Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14403 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php.
|
|||||
| CVE-2017-17651 | 1 Paid To Read Script Project | 1 Paid To Read Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter.
|
|||||
| CVE-2017-17599 | 1 Advance Online Learning Management Script Project | 1 Advance Online Learning Management Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter.
|
|||||
| CVE-2017-2120 | 1 Wbce | 1 Wbce Cms | 2025-04-20 | 6.0 MEDIUM | 7.2 HIGH |
|
SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2017-15379 | 1 Softwarepublico | 1 E-sic | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password.
|
|||||
| CVE-2015-5533 | 1 Count Per Day Project | 1 Count Per Day | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
|
SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep_month parameter to wp-admin/options-general.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
|
|||||
| CVE-2017-15959 | 1 Adultscriptpro | 1 Adultscriptpro | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576.
|
|||||
| CVE-2017-16848 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter.
|
|||||
| CVE-2017-17615 | 1 Facebook Clone Script Project | 1 Facebook Clone Script | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter.
|
|||||
| CVE-2016-9333 | 1 Moxa | 1 Softcms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. The SoftCMS Application does not properly sanitize input that may allow a remote attacker access to SoftCMS with administrator's privilege through specially crafted input (SQL INJECTION).
|
|||||
| CVE-2017-11200 | 1 Finecms Project | 1 Finecms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL Injection exists in FineCMS through 2017-07-12 via the application/core/controller/excludes.php visitor_ip parameter.
|
|||||
| CVE-2016-2034 | 1 Arubanetworks | 1 Clearpass | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in ClearPass Policy Manager 6.5.x through 6.5.6 and 6.6.0.
|
|||||
| CVE-2017-14076 | 1 Nexusphp | 1 Nexusphp | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action.
|
|||||
| CVE-2016-7782 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter.
|
|||||
| CVE-2016-8341 | 1 Ecava | 1 Integraxor | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host's database could be subject to read, write, and delete commands.
|
|||||
| CVE-2014-8621 | 1 Store Locator Project | 1 Store Locator | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in the Store Locator plugin 2.3 through 3.11 for WordPress allows remote attackers to execute arbitrary SQL commands via the sl_custom_field parameter to sl-xml.php.
|
|||||
| CVE-2017-17595 | 1 Beauty Parlour Booking Script Project | 1 Beauty Parlour Booking Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Beauty Parlour Booking Script 1.0 has SQL Injection via the /list gender or city parameter.
|
|||||
| CVE-2017-17596 | 1 Entrepreneur Job Portal Script Project | 1 Entrepreneur Job Portal Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter.
|
|||||
| CVE-2017-14601 | 1 Pragyan Cms Project | 1 Pragyan Cms | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
|
Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure.
|
|||||
| CVE-2017-17570 | 1 Expedia Clone Project | 1 Expedia Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php fl_orig or fl_dest parameter.
|
|||||
| CVE-2017-5569 | 1 Eclinicalworks | 1 Patient Portal | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP POST request, and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile().
|
|||||
| CVE-2015-2146 | 1 Phpbugtracker Project | 1 Phpbugtracker | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to project.php, the (2) group_id parameter to group.php, the (3) status_id parameter to status.php, the (4) resolution_id parameter to resolution.php, the (5) severity_id parameter to severity.php, the (6) priority_id parameter to priority.php, the (7) os_id parameter to os.php, or the (8) site_id parameter to site.php.
|
|||||
| CVE-2017-8198 | 1 Huawei | 1 Fusionsphere | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
|
FusionSphere V100R006C00SPC102(NFV) has an SQL injection vulnerability. An authenticated, remote attacker could craft interface messages carrying malicious SQL statements and send them to a target device. Successful exploit could allow the attacker to launch an SQL injection attack and execute SQL commands.
|
|||||
| CVE-2017-17610 | 1 E-commerce Mlm Software Project | 1 E-commerce Mlm Software | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
E-commerce MLM Software 1.0 has SQL Injection via the service_detail.php pid parameter, event_detail.php eventid parameter, or news_detail.php newid parameter.
|
|||||
| CVE-2017-11584 | 1 Finecms | 1 Finecms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an action=module, action=member, action=form, or action=related request to libraries/Template.php.
|
|||||
| CVE-2017-14512 | 1 Nexusphp Project | 1 Nexusphp | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981.
|
|||||
| CVE-2017-14848 | 1 Dasinfomedia | 1 Wphrm Human Resource Management System | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter.
|
|||||
| CVE-2016-7783 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.
|
|||||
| CVE-2017-13669 | 1 Nexusphp | 1 Nexusphp | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered parameter to staffbox.php.
|
|||||
| CVE-2017-1002020 | 1 Surveys Project | 1 Surveys | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query.
|
|||||
| CVE-2017-10839 | 1 Seopanel | 1 Seo Panel | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in the SEO Panel prior to version 3.11.0 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2016-7781 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the author parameter.
|
|||||
| CVE-2017-16510 | 1 Wordpress | 1 Wordpress | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723.
|
|||||
| CVE-2017-17640 | 1 Advanced World Database Project | 1 Advanced World Database | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter.
|
|||||
| CVE-2017-6577 | 1 Mail-masta Project | 1 Mail-masta | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
|
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: list_id.
|
|||||
| CVE-2017-1002028 | 1 Angrybyte | 1 Gallery-transformation | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query.
|
|||||
| CVE-2017-11736 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in core\admin\auto-modules\forms\process.php in BigTree 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via the tags array parameter.
|
|||||
| CVE-2017-17928 | 1 Ordermanagementscript | 1 Professional Service Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter.
|
|||||
| CVE-2017-15963 | 1 Itechscripts | 1 Gigs Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.php sc parameter or the service-provider.php ser parameter.
|
|||||
| CVE-2017-14078 | 1 Trendmicro | 1 Mobile Security | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.
|
|||||