Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-20171 | 1 Apersistence Project | 1 Apersistence | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
|
A vulnerability classified as critical has been found in PrivateSky apersistence. This affects an unknown part of the file db/sql/mysqlUtils.js. The manipulation leads to sql injection. The identifier of the patch is 954425f61634b556fe644837a592a5b8fcfca068. It is recommended to apply a patch to fix this issue. The identifier VDB-218457 was assigned to this vulnerability.
|
|||||
| CVE-2017-20170 | 1 Parontalli Project | 1 Parontalli | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
|
A vulnerability was found in ollpu parontalli. It has been classified as critical. Affected is an unknown function of the file httpdocs/index.php. The manipulation of the argument s leads to sql injection. The patch is identified as 6891bb2dec57dca6daabc15a6d2808c8896620e5. It is recommended to apply a patch to fix this issue. VDB-218418 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2017-20169 | 1 Ton-masterserver Project | 1 Ton-masterserver | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
|
A vulnerability, which was classified as critical, has been found in GGGGGGGG ToN-MasterServer. Affected by this issue is some unknown functionality of the file public_html/irc_updater/svr_request_pub.php. The manipulation leads to sql injection. The patch is identified as 3a4c7e6d51bf95760820e3245e06c6e321a7168a. It is recommended to apply a patch to fix this issue. VDB-218306 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2017-20168 | 1 Piwallet Project | 1 Piwallet | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
|
A vulnerability was found in jfm-so piWallet. It has been rated as critical. Affected by this issue is some unknown functionality of the file api.php. The manipulation of the argument key leads to sql injection. The patch is identified as b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb. It is recommended to apply a patch to fix this issue. VDB-218006 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2017-20163 | 1 Nview Project | 1 Nview | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
|
A vulnerability has been found in Red Snapper NView and classified as critical. This vulnerability affects the function mutate of the file src/Session.php. The manipulation of the argument session leads to sql injection. The name of the patch is cbd255f55d476b29e5680f66f48c73ddb3d416a8. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217516.
|
|||||
| CVE-2017-20150 | 1 Challenge Website Project | 1 Challenge Website | 2024-11-21 | N/A | 5.5 MEDIUM |
|
A vulnerability was found in challenge website. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is f1644b1d3502e5aa5284f31ea80d2623817f4d42. It is recommended to apply a patch to fix this issue. The identifier VDB-216989 was assigned to this vulnerability.
|
|||||
| CVE-2017-20143 | 1 Ambit | 1 Movie Portal Script | 2024-11-21 | N/A | 6.3 MEDIUM |
|
A vulnerability, which was classified as critical, has been found in Itech Movie Portal Script 7.36. This issue affects some unknown processing of the file /film-rating.php. The manipulation of the argument v leads to sql injection (Error). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2017-20142 | 1 Ambit | 1 Movie Portal Script | 2024-11-21 | N/A | 6.3 MEDIUM |
|
A vulnerability classified as critical was found in Itech Movie Portal Script 7.36. This vulnerability affects unknown code of the file /artist-display.php. The manipulation of the argument act leads to sql injection (Union). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2017-20141 | 1 Ambit | 1 Movie Portal Script | 2024-11-21 | N/A | 6.3 MEDIUM |
|
A vulnerability classified as critical has been found in Itech Movie Portal Script 7.36. This affects an unknown part of the file /movie.php. The manipulation of the argument f leads to sql injection (Union). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2017-20139 | 1 Ambit | 1 Movie Portal Script | 2024-11-21 | N/A | 6.3 MEDIUM |
|
A vulnerability was found in Itech Movie Portal Script 7.36. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /show_news.php. The manipulation of the argument id with the input AND (SELECT 1222 FROM(SELECT COUNT(*),CONCAT(0x71786b7a71,(SELECT (ELT(1222=1222,1))),0x717a627871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) leads to sql injection (Error). The attack can be launched remotely. The exploit has been disclo ...
