Total
14524 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14843 | 1 Dasinfomedia | 1 School Management System | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Mojoomla School Management System for WordPress allows SQL Injection via the id parameter. | |||||
| CVE-2017-14242 | 1 Dolibarr | 1 Dolibarr | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter. | |||||
| CVE-2017-17619 | 1 Laundry Booking Script Project | 1 Laundry Booking Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Laundry Booking Script 1.0 has SQL Injection via the /list city parameter. | |||||
| CVE-2017-15982 | 1 Geniusocean | 1 News | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. | |||||
| CVE-2015-9098 | 1 Red-gate | 1 Sql Monitor | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monitor is connecting to these machines using an account with SQL admin privileges, then code execution on the operating system can result in full system compromise (if Microsoft SQL Server is running with local administrator privileges). | |||||
| CVE-2017-14738 | 1 Filerun | 1 Filerun | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function). | |||||
| CVE-2017-17895 | 1 Basic Job Site Script Project | 1 Basic Job Site Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI. | |||||
| CVE-2017-16848 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter. | |||||
| CVE-2017-15984 | 1 Bekirk | 1 Creative Management System Lite | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php. | |||||
| CVE-2017-15981 | 1 Geniusocean | 1 Newspaper | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. | |||||
| CVE-2017-15919 | 1 Accesspressthemes | 1 Ultimate-form-builder-lite | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php. | |||||
| CVE-2017-15379 | 1 Softwarepublico | 1 E-sic | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password. | |||||
| CVE-2015-5376 | 1 Gsi-office | 1 Winpat Portal | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the login form in GSI WiNPAT Portal 3.2.0.1001 through 3.6.1.0 allows remote attackers to execute arbitrary SQL commands via the username field. | |||||
| CVE-2017-12776 | 1 Nexusphp Project | 1 Nexusphp | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter. | |||||
| CVE-2017-17111 | 1 Scubez | 1 Posty Readymade Classifieds | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request. | |||||
| CVE-2016-8341 | 1 Ecava | 1 Integraxor | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host's database could be subject to read, write, and delete commands. | |||||
| CVE-2017-5570 | 1 Eclinicalworks | 1 Patient Portal | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the messageJson.jsp, which can only be exploited by authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile(). | |||||
| CVE-2017-10816 | 1 Intercom | 1 Malion | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to execute arbitrary SQL commands via Relay Service Server. | |||||
| CVE-2017-14238 | 1 Dolibarr | 1 Dolibarr | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter. | |||||
| CVE-2017-1000031 | 1 Cacti | 1 Cacti | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters. | |||||