Total
14571 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9443 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and core\admin\modules\developer\packages\install\process.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files. | |||||
| CVE-2015-7670 | 1 Support Ticket System Project | 1 Support Ticket System | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in includes/update.php in the Support Ticket System plugin before 1.2.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) id parameter. | |||||
| CVE-2016-5939 | 1 Ibm | 1 Kenexa Lms On Cloud | 2025-04-20 | 6.5 MEDIUM | 6.3 MEDIUM |
| IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. | |||||
| CVE-2017-12981 | 1 Nexusphp | 1 Nexusphp | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action. | |||||
| CVE-2016-2034 | 1 Arubanetworks | 1 Clearpass | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in ClearPass Policy Manager 6.5.x through 6.5.6 and 6.6.0. | |||||
| CVE-2017-2195 | 1 Multi Feed Reader Project | 1 Multi Feed Reader | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the Multi Feed Reader prior to version 2.2.4 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-17713 | 1 Boxug | 1 Trape | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter. | |||||
| CVE-2017-8377 | 1 Genixcms | 1 Genixcms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid parameter. | |||||
| CVE-2017-14078 | 1 Trendmicro | 1 Mobile Security | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | |||||
| CVE-2016-8930 | 1 Ibm | 1 Kenexa Lms | 2025-04-20 | 6.5 MEDIUM | 7.6 HIGH |
| IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. | |||||
| CVE-2017-14076 | 1 Nexusphp | 1 Nexusphp | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action. | |||||
| CVE-2016-8027 | 1 Mcafee | 1 Epolicy Orchestrator | 2025-04-20 | 7.5 HIGH | 10.0 CRITICAL |
| SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post. | |||||
| CVE-2017-14842 | 1 Dasinfomedia | 1 Smsmaster Multipurpose Sms Gateway | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter. | |||||
| CVE-2017-6754 | 1 Cisco | 1 Smart Net Total Care Collector Appliance | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of the Cisco Smart Net Total Care (SNTC) Software Collector Appliance 3.11 could allow an authenticated, remote attacker to perform a read-only, blind SQL injection attack, which could allow the attacker to compromise the confidentiality of the system through SQL timing attacks. The vulnerability is due to insufficient input validation of certain user-supplied fields that are subsequently used by the affected software to build SQL queries. An attacker could exploit this vulnerability by submitting crafted URLs, which are designed to exploit the vulnerability, to the affected software. To execute an attack successfully, the attacker would need to submit a number of requests to the affected software. A successful exploit could allow the attacker to determine the presence of values in the SQL database of the affected software. Cisco Bug IDs: CSCvf07617. | |||||
| CVE-2017-1002019 | 1 Eventr Project | 1 Eventr | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this allows for blind SQL injection via the event parameter. | |||||
| CVE-2015-4073 | 1 Helpdesk Pro Project | 1 Helpdesk Pro | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter. | |||||
| CVE-2017-17629 | 1 Secure E-commerce Script Project | 1 Secure E-commerce Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Secure E-commerce Script 2.0.1 has SQL Injection via the category.php searchmain or searchcat parameter, or the single_detail.php sid parameter. | |||||
| CVE-2017-7628 | 1 Smart Related Articles Project | 1 Smart Related Articles | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability). | |||||
| CVE-2017-15979 | 1 Odallated | 1 Shareet | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via the photo parameter. | |||||
| CVE-2017-11494 | 1 Sol-connect | 2 Sol.connect Iset-mpp Meter, Sol.connect Iset-mpp Meter Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a login action. | |||||