Show More |
|||||
| CVE-2017-20138 | 1 Itechscripts | 1 Auction Script | 2024-11-21 | 7.5 HIGH | 6.3 MEDIUM |
|
A vulnerability was found in Itech Auction Script 6.49. It has been classified as critical. This affects an unknown part of the file /mcategory.php. The manipulation of the argument mcid with the input 4' AND 1734=1734 AND 'Ggks'='Ggks leads to sql injection (Blind). It is possible to initiate the attack remotely.
|
|||||
| CVE-2017-20137 | 1 Itechscripts | 1 B2b Script | 2024-11-21 | 5.0 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in Itech B2B Script 4.28. It has been rated as critical. This issue affects some unknown processing of the file /catcompany.php. The manipulation of the argument token with the input 704667c6a1e7ce56d3d6fa748ab6d9af3fd7' AND 6539=6539 AND 'Fakj'='Fakj leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2017-20136 | 1 Itechscripts | 1 Classifieds Script | 2024-11-21 | 5.0 MEDIUM | 6.3 MEDIUM |
|
A vulnerability classified as critical has been found in Itech Classifieds Script 7.27. Affected is an unknown function of the file /subpage.php. The manipulation of the argument scat with the input =51' AND 4941=4941 AND 'hoCP'='hoCP leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2017-20135 | 1 Itechscripts | 1 Dating Script | 2024-11-21 | N/A | 6.3 MEDIUM |
|
A vulnerability classified as critical was found in Itech Dating Script 3.26. Affected by this vulnerability is an unknown functionality of the file /see_more_details.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2017-20134 | 1 Itechscripts | 1 Freelancer Script | 2024-11-21 | N/A | 6.3 MEDIUM |
|
A vulnerability, which was classified as critical, has been found in Itech Freelancer Script 5.13. Affected by this issue is some unknown functionality of the file /category.php. The manipulation of the argument sk leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2017-20132 | 1 Itechscripts | 1 Multi Vendor Script | 2024-11-21 | N/A | 6.3 MEDIUM |
|
A vulnerability was found in Itech Multi Vendor Script 6.49 and classified as critical. This issue affects some unknown processing of the file /multi-vendor-shopping-script/product-list.php. The manipulation of the argument pl leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2017-20131 | 1 Itechscripts | 1 News Portal Script | 2024-11-21 | N/A | 6.3 MEDIUM |
|
A vulnerability was found in Itech News Portal 6.28. It has been classified as critical. Affected is an unknown function of the file /news-portal-script/information.php. The manipulation of the argument inf leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2017-20130 | 1 Itechscripts | 1 Real Estate Script | 2024-11-21 | N/A | 6.3 MEDIUM |
|
A vulnerability was found in Itech Real Estate Script 3.12. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /real-estate-script/search_property.php. The manipulation of the argument property_for leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2017-20129 | 1 Logostore Project | 1 Logostore | 2024-11-21 | N/A | 6.3 MEDIUM |
|
A vulnerability was found in LogoStore. It has been classified as critical. Affected is an unknown function of the file /LogoStore/search.php. The manipulation of the argument query with the input test' UNION ALL SELECT CONCAT(CONCAT('qqkkq','VnPVWVaYxljWqGpLLbEIyPIHBjjjjASQTnaqfKaV'),'qvvpq'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- oCrh&search= leads to sql injection. It is possible to launch the attack remotely.
|
|||||
| CVE-2017-20128 | 1 Kb Messages Php Script Project | 1 Kb Messages Php Script | 2024-11-21 | N/A | 7.3 HIGH |
|
A vulnerability has been found in KB Messages PHP Script 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2017-20127 | 1 Kb Login Authentication Script Project | 1 Kb Login Authentication Script | 2024-11-21 | N/A | 7.3 HIGH |
|
A vulnerability was found in KB Login Authentication Script 1.1 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2017-20126 | 1 Kb Affiliate Referral Script Project | 1 Kb Affiliate Referral Script | 2024-11-21 | N/A | 7.3 HIGH |
|
A vulnerability was found in KB Affiliate Referral Script 1.0. It has been classified as critical. This affects an unknown part of the file /index.php. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2017-20125 | 1 Bestsoftinc | 1 Online Hotel Booking System | 2024-11-21 | 7.5 HIGH | 6.3 MEDIUM |
|
A vulnerability classified as critical was found in Online Hotel Booking System Pro 1.2. Affected by this vulnerability is an unknown functionality of the file /roomtype-details.php. The manipulation of the argument tid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2017-20124 | 1 Bestsoftinc | 1 Online Hotel Booking System | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability classified as critical has been found in Online Hotel Booking System Pro Plugin 1.0. Affected is an unknown function of the file /front/roomtype-details.php. The manipulation of the argument tid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2017-20104 | 1 Simplessus | 1 Simplessus | 2024-11-21 | 5.0 MEDIUM | 7.3 HIGH |
|
A vulnerability was found in Simplessus 3.7.7. It has been declared as critical. This vulnerability affects unknown code of the component Cookie Handler. The manipulation of the argument UWA_SID leads to sql injection (Time). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.8.3 is able to address this issue. It is recommended to upgrade the affected component.
