Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7719 | 1 Web-dorado | 1 Spider Event Calendar | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for WordPress is exploitable with the order_by parameter to calendar_functions.php or widget_Theme_functions.php, related to front_end/frontend_functions.php.
|
|||||
| CVE-2017-1269 | 1 Ibm | 1 Security Guardium | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-force ID: 124744
|
|||||
| CVE-2017-1002025 | 1 Add-edit-delete-listing-for-member-module Project | 1 Add-edit-delete-listing-for-member-module | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
|
Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement.
|
|||||
| CVE-2017-17871 | 1 Jextn | 1 Jextn Question And Answer | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
The "JEXTN Question And Answer" extension 3.1.0 for Joomla! has SQL Injection via the an parameter in a view=tags action, or the ques-srch parameter.
|
|||||
| CVE-2015-4627 | 1 Pragyan Cms Project | 1 Pragyan Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in Pragyan CMS 3.0.
|
|||||
| CVE-2017-17634 | 1 Single Theater Booking Script Project | 1 Single Theater Booking Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Single Theater Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.
|
|||||
| CVE-2017-1002005 | 1 Dtracker Project | 1 Dtracker | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query.
|
|||||
| CVE-2017-1000004 | 1 Atutor | 1 Atutor | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, Glossary, Social Group Member Search, Social Friend Search, Social Group Search, File Comment, Gradebook Test Title, User Group Membership, Inbox/Sent Items, Sent Messages, Links, Photo Album, Poll, Social Application, Social Profile, Test, Content Menu, Aut ...
Show More |
|||||
| CVE-2017-17590 | 1 Stackoverflow-clone Project | 1 Stackoverflow-clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
FS Stackoverflow Clone 1.0 has SQL Injection via the /question keywords parameter.
|
|||||
| CVE-2017-1002012 | 1 Anblik | 1 Image-gallery-with-slideshow | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, In image-gallery-with-slideshow/admin_setting.php the following snippet of code does not sanitize input via the gid variable before passing it into an SQL statement.
|
|||||
| CVE-2017-12909 | 1 Nexusphp Project | 1 Nexusphp | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter.
|
|||||
| CVE-2016-10204 | 1 Zoneminder | 1 Zoneminder | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php.
|
|||||
| CVE-2017-6557 | 1 Xirrus | 1 Arrayos | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in ArrayOS before AG 9.4.0.135, when the portal bookmark function is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2017-9436 | 1 Teampass | 1 Teampass | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php.
|
|||||
| CVE-2017-7681 | 1 Apache | 1 Openmeetings | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end.
|
|||||
| CVE-2017-17897 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2017-12930 | 1 Tecnovision | 1 Dlx Spot Player4 | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version >1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password.
|
|||||
| CVE-2017-5519 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2017-1183 | 1 Ibm | 1 Tivoli Monitoring | 2025-04-20 | 5.4 MEDIUM | 7.5 HIGH |
|
IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force ID: 123494.
|
|||||
| CVE-2016-9019 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter.
|
|||||
| CVE-2017-11416 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Fiyo CMS 2.0.7 has SQL injection in /apps/app_comment/controller/insert.php via the name parameter.
|
|||||
| CVE-2015-7877 | 1 User Dashboard Project | 1 User Dashboard | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple SQL injection vulnerabilities in the User Dashboard module 7.x before 7.x-1.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2017-7290 | 1 Xoops | 1 Xoops | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
|
SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An example attack uses "into outfile" to create a backdoor program.
|
|||||
| CVE-2017-1002022 | 1 Surveys Project | 1 Surveys | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query.
|
|||||
| CVE-2014-4914 | 2 Debian, Zend | 2 Debian Linux, Zend Framework | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.
|
|||||
| CVE-2017-16735 | 1 Ecava | 1 Integraxor | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log.
|
|||||
| CVE-2017-6097 | 1 Mail-masta Project | 1 Mail-masta | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
|
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign/count_of_send.php (Requires authentication to Wordpress admin) with the POST Parameter: camp_id.
|
|||||
| CVE-2017-17605 | 1 Consumer Complaints Clone Script Project | 1 Consumer Complaints Clone Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter.
|
|||||
| CVE-2017-12276 | 1 Cisco | 1 Prime Collaboration Provisioning | 2025-04-20 | 5.5 MEDIUM | 8.1 HIGH |
|
A vulnerability in the web framework code for the SQL database interface of the Cisco Prime Collaboration Provisioning application could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. The attacker could read or write information from the SQL database. The vulnerability is due to a lack of proper validation on user-supplied input within SQL queries. An attacker could exploit this vulnera ...
Show More |
|||||
| CVE-2017-1002010 | 1 Ontraport | 1 Membership Simplified | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete_media function.
|
|||||
| CVE-2017-17639 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter.
|
|||||
| CVE-2017-17581 | 1 Quibids Clone Project | 1 Quibids Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter.
|
|||||
| CVE-2017-6578 | 1 Mail-masta Project | 1 Mail-masta | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
|
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: subscriber_email.
|
|||||
| CVE-2017-7973 | 1 Schneider-electric | 1 U.motion Builder | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database.
|
|||||
| CVE-2017-17983 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php mem_id parameter.
|
|||||
| CVE-2017-17607 | 1 Cms Auditor Website Project | 1 Cms Auditor Website | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail.
|
|||||
| CVE-2015-3314 | 1 Tune Library Project | 1 Tune Library | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
|
SQL injection vulnerability in WordPress Tune Library plugin before 1.5.5.
|
|||||
| CVE-2016-8025 | 1 Mcafee | 1 Virusscan Enterprise | 2025-04-20 | 6.0 MEDIUM | 6.2 MEDIUM |
|
SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter.
|
|||||
| CVE-2017-8835 | 1 Peplink | 12 1350hw2 Firmware, 2500 Firmware, 380hw6 Firmware and 9 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. An attack vector is the bauth cookie to cgi-bin/MANGA/admin.cgi. One impact is enumeration of user accounts by observing whether a session ID can be retrieved from the sessions database.
|
|||||
| CVE-2015-7568 | 1 Yeager | 1 Yeager Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter.
|
|||||