Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3933 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php.
|
|||||
| CVE-2017-15373 | 1 Softwarepublico | 1 E-sic | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area).
|
|||||
| CVE-2015-9234 | 1 Cfpaypal | 1 Cp Contact Form With Paypal | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
|
The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php.
|
|||||
| CVE-2017-15539 | 1 Zorovavi\/blog Project | 1 Zorovavi\/blog | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php.
|
|||||
| CVE-2017-17589 | 1 Thumbtack Clone Project | 1 Thumbtack Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter.
|
|||||
| CVE-2017-7886 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter.
|
|||||
| CVE-2017-13068 | 1 Qnap | 1 Qts Helpdesk | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
QNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information. A remote attacker does not require any privileges to successfully execute this attack.
|
|||||
| CVE-2017-5575 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the modules parameter.
|
|||||
| CVE-2012-4570 | 1 Letodms Project | 1 Letodms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in LetoDMS (formerly MyDMS) before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2016-7784 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter.
|
|||||
| CVE-2017-5345 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in inc/lib/Control/Ajax/tags-ajax.control.php in GeniXCMS 0.0.8 allows remote authenticated editors to execute arbitrary SQL commands via the term parameter to the default URI.
|
|||||
| CVE-2017-17612 | 1 Hot Scripts Clone Project | 1 Hot Scripts Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter.
|
|||||
| CVE-2017-14846 | 1 Dasinfomedia | 1 Hospital Management System | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter.
|
|||||
| CVE-2017-17920 | 1 Rubyonrails | 1 Ruby On Rails | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
|
SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input
|
|||||
| CVE-2017-17629 | 1 Secure E-commerce Script Project | 1 Secure E-commerce Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Secure E-commerce Script 2.0.1 has SQL Injection via the category.php searchmain or searchcat parameter, or the single_detail.php sid parameter.
|
|||||
| CVE-2017-16896 | 1 Tt-rss | 1 Tiny Tiny Rss | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter.
|
|||||
| CVE-2017-5609 | 1 S9y | 1 Serendipity | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter.
|
|||||
| CVE-2017-15964 | 1 Nicephpscripts | 1 Job Board Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Job Board Script Software allows SQL Injection via the PATH_INFO to a /job-details URI.
|
|||||
| CVE-2017-6098 | 1 Mail-masta Project | 1 Mail-masta | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
|
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign_save.php (Requires authentication to Wordpress admin) with the POST Parameter: list_id.
|
|||||
| CVE-2017-16733 | 1 Ecava | 1 Integraxor | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database.
|
|||||
| CVE-2017-15933 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
|
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php.
|
|||||
| CVE-2017-1002027 | 1 Rayanehdownload | 1 Rk-responsive-contact-form | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rk_user_list.php.
|
|||||
| CVE-2017-12776 | 1 Nexusphp Project | 1 Nexusphp | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter.
|
|||||
| CVE-2017-14145 | 1 Helpdezk | 1 Helpdezk | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
HelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\loginController.php via the admin/login/getWarningInfo/id/ PATH_INFO, related to the selectWarning function.
|
|||||
| CVE-2017-12567 | 1 Quest | 3 K1000 As A Service, Kace Asset Management Appliance, Kace Systems Management Appliance | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through 7.2.101, and K1000 as a Service 7.0 through 7.2.
|
|||||
| CVE-2015-7564 | 1 Teampass | 1 Teampass | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php.
|
|||||
| CVE-2017-15958 | 1 Domainzaar | 1 D-park Pro | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the username to admin/loginform.php.
|
|||||
| CVE-2017-12199 | 1 Etoilewebdesign | 1 Ultimate Product Catalog | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogue_update_order list-item, video_update_order video-item, image_update_order list-item, tag_group_update_order list_item, category_products_update_order category-product-item, custom_fields_update_order field-item, categories_update_order category-item, subcategories_update_order subcategory-item, and tags_update_order tag-list-item.
|
|||||
| CVE-2017-14738 | 1 Filerun | 1 Filerun | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function).
|
|||||
| CVE-2016-10134 | 1 Zabbix | 1 Zabbix | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.
|
|||||
| CVE-2017-9429 | 1 Event List Project | 1 Event List | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the id parameter to wp-admin/admin.php.
|
|||||
| CVE-2017-12946 | 1 Easymodal Project | 1 Easy Modal | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
|
classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators.
|
|||||
| CVE-2017-17614 | 1 Hotel Restaurant Reviews And Feedback Script Project | 1 Hotel Restaurant Reviews And Feedback Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Food Order Script 1.0 has SQL Injection via the /list city parameter.
|
|||||
| CVE-2016-9416 | 1 Mybb | 2 Merge System, Mybb | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in the users data handler in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2017-15972 | 1 Softdatepro | 1 Dating Software | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SoftDatepro Dating Social Network 1.3 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15971.
|
|||||
| CVE-2017-2641 | 1 Moodle | 1 Moodle | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
In Moodle 2.x and 3.x, SQL injection can occur via user preferences.
|
|||||
| CVE-2017-15949 | 1 Angry-frog | 1 Xavier | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
|
Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the log_id parameter to admin/editgroup.php.
|
|||||
| CVE-2015-8356 | 1 Bitrix Project | 1 Bitrix | 2025-04-20 | 6.0 MEDIUM | 8.0 HIGH |
|
Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to admin/mcart_xls_import.php or the (2) xls_iblock_id, (3) xls_iblock_section_id, (4) firstRow, (5) titleRow, (6) firstColumn, (7) highestColumn, (8) sku_iblock_id, or (9) xls_iblock_section_id_new parameter to admin/mcart_xls_import_step_2.php.
|
|||||
| CVE-2017-16955 | 1 Inlinks Project | 1 Inlinks | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in the InLinks plugin through 1.1 for WordPress allows authenticated users to execute arbitrary SQL commands via the "keyword" parameter to /wp-admin/options-general.php?page=inlinks/inlinks.php.
|
|||||
| CVE-2017-11412 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/controller/comment_status.php via $_GET['id'].
|
|||||