|
|||||
| CVE-2017-20103 | 1 Wp-kama | 1 Kama Click Counter | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability classified as critical has been found in Kama Click Counter Plugin up to 3.4.8. This affects an unknown part of the file wp-admin/admin.php. The manipulation of the argument order_by/order with the input ASC%2c(select*from(select(sleep(2)))a) leads to sql injection (Blind). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.4.9 is able to address this issue. It is recommended to upgrade the affected ...
Show More |
|||||
| CVE-2017-20067 | 1 Hindu Matrimonial Script Project | 1 Hindu Matrimonial Script | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was found in Hindu Matrimonial Script. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2017-20042 | 1 Vendavo | 1 Pricepoint | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability has been found in Navetti PricePoint 4.6.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection (Blind). The attack can be launched remotely. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component.
|
|||||
| CVE-2017-20032 | 1 Phplist | 1 Phplist | 2024-11-21 | 7.5 HIGH | 6.3 MEDIUM |
|
A vulnerability was found in PHPList 3.2.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component Subscription. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.
|
|||||
| CVE-2017-20030 | 1 Phplist | 1 Phplist | 2024-11-21 | 6.5 MEDIUM | 4.7 MEDIUM |
|
A vulnerability was found in PHPList 3.2.6. It has been classified as critical. Affected is an unknown function of the file /lists/admin/ of the component Sending Campain. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.
|
|||||
| CVE-2017-20029 | 1 Phplist | 1 Phplist | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was found in PHPList 3.2.6 and classified as critical. This issue affects some unknown processing of the file /lists/index.php of the component Edit Subscription. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.
|
|||||
| CVE-2017-20017 | 1 Tngsitebuilding | 1 The Next Generation Of Genealogy Sitebuilding | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability, which was classified as critical, has been found in The Next Generation of Genealogy Sitebuilding up to 11.1.0. This issue affects some unknown processing of the file /timeline2.php. The manipulation of the argument primaryID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.1.1 is able to address this issue. It is recommended to upgrade the affected component.
|
|||||
| CVE-2017-1722 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 134811.
|
|||||
| CVE-2017-1670 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 133637.
|
|||||
| CVE-2017-18888 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts.
|
|||||
| CVE-2017-18614 | 1 Wp-kama | 1 Kama Click Counter | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
|
The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter.
|
|||||
| CVE-2017-18602 | 1 Ibps Online Exam Project | 1 Ibps Online Exam | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The examapp plugin 1.0 for WordPress has SQL injection via the wp-admin/admin.php?page=examapp_UserResult id parameter.
|
|||||
| CVE-2017-18597 | 1 Jtrt Responsive Tables Project | 1 Jtrt Responsive Tables | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The jtrt-responsive-tables plugin before 4.1.2 for WordPress has SQL Injection via the admin/class-jtrt-responsive-tables-admin.php tableId parameter.
|
|||||
| CVE-2017-18573 | 1 Simplerealtytheme | 1 Simple Login Log | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The simple-login-log plugin before 1.1.2 for WordPress has SQL injection.
|
|||||
| CVE-2017-18571 | 1 Search Everything Project | 1 Search Everything | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The search-everything plugin before 8.1.7 for WordPress has SQL injection related to WordPress 4.7.x, a different vulnerability than CVE-2014-2316.
|
|||||