Total
14648 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-3835 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. More Information: CSCvb15627. Known Affected Releases: 1.4(0.908). | |||||
| CVE-2017-17578 | 1 Crowdfunding Script Project | 1 Crowdfunding Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter. | |||||
| CVE-2017-12710 | 1 Advantech | 1 Webaccess | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information. | |||||
| CVE-2017-14242 | 1 Dolibarr | 1 Dolibarr | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter. | |||||
| CVE-2017-11384 | 1 Trendmicro | 1 Control Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll. Formerly ZDI-CAN-4561. | |||||
| CVE-2017-15982 | 1 Geniusocean | 1 News | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. | |||||
| CVE-2017-17581 | 1 Quibids Clone Project | 1 Quibids Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter. | |||||
| CVE-2016-9019 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter. | |||||
| CVE-2017-1002005 | 1 Dtracker Project | 1 Dtracker | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query. | |||||
| CVE-2016-4337 | 1 Ktools | 1 Photostore | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore before 4.7.5 allows remote attackers to execute arbitrary SQL commands via the email parameter in a recover_login action. | |||||
| CVE-2017-14738 | 1 Filerun | 1 Filerun | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function). | |||||
| CVE-2017-15975 | 1 Vastal | 1 Dating Zone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461. | |||||
| CVE-2017-15977 | 1 Protectedlinks | 1 Expiring Download Links | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Protected Links - Expiring Download Links 1.0 allows SQL Injection via the username parameter. | |||||
| CVE-2015-2798 | 1 Web-dorado | 1 Contact Form Maker | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2017-2120 | 1 Wbce | 1 Wbce Cms | 2025-04-20 | 6.0 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-6096 | 1 Mail-masta Project | 1 Mail-masta | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to Wordpress admin) with the GET Parameter: filter_list. | |||||
| CVE-2017-15968 | 1 Contractorscripts | 1 Mybuildersite | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.php subcategory parameter. | |||||
| CVE-2015-0782 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-11416 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Fiyo CMS 2.0.7 has SQL injection in /apps/app_comment/controller/insert.php via the name parameter. | |||||
| CVE-2017-15978 | 1 Arox | 1 School Erp Php Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter. | |||||