Total
15207 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14600 | 1 Pragyan Cms Project | 1 Pragyan Cms | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure. | |||||
| CVE-2017-11445 | 1 Intelliants | 1 Subrion Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $_POST array. | |||||
| CVE-2017-2641 | 1 Moodle | 1 Moodle | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| In Moodle 2.x and 3.x, SQL injection can occur via user preferences. | |||||
| CVE-2017-17622 | 1 Online Exam Test Application Script Project | 1 Online Exam Test Application Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Online Exam Test Application Script 1.6 has SQL Injection via the exams.php sort parameter. | |||||
| CVE-2017-6572 | 1 Mail-masta Project | 1 Mail-masta | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/add_member.php with the GET Parameter: filter_list. | |||||
| CVE-2017-15579 | 1 Phpsugar | 1 Php Melody | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php. | |||||
| CVE-2017-17587 | 1 Indiamart Clone Project | 1 Indiamart Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token parameter, buyleads-details.php id parameter, or company/index.php c parameter. | |||||
| CVE-2017-9360 | 1 Websitebaker | 1 Websitebaker | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php. | |||||
| CVE-2017-14760 | 1 Eventespresso | 1 Event Espresso Lite | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in /includes/event-management/index.php in the event-espresso-free (aka Event Espresso Lite) plugin v3.1.37.12.L for WordPress via the recurrence_id parameter to /wp-admin/admin.php. | |||||
| CVE-2017-17823 | 1 Piwigo | 1 Piwigo | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database. | |||||
| CVE-2017-17608 | 1 Kindergarten - Elementary School Listing Script Project | 1 Kindergarten - Elementary School Listing Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Child Care Script 1.0 has SQL Injection via the /list city parameter. | |||||
| CVE-2017-11414 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/sys_comment.php via $_POST['comment'], $_POST['name'], $_POST['web'], $_POST['email'], $_POST['status'], $_POST['id'], and $_REQUEST['id']. | |||||
| CVE-2017-17579 | 1 Freelancer Clone Project | 1 Freelancer Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FS Freelancer Clone 1.0 has SQL Injection via the profile.php u parameter. | |||||
| CVE-2017-13068 | 1 Qnap | 1 Qts Helpdesk | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| QNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information. A remote attacker does not require any privileges to successfully execute this attack. | |||||
| CVE-2015-4073 | 1 Helpdesk Pro Project | 1 Helpdesk Pro | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter. | |||||
| CVE-2017-11417 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_status.php via $_GET['id']. | |||||
| CVE-2015-8356 | 1 Bitrix Project | 1 Bitrix | 2025-04-20 | 6.0 MEDIUM | 8.0 HIGH |
| Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to admin/mcart_xls_import.php or the (2) xls_iblock_id, (3) xls_iblock_section_id, (4) firstRow, (5) titleRow, (6) firstColumn, (7) highestColumn, (8) sku_iblock_id, or (9) xls_iblock_section_id_new parameter to admin/mcart_xls_import_step_2.php. | |||||
| CVE-2017-12776 | 1 Nexusphp Project | 1 Nexusphp | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter. | |||||
| CVE-2016-9992 | 1 Ibm | 1 Kenexa Lcms Premier | 2025-04-20 | 6.5 MEDIUM | 7.1 HIGH |
| IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067. | |||||
| CVE-2015-8334 | 1 Huawei | 2 Vcn500, Vcn500 Firmware | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the Operation and Maintenance Unit (OMU) in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request. | |||||