Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-3886 | 1 Cisco | 1 Unified Communications Manager | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
|
A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The attacker must be authenticated as an administrative user to execute SQL database queries. More Information: CSCvc74291. Known Affected Releases: 1.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 12.0(0.98000.619) 12.0(0.98000.485) 12.0(0.98000.212) 11.5(1.13035.1) 11.0(1. ...
Show More |
|||||
| CVE-2017-6573 | 1 Mail-masta Project | 1 Mail-masta | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
|
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit-list.php with the GET Parameter: id.
|
|||||
| CVE-2015-3616 | 1 Fortinet | 7 Fortimanager 2000e, Fortimanager 200d, Fortimanager 3000f and 4 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters.
|
|||||
| CVE-2017-17829 | 1 Doditsolutions | 1 Bus Booking Script | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
|
Bus Booking Script has SQL Injection via the admin/view_seatseller.php sp_id parameter or the admin/view_member.php memid parameter.
|
|||||
| CVE-2017-15974 | 1 Datacomponents | 1 Tpanel | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php.
|
|||||
| CVE-2017-6065 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticated users to execute arbitrary SQL commands via the order parameter.
|
|||||
| CVE-2016-9402 | 1 Mybb | 2 Merge System, Mybb | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2017-12949 | 1 Podlove | 1 Podlove Podcast Publisher | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF.
|
|||||
| CVE-2017-11471 | 1 Idera | 1 Uptime Infrastructure Monitor | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter.
|
|||||
| CVE-2017-10842 | 1 Basercms | 1 Basercms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2017-11474 | 1 Glpi-project | 1 Glpi | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computer_softwareversion.class.php, exploitable via ajax/common.tabs.php.
|
|||||
| CVE-2015-7714 | 1 Realtyna | 1 Realtyna Property Listing | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
|
Multiple SQL injection vulnerabilities in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allow remote administrators to execute arbitrary SQL commands via the (1) id, (2) copy_field in a data_copy action, (3) pshow in an update_field action, (4) css, (5) tip, (6) cat_id, (7) text_search, (8) plisting, or (9) pwizard parameter to administrator/index.php.
|
|||||
| CVE-2017-1311 | 1 Ibm | 1 Insights Foundation For Energy | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 125719.
|
|||||
| CVE-2017-17642 | 1 Basic Job Site Script Project | 1 Basic Job Site Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job.
|
|||||
| CVE-2017-10898 | 1 Ark-web | 1 A-member | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in the A-Member and A-Member for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2017-15985 | 1 Readymadeb2bscript | 1 Basic B2b Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter.
|
|||||
| CVE-2017-17906 | 1 Car Rental Script Project | 1 Car Rental Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter.
|
|||||
| CVE-2017-15970 | 1 Phpcityportal | 1 Phpcityportal | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
PHP CityPortal 2.0 allows SQL Injection via the nid parameter to index.php in a page=news action, or the cat parameter.
|
|||||
| CVE-2017-14743 | 1 Faleemi | 2 Fsc-880, Fsc-880 Firmware | 2025-04-20 | 9.3 HIGH | 8.1 HIGH |
|
Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/device_service, as demonstrated by reading the admin password.
|
|||||
| CVE-2017-17895 | 1 Basic Job Site Script Project | 1 Basic Job Site Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI.
|
|||||
| CVE-2017-15966 | 1 Zh Yandexmap Project | 1 Zh Yandexmap | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php.
|
|||||
| CVE-2017-2195 | 1 Multi Feed Reader Project | 1 Multi Feed Reader | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in the Multi Feed Reader prior to version 2.2.4 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2017-12710 | 1 Advantech | 1 Webaccess | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information.
|
|||||
| CVE-2017-6574 | 1 Mail-masta Project | 1 Mail-masta | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
|
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: filter_list.
|
|||||
| CVE-2017-17574 | 1 Care Clone Project | 1 Care Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
FS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or jobFrequency parameter.
|
|||||
| CVE-2017-12731 | 1 Opwglobal | 6 Sitesentinel Integra 100, Sitesentinel Integra 100 Firmware, Sitesentinel Integra 500 and 3 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL Injection issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. The application is vulnerable to injection of malicious SQL queries via the input from the client.
|
|||||
| CVE-2017-17619 | 1 Laundry Booking Script Project | 1 Laundry Booking Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Laundry Booking Script 1.0 has SQL Injection via the /list city parameter.
|
|||||
| CVE-2017-17730 | 1 Dedecms | 1 Dedecms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php.
|
|||||
| CVE-2017-17585 | 1 Monster Clone Project | 1 Monster Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
FS Monster Clone 1.0 has SQL Injection via the Employer_Details.php id parameter.
|
|||||
| CVE-2017-15971 | 1 Softdatepro | 1 Same Date Pro | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Same Sex Dating Software Pro 1.0 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15972.
|
|||||
| CVE-2017-11582 | 1 Finecms | 1 Finecms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an action=related or action=tags request to libraries/Template.php.
|
|||||
| CVE-2017-15975 | 1 Vastal | 1 Dating Zone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461.
|
|||||
| CVE-2017-17572 | 1 Amazon Clone Project | 1 Amazon Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari.
|
|||||
| CVE-2017-9463 | 1 Piwigo | 1 Piwigo | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The application Piwigo is affected by a SQL injection vulnerability in version 2.9.0 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The user_list_backend.php component is affected: values of the iDisplayStart & iDisplayLength parameters are not sanitized; these are used to construct a SQL query and retrieve a list of registered users into the application.
|
|||||
| CVE-2017-4974 | 2 Cloudfoundry, Pivotal Software | 3 Cf-release, Cloud Foundry Uaa Bosh, Cloud Foundry Uaa | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v258; UAA release 2.x versions prior to v2.7.4.15, 3.6.x versions prior to v3.6.9, 3.9.x versions prior to v3.9.11, and other versions prior to v3.16.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.13, 24.x versions prior to v24.8, and other versions prior to v30.1. An authorized user can use a blind SQL injection attack to query the contents of the UAA database, aka "Blind SQL Injection with privil ...
Show More |
|||||
| CVE-2015-7390 | 1 Testlink | 1 Testlink | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php.
|
|||||
| CVE-2017-1347 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126462.
|
|||||
| CVE-2017-12908 | 1 Nexusphp Project | 1 Nexusphp | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter.
|
|||||
| CVE-2017-1606 | 1 Ibm | 1 Financial Transaction Manager | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 132926.
|
|||||
| CVE-2017-9360 | 1 Websitebaker | 1 Websitebaker | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php.
|
|||||