Total
15226 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11329 | 1 Glpi-project | 1 Glpi | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php request with an entity_restrict parameter that is not a list of integers. | |||||
| CVE-2017-12679 | 1 Nexusphp | 1 Nexusphp | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php. | |||||
| CVE-2017-14652 | 1 Tapatalk | 1 Tapatalk | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tapatalk plugin before 4.5.8 for MyBB allows an unauthenticated remote attacker to inject arbitrary SQL commands via an XML-RPC encoded document sent as part of the user registration process. | |||||
| CVE-2017-17575 | 1 Groupon Clone Project | 1 Groupon Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter. | |||||
| CVE-2017-17730 | 1 Dedecms | 1 Dedecms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php. | |||||
| CVE-2017-8917 | 1 Joomla | 1 Joomla\! | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-8789 | 1 Accellion | 1 File Transfer Appliance | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. A report_error.php?year='payload SQL injection vector exists. | |||||
| CVE-2017-14845 | 1 Dasinfomedia | 1 Wpchurch Church Management System | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter. | |||||
| CVE-2015-3616 | 1 Fortinet | 7 Fortimanager 2000e, Fortimanager 200d, Fortimanager 3000f and 4 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters. | |||||
| CVE-2017-17616 | 1 Event Calendar Category Script Project | 1 Event Calendar Category Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Event Search Script 1.0 has SQL Injection via the /event-list city parameter. | |||||
| CVE-2017-17651 | 1 Paid To Read Script Project | 1 Paid To Read Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter. | |||||
| CVE-2017-17695 | 1 Techno - Portfolio Management Panel Project | 1 Techno - Portfolio Management Panel | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter. | |||||
| CVE-2017-15976 | 1 Zeescripts | 1 Zeebuddy | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid parameter, a different vulnerability than CVE-2008-3604. | |||||
| CVE-2017-8377 | 1 Genixcms | 1 Genixcms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid parameter. | |||||
| CVE-2017-15991 | 1 Vastal | 1 Agent Zone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type, city, or bedroom parameter, a different vulnerability than CVE-2008-3951, CVE-2009-3497, and CVE-2012-0982. | |||||
| CVE-2017-2133 | 1 Panasonic | 2 Kx-hjb1000, Kx-hjb1000 Firmware | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-14743 | 1 Faleemi | 2 Fsc-880, Fsc-880 Firmware | 2025-04-20 | 9.3 HIGH | 8.1 HIGH |
| Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/device_service, as demonstrated by reading the admin password. | |||||
| CVE-2017-16847 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action. | |||||
| CVE-2017-14723 | 1 Wordpress | 1 Wordpress | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks. | |||||
| CVE-2015-9226 | 1 Alegrocart | 1 Alegrocart | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_admin_download.php or remote authenticated users with a valid Paypal transaction token to execute arbitrary SQL commands via the ref parameter in the (3) orderUpdate function in upload/catalog/extension/payment/paypal.php. | |||||