Total
15464 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17906 | 1 Car Rental Script Project | 1 Car Rental Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter. | |||||
| CVE-2017-5527 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks. | |||||
| CVE-2017-15081 | 1 Phpsugar | 1 Php Melody | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php. | |||||
| CVE-2017-10682 | 1 Piwigo | 1 Piwigo | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or status page to cat_options.php. | |||||
| CVE-2017-15933 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php. | |||||
| CVE-2017-7952 | 1 Infor | 1 Enterprise Asset Management | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter. | |||||
| CVE-2015-8356 | 1 Bitrix Project | 1 Bitrix | 2025-04-20 | 6.0 MEDIUM | 8.0 HIGH |
| Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to admin/mcart_xls_import.php or the (2) xls_iblock_id, (3) xls_iblock_section_id, (4) firstRow, (5) titleRow, (6) firstColumn, (7) highestColumn, (8) sku_iblock_id, or (9) xls_iblock_section_id_new parameter to admin/mcart_xls_import_step_2.php. | |||||
| CVE-2017-15967 | 1 Mailing-manager | 1 Mailing List Manager Pro | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template. | |||||
| CVE-2017-15907 | 1 Phpcollab | 1 Phpcollab | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in phpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to newsdesk/newsdesk.php. | |||||
| CVE-2017-17618 | 1 Kickstarter Clone Script Project | 1 Kickstarter Clone Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter. | |||||
| CVE-2016-9993 | 1 Ibm | 1 Kenexa Lcms Premier | 2025-04-20 | 6.5 MEDIUM | 7.1 HIGH |
| IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067. | |||||
| CVE-2017-17637 | 1 Car Rental Script Project | 1 Car Rental Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter. | |||||
| CVE-2017-16848 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter. | |||||
| CVE-2017-15949 | 1 Angry-frog | 1 Xavier | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the log_id parameter to admin/editgroup.php. | |||||
| CVE-2017-3835 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. More Information: CSCvb15627. Known Affected Releases: 1.4(0.908). | |||||
| CVE-2017-17578 | 1 Crowdfunding Script Project | 1 Crowdfunding Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter. | |||||
| CVE-2017-12710 | 1 Advantech | 1 Webaccess | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information. | |||||
| CVE-2017-14242 | 1 Dolibarr | 1 Dolibarr | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter. | |||||
| CVE-2017-11384 | 1 Trendmicro | 1 Control Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll. Formerly ZDI-CAN-4561. | |||||
| CVE-2017-15982 | 1 Geniusocean | 1 News | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. | |||||