Total
15222 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5570 | 1 Eclinicalworks | 1 Patient Portal | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the messageJson.jsp, which can only be exploited by authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile(). | |||||
| CVE-2017-17875 | 1 Jextn | 1 Jextn Faq Pro | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The JEXTN FAQ Pro extension 4.0.0 for Joomla! has SQL Injection via the id parameter in a view=category action. | |||||
| CVE-2017-5569 | 1 Eclinicalworks | 1 Patient Portal | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP POST request, and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile(). | |||||
| CVE-2016-0769 | 1 Elfden | 1 Eshop Plugin | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple SQL injection vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow (1) remote administrators to execute arbitrary SQL commands via the delid parameter or remote authenticated users to execute arbitrary SQL commands via the (2) view, (3) mark, or (4) change parameter. | |||||
| CVE-2017-17594 | 1 Domainsale Php Script Project | 1 Domainsale Php Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter. | |||||
| CVE-2017-16850 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action. | |||||
| CVE-2017-17578 | 1 Crowdfunding Script Project | 1 Crowdfunding Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter. | |||||
| CVE-2016-4905 | 1 Wp-olivecart | 2 Olivecart, Olivecartpro | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows attackers with administrator rights to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-1000060 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root | |||||
| CVE-2017-9834 | 1 Calendarscripts | 1 Watupro | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the watupro_questions parameter in a watupro_submit action to wp-admin/admin-ajax.php. | |||||
| CVE-2017-17603 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter. | |||||
| CVE-2017-15965 | 1 Nswd | 1 Ns Download Shop | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action. | |||||
| CVE-2017-12909 | 1 Nexusphp Project | 1 Nexusphp | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter. | |||||
| CVE-2017-12908 | 1 Nexusphp Project | 1 Nexusphp | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter. | |||||
| CVE-2016-10204 | 1 Zoneminder | 1 Zoneminder | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php. | |||||
| CVE-2015-0780 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-17941 | 1 Single Theater Booking Script Project | 1 Single Theater Booking Script | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter. | |||||
| CVE-2017-17586 | 1 Olx Clone Project | 1 Olx Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter or the message.php pid parameter. | |||||
| CVE-2016-4861 | 2 Fedoraproject, Zend | 2 Fedora, Zend Framework | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation. | |||||
| CVE-2015-5052 | 1 Sefrengo | 1 Sefrengo | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Sefrengo before 1.6.5 beta2. | |||||