Total
14640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5154 | 1 Advantech | 1 Webaccess | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files. | |||||
| CVE-2017-4974 | 2 Cloudfoundry, Pivotal Software | 3 Cf-release, Cloud Foundry Uaa Bosh, Cloud Foundry Uaa | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v258; UAA release 2.x versions prior to v2.7.4.15, 3.6.x versions prior to v3.6.9, 3.9.x versions prior to v3.9.11, and other versions prior to v3.16.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.13, 24.x versions prior to v24.8, and other versions prior to v30.1. An authorized user can use a blind SQL injection attack to query the contents of the UAA database, aka "Blind SQL Injection with privileged UAA endpoints." | |||||
| CVE-2017-17604 | 1 Entrepreneur Bus Booking Script Project | 1 Entrepreneur Bus Booking Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the booker_details.php sourcebus parameter. | |||||
| CVE-2017-17607 | 1 Cms Auditor Website Project | 1 Cms Auditor Website | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail. | |||||
| CVE-2017-15963 | 1 Itechscripts | 1 Gigs Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.php sc parameter or the service-provider.php ser parameter. | |||||
| CVE-2016-7400 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id parameter in a showComments expComment controller action. | |||||
| CVE-2016-4468 | 2 Cloudfoundry, Pivotal Software | 5 Cloud Foundry Uaa Bosh, Cloud Foundry, Cloud Foundry Elastic Runtime and 2 more | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-1757 | 1 Ibm | 1 Security Guardium | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858. | |||||
| CVE-2016-9728 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Qradar 7.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM Reference #: 1999543. | |||||
| CVE-2017-17900 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter. | |||||
| CVE-2017-15970 | 1 Phpcityportal | 1 Phpcityportal | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| PHP CityPortal 2.0 allows SQL Injection via the nid parameter to index.php in a page=news action, or the cat parameter. | |||||
| CVE-2017-11445 | 1 Intelliants | 1 Subrion Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $_POST array. | |||||
| CVE-2017-17567 | 1 Scubez | 1 Posty Readymade Classifieds | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Scubez Posty Readymade Classifieds has SQL Injection via the admin/user_activate_submit.php ID parameter. | |||||
| CVE-2017-1002013 | 1 Anblik | 1 Image-gallery-with-slideshow | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php. | |||||
| CVE-2017-4972 | 2 Cloudfoundry, Pivotal Software | 3 Cf-release, Cloud Foundry Uaa Bosh, Cloud Foundry Uaa | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30. An attacker can use a blind SQL injection attack to query the contents of the UAA database. | |||||
| CVE-2017-5598 | 1 Eclinicalworks | 1 Patient Portal | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in eClinicalWorks healow@work 8.0 build 8. This is a blind SQL injection within the EmployeePortalServlet, which can be exploited by un-authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects the EmployeePortalServlet page and the following parameter: employer. | |||||
| CVE-2017-17579 | 1 Freelancer Clone Project | 1 Freelancer Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FS Freelancer Clone 1.0 has SQL Injection via the profile.php u parameter. | |||||
| CVE-2017-5218 | 1 Sagecrm | 1 Sagecrm | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The AP_DocumentUI.asp web resource includes Utilityfuncs.js when the file is opened or viewed. This file crafts a SQL statement to identify the database that is to be in use with the current user's session. The database variable can be populated from the URL, and when supplied non-expected characters, can be manipulated to obtain access to the underlying database. The /CRM/CustomPages/ACCPAC/AP_DocumentUI.asp?SID=<VALID-SID>&database=1';WAITFOR DELAY '0:0:5'-- URI is a Proof of Concept. | |||||
| CVE-2017-10839 | 1 Seopanel | 1 Seo Panel | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the SEO Panel prior to version 3.11.0 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-17630 | 1 Yoga Class Script Project | 1 Yoga Class Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Yoga Class Script 1.0 has SQL Injection via the /list city parameter. | |||||