Total
14647 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9994 | 1 Ibm | 1 Kenexa Lcms Premier | 2025-04-20 | 6.5 MEDIUM | 7.1 HIGH |
| IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1976805. | |||||
| CVE-2017-6576 | 1 Mail-masta Project | 1 Mail-masta | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/campaign-delete.php with the GET Parameter: id. | |||||
| CVE-2017-1002010 | 1 Ontraport | 1 Membership Simplified | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete_media function. | |||||
| CVE-2017-17627 | 1 Readymade Video Sharing Script Project | 1 Readymade Video Sharing Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter. | |||||
| CVE-2017-1002021 | 1 Surveys Project | 1 Surveys | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query. | |||||
| CVE-2017-17586 | 1 Olx Clone Project | 1 Olx Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter or the message.php pid parameter. | |||||
| CVE-2017-11678 | 1 Hashtopus Project | 1 Hashtopus | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php. | |||||
| CVE-2017-13137 | 1 Formcrafts | 1 Formcraft | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php. | |||||
| CVE-2017-1347 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126462. | |||||
| CVE-2015-9098 | 1 Red-gate | 1 Sql Monitor | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monitor is connecting to these machines using an account with SQL admin privileges, then code execution on the operating system can result in full system compromise (if Microsoft SQL Server is running with local administrator privileges). | |||||
| CVE-2016-6233 | 2 Fedoraproject, Zend | 2 Fedora, Zend Framework | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression. | |||||
| CVE-2017-15875 | 1 Sistemagpweb | 1 Gpweb | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter. | |||||
| CVE-2017-14846 | 1 Dasinfomedia | 1 Hospital Management System | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter. | |||||
| CVE-2017-17872 | 1 Jextn | 1 Jextn Video Gallery | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection via the id parameter in a view=category action. | |||||
| CVE-2017-11184 | 1 Glpi-project | 1 Glpi | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter. | |||||
| CVE-2016-7803 | 1 Cybozu | 1 Garoon | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function. | |||||
| CVE-2017-17640 | 1 Advanced World Database Project | 1 Advanced World Database | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter. | |||||
| CVE-2017-6573 | 1 Mail-masta Project | 1 Mail-masta | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit-list.php with the GET Parameter: id. | |||||
| CVE-2017-11508 | 1 Tenable | 1 Securitycenter | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a diagnostic scan within SecurityCenter. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access. | |||||
| CVE-2015-4627 | 1 Pragyan Cms Project | 1 Pragyan Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Pragyan CMS 3.0. | |||||