Total
15234 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15907 | 1 Phpcollab | 1 Phpcollab | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in phpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to newsdesk/newsdesk.php. | |||||
| CVE-2017-9443 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and core\admin\modules\developer\packages\install\process.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files. | |||||
| CVE-2017-11354 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Fiyo CMS v2.0.7 has an SQL injection vulnerability in dapur/apps/app_article/sys_article.php via the name parameter in editing or adding a tag name. | |||||
| CVE-2017-3886 | 1 Cisco | 1 Unified Communications Manager | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The attacker must be authenticated as an administrative user to execute SQL database queries. More Information: CSCvc74291. Known Affected Releases: 1.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 12.0(0.98000.619) 12.0(0.98000.485) 12.0(0.98000.212) 11.5(1.13035.1) 11.0(1.23900.5) 11.0(1.23900.2) 11.0(1.23067.1) 10.5(2.15900.2). | |||||
| CVE-2017-6098 | 1 Mail-masta Project | 1 Mail-masta | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign_save.php (Requires authentication to Wordpress admin) with the POST Parameter: list_id. | |||||
| CVE-2017-14078 | 1 Trendmicro | 1 Mobile Security | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | |||||
| CVE-2017-17576 | 1 Gigs Script Project | 1 Gigs Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter. | |||||
| CVE-2017-17596 | 1 Entrepreneur Job Portal Script Project | 1 Entrepreneur Job Portal Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter. | |||||
| CVE-2017-17626 | 1 Readymade Php Classified Script Project | 1 Readymade Php Classified Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter. | |||||
| CVE-2016-8928 | 1 Ibm | 1 Kenexa Lms | 2025-04-20 | 6.5 MEDIUM | 7.6 HIGH |
| IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. | |||||
| CVE-2017-17617 | 1 Foodspotting Clone Script Project | 1 Foodspotting Clone Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php q parameter. | |||||
| CVE-2014-8621 | 1 Store Locator Project | 1 Store Locator | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the Store Locator plugin 2.3 through 3.11 for WordPress allows remote attackers to execute arbitrary SQL commands via the sl_custom_field parameter to sl-xml.php. | |||||
| CVE-2017-11415 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/sys_article.php via $_POST['parent_id'], $_POST['desc'], $_POST['keys'], and $_POST['level']. | |||||
| CVE-2017-7719 | 1 Web-dorado | 1 Spider Event Calendar | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for WordPress is exploitable with the order_by parameter to calendar_functions.php or widget_Theme_functions.php, related to front_end/frontend_functions.php. | |||||
| CVE-2017-17824 | 1 Piwigo | 1 Piwigo | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database. | |||||
| CVE-2017-15960 | 1 Yourarticlesdirectory | 1 Article Directory Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php. | |||||
| CVE-2017-5598 | 1 Eclinicalworks | 1 Patient Portal | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in eClinicalWorks healow@work 8.0 build 8. This is a blind SQL injection within the EmployeePortalServlet, which can be exploited by un-authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects the EmployeePortalServlet page and the following parameter: employer. | |||||
| CVE-2017-15974 | 1 Datacomponents | 1 Tpanel | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php. | |||||
| CVE-2017-5345 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in inc/lib/Control/Ajax/tags-ajax.control.php in GeniXCMS 0.0.8 allows remote authenticated editors to execute arbitrary SQL commands via the term parameter to the default URI. | |||||
| CVE-2017-1183 | 1 Ibm | 1 Tivoli Monitoring | 2025-04-20 | 5.4 MEDIUM | 7.5 HIGH |
| IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force ID: 123494. | |||||