Total
15253 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1002021 | 1 Surveys Project | 1 Surveys | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query. | |||||
| CVE-2017-14844 | 1 Dasinfomedia | 1 Wpgym Gym Management System | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter. | |||||
| CVE-2017-13137 | 1 Formcrafts | 1 Formcraft | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php. | |||||
| CVE-2015-9098 | 1 Red-gate | 1 Sql Monitor | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monitor is connecting to these machines using an account with SQL admin privileges, then code execution on the operating system can result in full system compromise (if Microsoft SQL Server is running with local administrator privileges). | |||||
| CVE-2017-17829 | 1 Doditsolutions | 1 Bus Booking Script | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| Bus Booking Script has SQL Injection via the admin/view_seatseller.php sp_id parameter or the admin/view_member.php memid parameter. | |||||
| CVE-2017-7236 | 1 Netapp | 1 Oncommand Unified Manager Core Package | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-1002010 | 1 Ontraport | 1 Membership Simplified | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete_media function. | |||||
| CVE-2017-17620 | 1 Lawyer Search Script Project | 1 Lawyer Search Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city parameter. | |||||
| CVE-2017-17613 | 1 Freelance Website Script Project | 1 Freelance Website Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php pr_id parameter or the searchbycat_list.php catid parameter. | |||||
| CVE-2017-1002019 | 1 Eventr Project | 1 Eventr | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this allows for blind SQL injection via the event parameter. | |||||
| CVE-2017-1347 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126462. | |||||
| CVE-2015-4627 | 1 Pragyan Cms Project | 1 Pragyan Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Pragyan CMS 3.0. | |||||
| CVE-2015-7564 | 1 Teampass | 1 Teampass | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php. | |||||
| CVE-2017-17607 | 1 Cms Auditor Website Project | 1 Cms Auditor Website | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail. | |||||
| CVE-2017-14842 | 1 Dasinfomedia | 1 Smsmaster Multipurpose Sms Gateway | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter. | |||||
| CVE-2017-17916 | 1 Rubyonrails | 1 Rails | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input | |||||
| CVE-2017-6573 | 1 Mail-masta Project | 1 Mail-masta | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit-list.php with the GET Parameter: id. | |||||
| CVE-2015-8974 | 1 Mybb | 2 Merge System, Mybb | 2025-04-20 | 7.5 HIGH | 10.0 CRITICAL |
| SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-7390 | 1 Testlink | 1 Testlink | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php. | |||||
| CVE-2017-11678 | 1 Hashtopus Project | 1 Hashtopus | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php. | |||||