Total
15227 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14703 | 1 Cashbackcomparisonscript | 1 Cash Back Comparison | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to search/. | |||||
| CVE-2017-15964 | 1 Nicephpscripts | 1 Job Board Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Job Board Script Software allows SQL Injection via the PATH_INFO to a /job-details URI. | |||||
| CVE-2017-17642 | 1 Basic Job Site Script Project | 1 Basic Job Site Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job. | |||||
| CVE-2017-15971 | 1 Softdatepro | 1 Same Date Pro | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Same Sex Dating Software Pro 1.0 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15972. | |||||
| CVE-2017-17721 | 1 Zuuse | 1 Beims Contractorweb .net | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter. | |||||
| CVE-2016-7803 | 1 Cybozu | 1 Garoon | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function. | |||||
| CVE-2016-7789 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the apikey parameter. | |||||
| CVE-2017-16543 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter. | |||||
| CVE-2017-1606 | 1 Ibm | 1 Financial Transaction Manager | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 132926. | |||||
| CVE-2017-7221 | 1 Opentext | 1 Documentum Content Server | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docbase method with a user-created dm_procedure object, as demonstrated by use of a backspace character in an injected string. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513. | |||||
| CVE-2017-15875 | 1 Sistemagpweb | 1 Gpweb | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter. | |||||
| CVE-2017-8796 | 1 Accellion | 1 File Transfer Appliance | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because mysql_real_escape_string is misused, seos/courier/communication_p2p.php allows SQL injection with the app_id parameter. | |||||
| CVE-2017-17584 | 1 Makemytrip Clone Project | 1 Makemytrip Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FS Makemytrip Clone 1.0 has SQL Injection via the show-flight-result.php fl_orig or fl_dest parameter. | |||||
| CVE-2017-12930 | 1 Tecnovision | 1 Dlx Spot Player4 | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version >1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password. | |||||
| CVE-2017-17598 | 1 Affiliate Mlm Script Project | 1 Affiliate Mlm Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Affiliate MLM Script 1.0 has SQL Injection via the product-category.php key parameter. | |||||
| CVE-2017-6557 | 1 Xirrus | 1 Arrayos | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in ArrayOS before AG 9.4.0.135, when the portal bookmark function is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-15539 | 1 Zorovavi\/blog Project | 1 Zorovavi\/blog | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php. | |||||
| CVE-2017-17600 | 1 Basic B2b Script Project | 1 Basic B2b Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter. | |||||
| CVE-2017-15992 | 1 Website Broker Script Project | 1 Website Broker Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php. | |||||
| CVE-2016-4468 | 2 Cloudfoundry, Pivotal Software | 5 Cloud Foundry Uaa Bosh, Cloud Foundry, Cloud Foundry Elastic Runtime and 2 more | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||