Total
14659 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12731 | 1 Opwglobal | 6 Sitesentinel Integra 100, Sitesentinel Integra 100 Firmware, Sitesentinel Integra 500 and 3 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. The application is vulnerable to injection of malicious SQL queries via the input from the client. | |||||
| CVE-2017-17950 | 1 Cells | 1 Blog | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid parameter. | |||||
| CVE-2017-9603 | 1 Intensewp | 1 Wp Jobs | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress allows authenticated users to execute arbitrary SQL commands via the jobid parameter to wp-admin/edit.php. | |||||
| CVE-2017-15946 | 1 Selfget | 1 Tag Meta | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| In the com_tag component 1.7.6 for Joomla!, a SQL injection vulnerability is located in the `tag` parameter to index.php. The request method to execute is GET. | |||||
| CVE-2016-9087 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter. | |||||
| CVE-2017-17895 | 1 Basic Job Site Script Project | 1 Basic Job Site Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI. | |||||
| CVE-2017-17648 | 1 Entrepreneur Dating Script Project | 1 Entrepreneur Dating Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter. | |||||
| CVE-2017-17928 | 1 Ordermanagementscript | 1 Professional Service Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter. | |||||
| CVE-2017-1002026 | 1 Eventespresso | 1 Event Espresso | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement. | |||||
| CVE-2017-15989 | 1 Online Exam Test Application Project | 1 Online Exam Test Application | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Online Exam Test Application allows SQL Injection via the resources.php sort parameter in a category action. | |||||
| CVE-2017-12776 | 1 Nexusphp Project | 1 Nexusphp | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter. | |||||
| CVE-2017-15959 | 1 Adultscriptpro | 1 Adultscriptpro | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576. | |||||
| CVE-2017-17635 | 1 Mlm Forex Market Plan Script Project | 1 Mlm Forex Market Plan Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| MLM Forex Market Plan Script 2.0.4 has SQL Injection via the news_detail.php newid parameter or the event_detail.php eventid parameter. | |||||
| CVE-2017-14247 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue to CVE-2017-1000060. | |||||
| CVE-2017-11474 | 1 Glpi-project | 1 Glpi | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computer_softwareversion.class.php, exploitable via ajax/common.tabs.php. | |||||
| CVE-2017-6577 | 1 Mail-masta Project | 1 Mail-masta | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: list_id. | |||||
| CVE-2017-5609 | 1 S9y | 1 Serendipity | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2017-1174 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123296. | |||||
| CVE-2017-16849 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter. | |||||
| CVE-2017-12930 | 1 Tecnovision | 1 Dlx Spot Player4 | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version >1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password. | |||||