Total
15409 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17621 | 1 Multivendor Penny Auction Clone Script Project | 1 Multivendor Penny Auction Clone Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI. | |||||
| CVE-2017-6557 | 1 Xirrus | 1 Arrayos | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in ArrayOS before AG 9.4.0.135, when the portal bookmark function is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-7788 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2017-17596 | 1 Entrepreneur Job Portal Script Project | 1 Entrepreneur Job Portal Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter. | |||||
| CVE-2017-15988 | 1 Nicephpscripts | 1 Nice Php Faq Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme parameter, a different vulnerability than CVE-2008-6525. | |||||
| CVE-2017-17695 | 1 Techno - Portfolio Management Panel Project | 1 Techno - Portfolio Management Panel | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter. | |||||
| CVE-2017-6572 | 1 Mail-masta Project | 1 Mail-masta | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/add_member.php with the GET Parameter: filter_list. | |||||
| CVE-2017-11200 | 1 Finecms Project | 1 Finecms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL Injection exists in FineCMS through 2017-07-12 via the application/core/controller/excludes.php visitor_ip parameter. | |||||
| CVE-2017-17573 | 1 Fortunescripts | 1 Ebay Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, or the search.php category_id or sub_category_id parameter. | |||||
| CVE-2017-11414 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/sys_comment.php via $_POST['comment'], $_POST['name'], $_POST['web'], $_POST['email'], $_POST['status'], $_POST['id'], and $_REQUEST['id']. | |||||
| CVE-2017-17919 | 1 Rubyonrails | 1 Ruby On Rails | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input | |||||
| CVE-2017-1606 | 1 Ibm | 1 Financial Transaction Manager | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 132926. | |||||
| CVE-2017-17575 | 1 Groupon Clone Project | 1 Groupon Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter. | |||||
| CVE-2017-17622 | 1 Online Exam Test Application Script Project | 1 Online Exam Test Application Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Online Exam Test Application Script 1.6 has SQL Injection via the exams.php sort parameter. | |||||
| CVE-2017-9418 | 1 Goldplugins | 1 Testimonials Plugin Easy Testimonials | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php. | |||||
| CVE-2017-12909 | 1 Nexusphp Project | 1 Nexusphp | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter. | |||||
| CVE-2017-7681 | 1 Apache | 1 Openmeetings | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end. | |||||
| CVE-2017-14845 | 1 Dasinfomedia | 1 Wpchurch Church Management System | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter. | |||||
| CVE-2017-15960 | 1 Yourarticlesdirectory | 1 Article Directory Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php. | |||||
| CVE-2017-15966 | 1 Zh Yandexmap Project | 1 Zh Yandexmap | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php. | |||||