Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5879 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects source_selector.php and the following parameter: src.
|
|||||
| CVE-2017-17616 | 1 Event Calendar Category Script Project | 1 Event Calendar Category Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Event Search Script 1.0 has SQL Injection via the /event-list city parameter.
|
|||||
| CVE-2017-14847 | 1 Dasinfomedia | 1 Wpams Apartment Management System | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter.
|
|||||
| CVE-2017-12947 | 1 Easymodal Project | 1 Easy Modal | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
|
classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in an untrash action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators.
|
|||||
| CVE-2017-15981 | 1 Geniusocean | 1 Newspaper | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
|
|||||
| CVE-2017-17618 | 1 Kickstarter Clone Script Project | 1 Kickstarter Clone Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter.
|
|||||
| CVE-2017-15976 | 1 Zeescripts | 1 Zeebuddy | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid parameter, a different vulnerability than CVE-2008-3604.
|
|||||
| CVE-2016-9728 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Qradar 7.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM Reference #: 1999543.
|
|||||
| CVE-2012-2576 | 1 Solarwinds | 3 Backup Profiler, Storage Manager, Storage Profiler | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field.
|
|||||
| CVE-2017-17591 | 1 Realestate Crowdfunding Script Project | 1 Realestate Crowdfunding Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter.
|
|||||
| CVE-2017-15946 | 1 Selfget | 1 Tag Meta | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
In the com_tag component 1.7.6 for Joomla!, a SQL injection vulnerability is located in the `tag` parameter to index.php. The request method to execute is GET.
|
|||||
| CVE-2017-1000120 | 1 Frappe | 1 Frappe | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
[ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter.
|
|||||
| CVE-2017-6088 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | 9.0 HIGH | 7.2 HIGH |
|
Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter to module/monitoring_ged/ged_functions.php or the (5) type parameter to monitoring_ged/ajax.php.
|
|||||
| CVE-2017-17606 | 1 Co-work Space Search Script Project | 1 Co-work Space Search Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter.
|
|||||
| CVE-2017-5154 | 1 Advantech | 1 Webaccess | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files.
|
|||||
| CVE-2017-9603 | 1 Intensewp | 1 Wp Jobs | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress allows authenticated users to execute arbitrary SQL commands via the jobid parameter to wp-admin/edit.php.
|
|||||
| CVE-2017-15984 | 1 Bekirk | 1 Creative Management System Lite | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php.
|
|||||
| CVE-2015-5376 | 1 Gsi-office | 1 Winpat Portal | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in the login form in GSI WiNPAT Portal 3.2.0.1001 through 3.6.1.0 allows remote attackers to execute arbitrary SQL commands via the username field.
|
|||||
| CVE-2017-17824 | 1 Piwigo | 1 Piwigo | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
|
The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database.
|
|||||
| CVE-2017-17625 | 1 On Demand Marketplace Script Project | 1 On Demand Marketplace Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Professional Service Script 1.0 has SQL Injection via the service-list city parameter.
|
|||||
| CVE-2017-1002019 | 1 Eventr Project | 1 Eventr | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this allows for blind SQL injection via the event parameter.
|
|||||
| CVE-2017-17110 | 1 Techno - Portfolio Management Panel Project | 1 Techno - Portfolio Management Panel | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request.
|
|||||
| CVE-2017-15987 | 1 Fake Magazine Cover Script Project | 1 Fake Magazine Cover Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter.
|
|||||
| CVE-2017-17617 | 1 Foodspotting Clone Script Project | 1 Foodspotting Clone Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php q parameter.
|
|||||
| CVE-2017-14758 | 1 Opentext | 1 Document Sciences Xpression | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.jsp, parameter: documentId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first.
|
|||||
| CVE-2017-17623 | 1 Opensource Classified Ads Script Project | 1 Opensource Classified Ads Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Opensource Classified Ads Script 3.2 has SQL Injection via the advance_result.php keyword parameter.
|
|||||
| CVE-2017-17630 | 1 Yoga Class Script Project | 1 Yoga Class Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Yoga Class Script 1.0 has SQL Injection via the /list city parameter.
|
|||||
| CVE-2017-17611 | 1 Doctor Search Script Project | 1 Doctor Search Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Doctor Search Script 1.0 has SQL Injection via the /list city parameter.
|
|||||
| CVE-2017-11494 | 1 Sol-connect | 2 Sol.connect Iset-mpp Meter, Sol.connect Iset-mpp Meter Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a login action.
|
|||||
| CVE-2017-1000067 | 1 Modx | 1 Revolution | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges.
|
|||||
| CVE-2017-14345 | 1 Blog Project | 1 Blog | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php.
|
|||||
| CVE-2017-17592 | 1 Website Auction Marketplace Project | 1 Website Auction Marketplace | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Website Auction Marketplace 2.0.5 has SQL Injection via the search.php cat_id parameter.
|
|||||
| CVE-2017-11174 | 1 Xoops | 1 Xoops | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses.
|
|||||
| CVE-2017-6698 | 1 Cisco | 1 Prime Infrastructure | 2025-04-20 | 5.5 MEDIUM | 5.4 MEDIUM |
|
A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc23892 CSCvc35270 CSCvc35626 CSCvc35630 CSCvc49568. Known Affected Releases: 3.1(1) 2.0(4.0.45B).
|
|||||
| CVE-2017-16893 | 1 Piwigo | 1 Piwigo | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The application Piwigo is affected by an SQL injection vulnerability in version 2.9.2 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. tags.php is affected: values of the edit_list parameters are not sanitized; these are used to construct an SQL query and retrieve a list of registered users into the application.
|
|||||
| CVE-2017-12585 | 1 Slims | 1 Akasia | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. It can be exploited by remote authenticated librarian users.
|
|||||
| CVE-2017-17916 | 1 Rubyonrails | 1 Rails | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
|
SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input
|
|||||
| CVE-2017-6571 | 1 Mail-masta Project | 1 Mail-masta | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
|
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign.php with the GET Parameter: id.
|
|||||
| CVE-2016-9994 | 1 Ibm | 1 Kenexa Lcms Premier | 2025-04-20 | 6.5 MEDIUM | 7.1 HIGH |
|
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1976805.
|
|||||
| CVE-2017-11583 | 1 Finecms | 1 Finecms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
dayrui FineCms 5.0.9 has SQL Injection via the catid parameter in an action=related request to libraries/Template.php.
|
|||||