Total
15263 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17571 | 1 Foodpanda Clone Project | 1 Foodpanda Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FS Foodpanda Clone 1.0 has SQL Injection via the /food keywords parameter. | |||||
| CVE-2017-14508 | 1 Sugarcrm | 1 Sugarcrm | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). Several areas have been identified in the Documents and Emails module that could allow an authenticated user to perform SQL injection, as demonstrated by a backslash character at the end of a bean_id to modules/Emails/DetailView.php. An attacker could exploit these vulnerabilities by sending a crafted SQL request to the affected areas. An exploit could allow the attacker to modify the SQL database. Proper SQL escaping has been added to prevent such exploits. | |||||
| CVE-2016-9728 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Qradar 7.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM Reference #: 1999543. | |||||
| CVE-2017-6096 | 1 Mail-masta Project | 1 Mail-masta | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to Wordpress admin) with the GET Parameter: filter_list. | |||||
| CVE-2017-14843 | 1 Dasinfomedia | 1 School Management System | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Mojoomla School Management System for WordPress allows SQL Injection via the id parameter. | |||||
| CVE-2017-5663 | 1 Apache | 1 Fineract | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. The 'sqlSearch' parameter on a number of endpoints is not sanitized and appended directly to the query. | |||||
| CVE-2017-17615 | 1 Facebook Clone Script Project | 1 Facebook Clone Script | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter. | |||||
| CVE-2017-12946 | 1 Easymodal Project | 1 Easy Modal | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators. | |||||
| CVE-2017-1002027 | 1 Rayanehdownload | 1 Rk-responsive-contact-form | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rk_user_list.php. | |||||
| CVE-2016-4338 | 1 Zabbix | 1 Zabbix | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size parameter. | |||||
| CVE-2017-11383 | 1 Trendmicro | 1 Control Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Formerly ZDI-CAN-4560. | |||||
| CVE-2015-3314 | 1 Tune Library Project | 1 Tune Library | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| SQL injection vulnerability in WordPress Tune Library plugin before 1.5.5. | |||||
| CVE-2017-14396 | 1 Osticket | 1 Osticket | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php. | |||||
| CVE-2015-3313 | 1 Community Events Project | 1 Community Events | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in WordPress Community Events plugin before 1.4. | |||||
| CVE-2017-9429 | 1 Event List Project | 1 Event List | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the id parameter to wp-admin/admin.php. | |||||
| CVE-2017-12977 | 1 10web | 1 Photo Gallery | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It is exploitable by administrators via the tag_id parameter. | |||||
| CVE-2017-16733 | 1 Ecava | 1 Integraxor | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database. | |||||
| CVE-2017-16846 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter. | |||||
| CVE-2016-7782 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter. | |||||
| CVE-2017-14512 | 1 Nexusphp Project | 1 Nexusphp | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981. | |||||