Total
15464 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11184 | 1 Glpi-project | 1 Glpi | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter. | |||||
| CVE-2016-7803 | 1 Cybozu | 1 Garoon | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function. | |||||
| CVE-2017-17640 | 1 Advanced World Database Project | 1 Advanced World Database | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter. | |||||
| CVE-2017-6573 | 1 Mail-masta Project | 1 Mail-masta | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit-list.php with the GET Parameter: id. | |||||
| CVE-2017-11508 | 1 Tenable | 1 Securitycenter | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a diagnostic scan within SecurityCenter. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access. | |||||
| CVE-2015-4627 | 1 Pragyan Cms Project | 1 Pragyan Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Pragyan CMS 3.0. | |||||
| CVE-2012-4570 | 1 Letodms Project | 1 Letodms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in LetoDMS (formerly MyDMS) before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-8796 | 1 Accellion | 1 File Transfer Appliance | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because mysql_real_escape_string is misused, seos/courier/communication_p2p.php allows SQL injection with the app_id parameter. | |||||
| CVE-2017-9427 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core\admin\modules\developer\modules\designer\form-create.php. The attacker creates a crafted table name at admin/developer/modules/designer/ and the injection is visible at admin/dashboard/vitals-statistics/integrity/check/?external=true. | |||||
| CVE-2017-17589 | 1 Thumbtack Clone Project | 1 Thumbtack Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter. | |||||
| CVE-2017-15965 | 1 Nswd | 1 Ns Download Shop | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action. | |||||
| CVE-2017-9360 | 1 Websitebaker | 1 Websitebaker | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php. | |||||
| CVE-2015-8355 | 1 Orion-soft | 1 Bitrix | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) "by" parameter to admin/orion.extfeedbackform_efbf_forms.php. | |||||
| CVE-2016-9020 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. | |||||
| CVE-2017-15961 | 1 Iproject Management System Project | 1 Iproject Management System | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php. | |||||
| CVE-2017-17597 | 1 Nearbuy Clone Script Project | 1 Nearbuy Clone Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Nearbuy Clone Script 3.2 has SQL Injection via the category_list.php search parameter. | |||||
| CVE-2017-1000129 | 1 S9y | 1 Serendipity | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure | |||||
| CVE-2014-8621 | 1 Store Locator Project | 1 Store Locator | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the Store Locator plugin 2.3 through 3.11 for WordPress allows remote attackers to execute arbitrary SQL commands via the sl_custom_field parameter to sl-xml.php. | |||||
| CVE-2017-9848 | 1 Easysitecms | 1 Easysite | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in C_InfoService.asmx in WebServices in Easysite 7.0 could allow remote attackers to execute arbitrary SQL commands via an XML document containing a crafted ArticleIDs element within a GetArticleHitsArray element. | |||||
| CVE-2015-7569 | 1 Yeager | 1 Yeager Cms | 2025-04-20 | 7.5 HIGH | 8.8 HIGH |
| SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter. | |||||