Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9435 | 1 Dolibarr | 1 Dolibarr | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters).
|
|||||
| CVE-2017-17917 | 1 Rubyonrails | 1 Rails | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
|
SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input
|
|||||
| CVE-2017-6050 | 1 Ecava | 1 Integraxor | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. The application fails to properly validate user input, which may allow for an unauthenticated attacker to remotely execute arbitrary code in the form of SQL queries.
|
|||||
| CVE-2017-10682 | 1 Piwigo | 1 Piwigo | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or status page to cat_options.php.
|
|||||
| CVE-2017-17695 | 1 Techno - Portfolio Management Panel Project | 1 Techno - Portfolio Management Panel | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter.
|
|||||
| CVE-2017-11413 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/comment_status.php via $_GET['id'].
|
|||||
| CVE-2017-15986 | 1 Cpa Lead Reward Script Project | 1 Cpa Lead Reward Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
CPA Lead Reward Script allows SQL Injection via the username parameter.
|
|||||
| CVE-2016-8928 | 1 Ibm | 1 Kenexa Lms | 2025-04-20 | 6.5 MEDIUM | 7.6 HIGH |
|
IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
|
|||||
| CVE-2017-17582 | 1 Grubhub Clone Project | 1 Grubhub Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
FS Grubhub Clone 1.0 has SQL Injection via the /food keywords parameter.
|
|||||
| CVE-2017-11324 | 1 Tilde Cms Project | 1 Tilde Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Tilde CMS 1.0.1. Due to missing escaping of the backtick character, a SELECT query in class.SystemAction.php is vulnerable to SQL Injection. The vulnerability can be triggered via a POST request to /actionphp/action.input.php with the id parameter.
|
|||||
| CVE-2015-3313 | 1 Community Events Project | 1 Community Events | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in WordPress Community Events plugin before 1.4.
|
|||||
| CVE-2017-17779 | 1 Paid To Read Script Project | 1 Paid To Read Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Paid To Read Script 2.0.5 has SQL injection via the referrals.php id parameter.
|
|||||
| CVE-2016-5952 | 1 Ibm | 1 Kenexa Lcms Premier | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
|
|||||
| CVE-2017-5574 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows unauthenticated users to execute arbitrary SQL commands via the activation parameter.
|
|||||
| CVE-2017-15988 | 1 Nicephpscripts | 1 Nice Php Faq Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme parameter, a different vulnerability than CVE-2008-6525.
|
|||||
| CVE-2016-2566 | 1 Samsung | 2 Galaxy S6, Galaxy S6 Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices has SQL injection, aka SVE-2015-5081.
|
|||||
| CVE-2017-7628 | 1 Smart Related Articles Project | 1 Smart Related Articles | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability).
|
|||||
| CVE-2017-15961 | 1 Iproject Management System Project | 1 Iproject Management System | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php.
|
|||||
| CVE-2016-1914 | 1 Blackberry | 1 Blackberry Enterprise Service | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to execute arbitrary SQL commands via the imageName parameter to (1) mydevice/client/image, (2) admin/client/image, (3) myapps/client/image, (4) ssam/client/image, or (5) all/client/image.
|
|||||
| CVE-2017-15968 | 1 Contractorscripts | 1 Mybuildersite | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.php subcategory parameter.
|
|||||
| CVE-2017-5151 | 1 Panasonic | 1 Video Insight Web Client | 2025-04-20 | 7.5 HIGH | 7.3 HIGH |
|
An issue was discovered in VideoInsight Web Client Version 6.3.5.11 and previous versions. A SQL Injection vulnerability has been identified, which may allow remote code execution.
|
|||||
| CVE-2017-14843 | 1 Dasinfomedia | 1 School Management System | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
Mojoomla School Management System for WordPress allows SQL Injection via the id parameter.
|
|||||
| CVE-2016-7789 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the apikey parameter.
|
|||||
| CVE-2015-8974 | 1 Mybb | 2 Merge System, Mybb | 2025-04-20 | 7.5 HIGH | 10.0 CRITICAL |
|
SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2017-1002018 | 1 Eventr Project | 1 Eventr | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this allows for blind SQL injection via the event parameter.
|
|||||
| CVE-2017-11354 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Fiyo CMS v2.0.7 has an SQL injection vulnerability in dapur/apps/app_article/sys_article.php via the name parameter in editing or adding a tag name.
|
|||||
| CVE-2017-17633 | 1 Multiplex Movie Theater Booking Script Project | 1 Multiplex Movie Theater Booking Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiplex Movie Theater Booking Script 3.1.5 has SQL Injection via the trailer-detail.php moid parameter, show-time.php moid parameter, or event-detail.php eid parameter.
|
|||||
| CVE-2017-4972 | 2 Cloudfoundry, Pivotal Software | 3 Cf-release, Cloud Foundry Uaa Bosh, Cloud Foundry Uaa | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30. An attacker can use a blind SQL injection attack to query the contents of the UAA database.
|
|||||
| CVE-2015-8334 | 1 Huawei | 2 Vcn500, Vcn500 Firmware | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in the Operation and Maintenance Unit (OMU) in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request.
|
|||||
| CVE-2017-15960 | 1 Yourarticlesdirectory | 1 Article Directory Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php.
|
|||||
| CVE-2017-6575 | 1 Mail-masta Project | 1 Mail-masta | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
|
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: member_id.
|
|||||
| CVE-2017-7878 | 1 Flatcore | 1 Flatcore-cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database.
|
|||||
| CVE-2017-7236 | 1 Netapp | 1 Oncommand Unified Manager Core Package | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2017-1002014 | 1 Anblik | 1 Image-gallery-with-slideshow | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter.
|
|||||
| CVE-2016-9020 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.
|
|||||
| CVE-2017-3221 | 1 Inmarsat | 1 Amosconnect 8 | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
|
Blind SQL injection in Inmarsat AmosConnect 8 login form allows remote attackers to access user credentials, including user names and passwords.
|
|||||
| CVE-2015-3934 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/app_article/controller/rating.php or (2) user parameter to user/login.
|
|||||
| CVE-2017-10816 | 1 Intercom | 1 Malion | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in the MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to execute arbitrary SQL commands via Relay Service Server.
|
|||||
| CVE-2017-17580 | 1 Linkedin Clone Project | 1 Linkedin Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter.
|
|||||
| CVE-2017-17873 | 1 Vanguard Project | 1 Marketplace Digital Products Php | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI.
|
|||||