindergarten - Elementary School Listing Script Project | 1 Kindergarten - Elementary School Listing Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Child Care Script 1.0 has SQL Injection via the /list city parameter.
|
|||||
| CVE-2017-11508 | 1 Tenable | 1 Securitycenter | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a diagnostic scan within SecurityCenter. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access.
|
|||||
| CVE-2017-3899 | 1 Mcafee | 1 Advanced Threat Defense | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
SQL injection vulnerability in Intel Security Advanced Threat Defense (ATD) Linux 3.6.0 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request parameter.
|
|||||
| CVE-2017-15969 | 1 Pilotgroup | 1 Allsharevideo | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
PG All Share Video 1.0 allows SQL Injection via the PATH_INFO to search/tag, friends/index, users/profile, or video_catalog/category.
|
|||||
| CVE-2017-6013 | 1 Intelliants | 1 Subrion Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter.
|
|||||
| CVE-2017-14252 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the group_id cookie to side.php.
|
|||||
| CVE-2017-1174 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123296.
|
|||||
| CVE-2017-17931 | 1 Resume Clone Script Project | 1 Resume Clone Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter.
|
|||||
| CVE-2017-17577 | 1 Trademe Clone Project | 1 Trademe Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter.
|
|||||
| CVE-2017-11470 | 1 Idera | 1 Uptime Infrastructure Monitor | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php via the element parameter.
|
|||||
| CVE-2015-2147 | 1 Phpbugtracker Project | 1 Phpbugtracker | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters.
|
|||||
| CVE-2017-16000 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
|
SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capacity_per_label/index.php.
|
|||||
| CVE-2015-6028 | 1 Castlerock | 1 Snmpc | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter.
|
|||||
| CVE-2017-15978 | 1 Arox | 1 School Erp Php Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter.
|
|||||
| CVE-2017-17957 | 1 Php Multivendor Ecommerce Project | 1 Php Multivendor Ecommerce | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter.
|
|||||
| CVE-2017-1757 | 1 Ibm | 1 Security Guardium | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858.
|
|||||
| CVE-2017-16851 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter.
|
|||||
| CVE-2017-11383 | 1 Trendmicro | 1 Control Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Formerly ZDI-CAN-4560.
|
|||||
| CVE-2017-17609 | 1 Chartered Accountant Booking Script Project | 1 Chartered Accountant Booking Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter.
|
|||||
| CVE-2017-12981 | 1 Nexusphp | 1 Nexusphp | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action.
|
|||||