Total
14640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4893 | 1 Setucocms Project | 1 Setucocms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the SetsucoCMS all versions allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-14757 | 1 Opentext | 1 Document Sciences Xpression | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/downloadSupportFile.action, parameter: jobRunId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first. | |||||
| CVE-2017-15919 | 1 Accesspressthemes | 1 Ultimate-form-builder-lite | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php. | |||||
| CVE-2017-17606 | 1 Co-work Space Search Script Project | 1 Co-work Space Search Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter. | |||||
| CVE-2017-1002014 | 1 Anblik | 1 Image-gallery-with-slideshow | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter. | |||||
| CVE-2015-5376 | 1 Gsi-office | 1 Winpat Portal | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the login form in GSI WiNPAT Portal 3.2.0.1001 through 3.6.1.0 allows remote attackers to execute arbitrary SQL commands via the username field. | |||||
| CVE-2017-16850 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action. | |||||
| CVE-2017-6570 | 1 Mail-masta Project | 1 Mail-masta | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign-list.php with the GET Parameter: id. | |||||
| CVE-2017-17576 | 1 Gigs Script Project | 1 Gigs Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter. | |||||
| CVE-2017-14356 | 1 Hp | 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection. | |||||
| CVE-2017-6088 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | 9.0 HIGH | 7.2 HIGH |
| Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter to module/monitoring_ged/ged_functions.php or the (5) type parameter to monitoring_ged/ajax.php. | |||||
| CVE-2017-8917 | 1 Joomla | 1 Joomla\! | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-8974 | 1 Mybb | 2 Merge System, Mybb | 2025-04-20 | 7.5 HIGH | 10.0 CRITICAL |
| SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-9333 | 1 Moxa | 1 Softcms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. The SoftCMS Application does not properly sanitize input that may allow a remote attacker access to SoftCMS with administrator's privilege through specially crafted input (SQL INJECTION). | |||||
| CVE-2017-7879 | 1 Flatcore | 1 Flatcore-cms | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database. | |||||
| CVE-2017-9246 | 1 Newrelic | 1 .net Agent | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLAN_ALL ON protection mechanism. | |||||
| CVE-2014-9558 | 1 Smartcms | 1 Smartcms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in SmartCMS v.2. | |||||
| CVE-2017-3899 | 1 Mcafee | 1 Advanced Threat Defense | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| SQL injection vulnerability in Intel Security Advanced Threat Defense (ATD) Linux 3.6.0 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request parameter. | |||||
| CVE-2012-2576 | 1 Solarwinds | 3 Backup Profiler, Storage Manager, Storage Profiler | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field. | |||||
| CVE-2017-17897 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||