Total
15227 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17637 | 1 Car Rental Script Project | 1 Car Rental Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter. | |||||
| CVE-2017-15958 | 1 Domainzaar | 1 D-park Pro | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the username to admin/loginform.php. | |||||
| CVE-2017-9759 | 1 Zenbership | 1 Zenbership | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL Injection exists in admin/index.php in Zenbership 1.0.8 via the filters array parameter, exploitable by a privileged account. | |||||
| CVE-2017-7878 | 1 Flatcore | 1 Flatcore-cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database. | |||||
| CVE-2017-15949 | 1 Angry-frog | 1 Xavier | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the log_id parameter to admin/editgroup.php. | |||||
| CVE-2016-5939 | 1 Ibm | 1 Kenexa Lms On Cloud | 2025-04-20 | 6.5 MEDIUM | 6.3 MEDIUM |
| IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. | |||||
| CVE-2017-17619 | 1 Laundry Booking Script Project | 1 Laundry Booking Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Laundry Booking Script 1.0 has SQL Injection via the /list city parameter. | |||||
| CVE-2016-7780 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. | |||||
| CVE-2017-5879 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects source_selector.php and the following parameter: src. | |||||
| CVE-2017-1356 | 1 Ibm | 1 Atlas Ediscovery Process Management | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126683. | |||||
| CVE-2017-1002013 | 1 Anblik | 1 Image-gallery-with-slideshow | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php. | |||||
| CVE-2016-3046 | 1 Ibm | 5 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile, Security Access Manager For Mobile Appliance and 2 more | 2025-04-20 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Access Manager for Web is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements which could allow the attacker to view information in the back-end database. | |||||
| CVE-2017-12910 | 1 Nexusphp Project | 1 Nexusphp | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter. | |||||
| CVE-2017-11584 | 1 Finecms | 1 Finecms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an action=module, action=member, action=form, or action=related request to libraries/Template.php. | |||||
| CVE-2015-5533 | 1 Count Per Day Project | 1 Count Per Day | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep_month parameter to wp-admin/options-general.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands. | |||||
| CVE-2017-6065 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticated users to execute arbitrary SQL commands via the order parameter. | |||||
| CVE-2017-17625 | 1 On Demand Marketplace Script Project | 1 On Demand Marketplace Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Professional Service Script 1.0 has SQL Injection via the service-list city parameter. | |||||
| CVE-2017-11324 | 1 Tilde Cms Project | 1 Tilde Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Tilde CMS 1.0.1. Due to missing escaping of the backtick character, a SELECT query in class.SystemAction.php is vulnerable to SQL Injection. The vulnerability can be triggered via a POST request to /actionphp/action.input.php with the id parameter. | |||||
| CVE-2017-15975 | 1 Vastal | 1 Dating Zone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461. | |||||
| CVE-2017-11385 | 1 Trendmicro | 1 Control Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. Formerly ZDI-CAN-4545. | |||||