Total
14640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15964 | 1 Nicephpscripts | 1 Job Board Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Job Board Script Software allows SQL Injection via the PATH_INFO to a /job-details URI. | |||||
| CVE-2016-1218 | 1 Cybozu | 1 Garoon | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in Cybozu Garoon before 4.2.2. | |||||
| CVE-2017-17917 | 1 Rubyonrails | 1 Rails | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input | |||||
| CVE-2017-17625 | 1 On Demand Marketplace Script Project | 1 On Demand Marketplace Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Professional Service Script 1.0 has SQL Injection via the service-list city parameter. | |||||
| CVE-2017-17824 | 1 Piwigo | 1 Piwigo | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database. | |||||
| CVE-2017-12679 | 1 Nexusphp | 1 Nexusphp | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php. | |||||
| CVE-2017-11470 | 1 Idera | 1 Uptime Infrastructure Monitor | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php via the element parameter. | |||||
| CVE-2017-14402 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT CREATION" section, related to lack of input validation in include/function.php. | |||||
| CVE-2017-17632 | 1 Responsive Events And Movie Ticket Booking Script Project | 1 Responsive Events And Movie Ticket Booking Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Responsive Events And Movie Ticket Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter. | |||||
| CVE-2015-7568 | 1 Yeager | 1 Yeager Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter. | |||||
| CVE-2017-16000 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capacity_per_label/index.php. | |||||
| CVE-2017-8002 | 1 Emc | 1 Data Protection Advisor | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker may potentially exploit these vulnerabilities to gain information about the application by causing execution of arbitrary SQL commands. | |||||
| CVE-2017-14743 | 1 Faleemi | 2 Fsc-880, Fsc-880 Firmware | 2025-04-20 | 9.3 HIGH | 8.1 HIGH |
| Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/device_service, as demonstrated by reading the admin password. | |||||
| CVE-2017-9449 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. The attacker creates a crafted table name at admin/developer/modules/views/create/ and the injection is visible at admin/ajax/auto-modules/views/searchable-page/ or admin/modules_name. | |||||
| CVE-2017-17651 | 1 Paid To Read Script Project | 1 Paid To Read Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter. | |||||
| CVE-2016-10379 | 1 Virtuemart | 1 Virtuemart | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL injection by remote authenticated administrators via the virtuemart_paymentmethod_id or virtuemart_shipmentmethod_id parameter to administrator/index.php. | |||||
| CVE-2017-17591 | 1 Realestate Crowdfunding Script Project | 1 Realestate Crowdfunding Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter. | |||||
| CVE-2017-17721 | 1 Zuuse | 1 Beims Contractorweb .net | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter. | |||||
| CVE-2017-17611 | 1 Doctor Search Script Project | 1 Doctor Search Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Doctor Search Script 1.0 has SQL Injection via the /list city parameter. | |||||
| CVE-2017-9730 | 1 Dfsol | 1 Nuevomailer | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the "r" parameter. | |||||