Total
15229 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17629 | 1 Secure E-commerce Script Project | 1 Secure E-commerce Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Secure E-commerce Script 2.0.1 has SQL Injection via the category.php searchmain or searchcat parameter, or the single_detail.php sid parameter. | |||||
| CVE-2017-17627 | 1 Readymade Video Sharing Script Project | 1 Readymade Video Sharing Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter. | |||||
| CVE-2017-14847 | 1 Dasinfomedia | 1 Wpams Apartment Management System | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter. | |||||
| CVE-2017-17610 | 1 E-commerce Mlm Software Project | 1 E-commerce Mlm Software | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| E-commerce MLM Software 1.0 has SQL Injection via the service_detail.php pid parameter, event_detail.php eventid parameter, or news_detail.php newid parameter. | |||||
| CVE-2017-15988 | 1 Nicephpscripts | 1 Nice Php Faq Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme parameter, a different vulnerability than CVE-2008-6525. | |||||
| CVE-2017-17630 | 1 Yoga Class Script Project | 1 Yoga Class Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Yoga Class Script 1.0 has SQL Injection via the /list city parameter. | |||||
| CVE-2017-15933 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php. | |||||
| CVE-2017-6575 | 1 Mail-masta Project | 1 Mail-masta | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: member_id. | |||||
| CVE-2017-7886 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter. | |||||
| CVE-2017-9449 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. The attacker creates a crafted table name at admin/developer/modules/views/create/ and the injection is visible at admin/ajax/auto-modules/views/searchable-page/ or admin/modules_name. | |||||
| CVE-2017-12774 | 1 Finecms Project | 1 Finecms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| finecms in 1.9.5\controllers\member\ContentController.php allows remote attackers to operate website database | |||||
| CVE-2017-14758 | 1 Opentext | 1 Document Sciences Xpression | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.jsp, parameter: documentId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first. | |||||
| CVE-2017-17102 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST['link']. | |||||
| CVE-2017-11161 | 1 Synology | 1 Photo Station | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php. | |||||
| CVE-2017-1002022 | 1 Surveys Project | 1 Surveys | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query. | |||||
| CVE-2017-6492 | 1 Admidio | 1 Admidio | 2025-04-20 | 9.0 HIGH | 7.2 HIGH |
| SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. The POST parameter dat_cat_id is concatenated into a SQL query without any input validation/sanitization. | |||||
| CVE-2017-16955 | 1 Inlinks Project | 1 Inlinks | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the InLinks plugin through 1.1 for WordPress allows authenticated users to execute arbitrary SQL commands via the "keyword" parameter to /wp-admin/options-general.php?page=inlinks/inlinks.php. | |||||
| CVE-2016-7781 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the author parameter. | |||||
| CVE-2017-1002020 | 1 Surveys Project | 1 Surveys | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query. | |||||
| CVE-2015-7569 | 1 Yeager | 1 Yeager Cms | 2025-04-20 | 7.5 HIGH | 8.8 HIGH |
| SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter. | |||||