Total
15227 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9226 | 1 Alegrocart | 1 Alegrocart | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_admin_download.php or remote authenticated users with a valid Paypal transaction token to execute arbitrary SQL commands via the ref parameter in the (3) orderUpdate function in upload/catalog/extension/payment/paypal.php. | |||||
| CVE-2017-14757 | 1 Opentext | 1 Document Sciences Xpression | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/downloadSupportFile.action, parameter: jobRunId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first. | |||||
| CVE-2017-17589 | 1 Thumbtack Clone Project | 1 Thumbtack Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter. | |||||
| CVE-2015-4724 | 1 Concretecms | 1 Concrete Cms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in Concrete5 5.7.3.1. | |||||
| CVE-2017-17621 | 1 Multivendor Penny Auction Clone Script Project | 1 Multivendor Penny Auction Clone Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI. | |||||
| CVE-2017-6095 | 1 Mail-masta Project | 1 Mail-masta | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php (Unauthenticated) with the GET Parameter: list_id. | |||||
| CVE-2017-14125 | 1 Wpdevart | 1 Responsive Image Gallery Gallery Album | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php. | |||||
| CVE-2017-15980 | 1 Rowindex | 1 Us Zip Codes Database Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter. | |||||
| CVE-2017-15946 | 1 Selfget | 1 Tag Meta | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| In the com_tag component 1.7.6 for Joomla!, a SQL injection vulnerability is located in the `tag` parameter to index.php. The request method to execute is GET. | |||||
| CVE-2017-5218 | 1 Sagecrm | 1 Sagecrm | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The AP_DocumentUI.asp web resource includes Utilityfuncs.js when the file is opened or viewed. This file crafts a SQL statement to identify the database that is to be in use with the current user's session. The database variable can be populated from the URL, and when supplied non-expected characters, can be manipulated to obtain access to the underlying database. The /CRM/CustomPages/ACCPAC/AP_DocumentUI.asp?SID=<VALID-SID>&database=1';WAITFOR DELAY '0:0:5'-- URI is a Proof of Concept. | |||||
| CVE-2017-6577 | 1 Mail-masta Project | 1 Mail-masta | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: list_id. | |||||
| CVE-2017-17612 | 1 Hot Scripts Clone Project | 1 Hot Scripts Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter. | |||||
| CVE-2017-14738 | 1 Filerun | 1 Filerun | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function). | |||||
| CVE-2017-17605 | 1 Consumer Complaints Clone Script Project | 1 Consumer Complaints Clone Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter. | |||||
| CVE-2017-1000129 | 1 S9y | 1 Serendipity | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure | |||||
| CVE-2017-6088 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | 9.0 HIGH | 7.2 HIGH |
| Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter to module/monitoring_ged/ged_functions.php or the (5) type parameter to monitoring_ged/ajax.php. | |||||
| CVE-2017-15986 | 1 Cpa Lead Reward Script Project | 1 Cpa Lead Reward Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| CPA Lead Reward Script allows SQL Injection via the username parameter. | |||||
| CVE-2017-6013 | 1 Intelliants | 1 Subrion Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter. | |||||
| CVE-2017-6574 | 1 Mail-masta Project | 1 Mail-masta | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: filter_list. | |||||
| CVE-2017-15373 | 1 Softwarepublico | 1 E-sic | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area). | |||||