Total
15470 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8198 | 1 Huawei | 1 Fusionsphere | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| FusionSphere V100R006C00SPC102(NFV) has an SQL injection vulnerability. An authenticated, remote attacker could craft interface messages carrying malicious SQL statements and send them to a target device. Successful exploit could allow the attacker to launch an SQL injection attack and execute SQL commands. | |||||
| CVE-2017-15984 | 1 Bekirk | 1 Creative Management System Lite | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php. | |||||
| CVE-2014-2023 | 1 Tapatalk | 1 Tapatalk | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API request to (1) unsubscribe_forum.php or (2) unsubscribe_topic.php in mobiquo/functions/. | |||||
| CVE-2017-17731 | 1 Dedecms | 1 Dedecms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php. | |||||
| CVE-2017-12364 | 1 Cisco | 1 Prime Service Catalog | 2025-04-20 | 6.4 MEDIUM | 6.5 MEDIUM |
| A SQL Injection vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthorized Structured Query Language (SQL) queries. The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An attacker could exploit this vulnerability by sending a crafted SQL statement to an affected system. Successful exploitation could allow the attacker to read entries in some database tables. Cisco Bug IDs: CSCvg30333. | |||||
| CVE-2017-15986 | 1 Cpa Lead Reward Script Project | 1 Cpa Lead Reward Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| CPA Lead Reward Script allows SQL Injection via the username parameter. | |||||
| CVE-2017-17873 | 1 Vanguard Project | 1 Marketplace Digital Products Php | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI. | |||||
| CVE-2017-1002023 | 1 Daisythemes | 1 Easy Team Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php | |||||
| CVE-2017-7991 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php. | |||||
| CVE-2016-8929 | 1 Ibm | 1 Kenexa Lms | 2025-04-20 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. | |||||
| CVE-2017-5611 | 3 Debian, Oracle, Wordpress | 3 Debian Linux, Data Integrator, Wordpress | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name. | |||||
| CVE-2017-1002022 | 1 Surveys Project | 1 Surveys | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query. | |||||
| CVE-2016-7784 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter. | |||||
| CVE-2017-17634 | 1 Single Theater Booking Script Project | 1 Single Theater Booking Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Single Theater Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter. | |||||
| CVE-2024-31507 | 1 Tamparongj03 | 1 Online Graduate Tracer System | 2025-04-18 | N/A | 8.6 HIGH |
| Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL Injection via the "request" parameter in admin/fetch_gendercs.php. | |||||
| CVE-2023-45503 | 1 Macs Cms Project | 1 Macs Cms | 2025-04-18 | N/A | 5.3 MEDIUM |
| SQL Injection vulnerability in Macrob7 Macs CMS 1.1.4f, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via crafted payload to resetPassword, forgotPasswordProcess, saveUser, saveRole, deleteUser, deleteRole, deleteComment, deleteUser, allowComment, saveRole, forgotPasswordProcess, resetPassword, saveUser, addComment, saveRole, and saveUser endpoints. | |||||
| CVE-2024-50717 | 1 Smarts-srl | 1 Smart Agent | 2025-04-18 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote attacker to execute arbitrary code via the client parameter in the /recuperaLog.php component. | |||||
| CVE-2024-34220 | 1 Oretnom23 | 1 Human Resource Management System | 2025-04-18 | N/A | 7.5 HIGH |
| Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the 'leave' parameter. | |||||
| CVE-2024-34222 | 1 Oretnom23 | 1 Human Resource Management System | 2025-04-18 | N/A | 5.9 MEDIUM |
| Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the searccountry parameter. | |||||
| CVE-2022-20518 | 1 Google | 1 Android | 2025-04-18 | N/A | 5.5 MEDIUM |
| In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770203 | |||||