Total
15246 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9993 | 1 Ibm | 1 Kenexa Lcms Premier | 2025-04-20 | 6.5 MEDIUM | 7.1 HIGH |
| IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067. | |||||
| CVE-2016-9994 | 1 Ibm | 1 Kenexa Lcms Premier | 2025-04-20 | 6.5 MEDIUM | 7.1 HIGH |
| IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1976805. | |||||
| CVE-2017-17633 | 1 Multiplex Movie Theater Booking Script Project | 1 Multiplex Movie Theater Booking Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Multiplex Movie Theater Booking Script 3.1.5 has SQL Injection via the trailer-detail.php moid parameter, show-time.php moid parameter, or event-detail.php eid parameter. | |||||
| CVE-2017-7628 | 1 Smart Related Articles Project | 1 Smart Related Articles | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability). | |||||
| CVE-2017-11200 | 1 Finecms Project | 1 Finecms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL Injection exists in FineCMS through 2017-07-12 via the application/core/controller/excludes.php visitor_ip parameter. | |||||
| CVE-2017-1002028 | 1 Angrybyte | 1 Gallery-transformation | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query. | |||||
| CVE-2017-17581 | 1 Quibids Clone Project | 1 Quibids Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter. | |||||
| CVE-2017-7879 | 1 Flatcore | 1 Flatcore-cms | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database. | |||||
| CVE-2017-1174 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123296. | |||||
| CVE-2016-5952 | 1 Ibm | 1 Kenexa Lcms Premier | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. | |||||
| CVE-2017-7991 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php. | |||||
| CVE-2017-12949 | 1 Podlove | 1 Podlove Podcast Publisher | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF. | |||||
| CVE-2017-9435 | 1 Dolibarr | 1 Dolibarr | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters). | |||||
| CVE-2017-16851 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter. | |||||
| CVE-2017-15987 | 1 Fake Magazine Cover Script Project | 1 Fake Magazine Cover Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter. | |||||
| CVE-2017-17632 | 1 Responsive Events And Movie Ticket Booking Script Project | 1 Responsive Events And Movie Ticket Booking Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Responsive Events And Movie Ticket Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter. | |||||
| CVE-2017-15982 | 1 Geniusocean | 1 News | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. | |||||
| CVE-2017-17648 | 1 Entrepreneur Dating Script Project | 1 Entrepreneur Dating Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter. | |||||
| CVE-2017-17580 | 1 Linkedin Clone Project | 1 Linkedin Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter. | |||||
| CVE-2016-10378 | 1 E107 | 1 E107 | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function. | |||||