Total
15207 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5575 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the modules parameter. | |||||
| CVE-2017-1002005 | 1 Dtracker Project | 1 Dtracker | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query. | |||||
| CVE-2017-2120 | 1 Wbce | 1 Wbce Cms | 2025-04-20 | 6.0 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-6195 | 1 Ipswitch | 2 Moveit Dmz, Moveit Transfer 2017 | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017 9.0.0.201, MOVEit DMZ 8.3.0.30, and MOVEit DMZ 8.2.0.20. | |||||
| CVE-2017-11631 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL injection via the id parameter. | |||||
| CVE-2017-15970 | 1 Phpcityportal | 1 Phpcityportal | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| PHP CityPortal 2.0 allows SQL Injection via the nid parameter to index.php in a page=news action, or the cat parameter. | |||||
| CVE-2017-17634 | 1 Single Theater Booking Script Project | 1 Single Theater Booking Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Single Theater Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter. | |||||
| CVE-2017-5346 | 1 Genixcms | 1 Genixcms | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in inc/lib/Control/Backend/posts.control.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to gxadmin/index.php. | |||||
| CVE-2017-17611 | 1 Doctor Search Script Project | 1 Doctor Search Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Doctor Search Script 1.0 has SQL Injection via the /list city parameter. | |||||
| CVE-2016-7788 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2015-0782 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-7714 | 1 Realtyna | 1 Realtyna Property Listing | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| Multiple SQL injection vulnerabilities in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allow remote administrators to execute arbitrary SQL commands via the (1) id, (2) copy_field in a data_copy action, (3) pshow in an update_field action, (4) css, (5) tip, (6) cat_id, (7) text_search, (8) plisting, or (9) pwizard parameter to administrator/index.php. | |||||
| CVE-2017-12650 | 1 Loginizer | 1 Loginizer | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header. | |||||
| CVE-2017-17643 | 1 Lynda Clone Project | 1 Lynda Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tutorial/. | |||||
| CVE-2017-2195 | 1 Multi Feed Reader Project | 1 Multi Feed Reader | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the Multi Feed Reader prior to version 2.2.4 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-16849 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter. | |||||
| CVE-2017-17567 | 1 Scubez | 1 Posty Readymade Classifieds | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Scubez Posty Readymade Classifieds has SQL Injection via the admin/user_activate_submit.php ID parameter. | |||||
| CVE-2016-4337 | 1 Ktools | 1 Photostore | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore before 4.7.5 allows remote attackers to execute arbitrary SQL commands via the email parameter in a recover_login action. | |||||
| CVE-2017-15983 | 1 Geniusocean | 1 Mymagazine Magazine \& Blog Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. | |||||
| CVE-2017-14242 | 1 Dolibarr | 1 Dolibarr | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter. | |||||