Total
14647 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4570 | 1 Letodms Project | 1 Letodms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in LetoDMS (formerly MyDMS) before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-8796 | 1 Accellion | 1 File Transfer Appliance | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because mysql_real_escape_string is misused, seos/courier/communication_p2p.php allows SQL injection with the app_id parameter. | |||||
| CVE-2017-9427 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core\admin\modules\developer\modules\designer\form-create.php. The attacker creates a crafted table name at admin/developer/modules/designer/ and the injection is visible at admin/dashboard/vitals-statistics/integrity/check/?external=true. | |||||
| CVE-2017-17589 | 1 Thumbtack Clone Project | 1 Thumbtack Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter. | |||||
| CVE-2017-15965 | 1 Nswd | 1 Ns Download Shop | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action. | |||||
| CVE-2017-9360 | 1 Websitebaker | 1 Websitebaker | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php. | |||||
| CVE-2015-8355 | 1 Orion-soft | 1 Bitrix | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) "by" parameter to admin/orion.extfeedbackform_efbf_forms.php. | |||||
| CVE-2016-9020 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. | |||||
| CVE-2017-15961 | 1 Iproject Management System Project | 1 Iproject Management System | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php. | |||||
| CVE-2017-17597 | 1 Nearbuy Clone Script Project | 1 Nearbuy Clone Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Nearbuy Clone Script 3.2 has SQL Injection via the category_list.php search parameter. | |||||
| CVE-2017-1000129 | 1 S9y | 1 Serendipity | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure | |||||
| CVE-2014-8621 | 1 Store Locator Project | 1 Store Locator | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the Store Locator plugin 2.3 through 3.11 for WordPress allows remote attackers to execute arbitrary SQL commands via the sl_custom_field parameter to sl-xml.php. | |||||
| CVE-2017-9848 | 1 Easysitecms | 1 Easysite | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in C_InfoService.asmx in WebServices in Easysite 7.0 could allow remote attackers to execute arbitrary SQL commands via an XML document containing a crafted ArticleIDs element within a GetArticleHitsArray element. | |||||
| CVE-2015-7569 | 1 Yeager | 1 Yeager Cms | 2025-04-20 | 7.5 HIGH | 8.8 HIGH |
| SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter. | |||||
| CVE-2017-11415 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/sys_article.php via $_POST['parent_id'], $_POST['desc'], $_POST['keys'], and $_POST['level']. | |||||
| CVE-2017-17580 | 1 Linkedin Clone Project | 1 Linkedin Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter. | |||||
| CVE-2017-16893 | 1 Piwigo | 1 Piwigo | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| The application Piwigo is affected by an SQL injection vulnerability in version 2.9.2 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. tags.php is affected: values of the edit_list parameters are not sanitized; these are used to construct an SQL query and retrieve a list of registered users into the application. | |||||
| CVE-2017-11475 | 1 Glpi-project | 1 Glpi | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php. | |||||
| CVE-2017-15992 | 1 Website Broker Script Project | 1 Website Broker Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php. | |||||
| CVE-2017-15987 | 1 Fake Magazine Cover Script Project | 1 Fake Magazine Cover Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter. | |||||