Total
14524 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16961 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The attack uses an admin/trees/add/process request with a crafted _tags[] parameter that is mishandled in a later admin/ajax/dashboard/approve-change request. | |||||
| CVE-2017-17607 | 1 Cms Auditor Website Project | 1 Cms Auditor Website | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail. | |||||
| CVE-2017-6578 | 1 Mail-masta Project | 1 Mail-masta | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: subscriber_email. | |||||
| CVE-2017-17600 | 1 Basic B2b Script Project | 1 Basic B2b Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter. | |||||
| CVE-2017-8015 | 1 Emc | 1 Appsync | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2017-1002012 | 1 Anblik | 1 Image-gallery-with-slideshow | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, In image-gallery-with-slideshow/admin_setting.php the following snippet of code does not sanitize input via the gid variable before passing it into an SQL statement. | |||||
| CVE-2017-15880 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group). | |||||
| CVE-2017-17648 | 1 Entrepreneur Dating Script Project | 1 Entrepreneur Dating Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter. | |||||
| CVE-2017-7581 | 1 News System Project | 1 News System | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed. | |||||
| CVE-2017-3835 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. More Information: CSCvb15627. Known Affected Releases: 1.4(0.908). | |||||
| CVE-2017-15968 | 1 Contractorscripts | 1 Mybuildersite | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.php subcategory parameter. | |||||
| CVE-2017-17589 | 1 Thumbtack Clone Project | 1 Thumbtack Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter. | |||||
| CVE-2016-1218 | 1 Cybozu | 1 Garoon | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in Cybozu Garoon before 4.2.2. | |||||
| CVE-2017-17624 | 1 Php Multivendor Ecommerce Project | 1 Php Multivendor Ecommerce | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1 parameter. | |||||
| CVE-2017-6550 | 1 Kinsey | 1 Infor-lawson | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute arbitrary SQL commands via the (1) TABLE parameter to esbus/servlet/GetSQLData or (2) QUERY parameter to KK_LS9ReportingPortal/GetData. | |||||
| CVE-2017-16510 | 1 Wordpress | 1 Wordpress | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723. | |||||
| CVE-2017-1002021 | 1 Surveys Project | 1 Surveys | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query. | |||||
| CVE-2017-17626 | 1 Readymade Php Classified Script Project | 1 Readymade Php Classified Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter. | |||||
| CVE-2017-17584 | 1 Makemytrip Clone Project | 1 Makemytrip Clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FS Makemytrip Clone 1.0 has SQL Injection via the show-flight-result.php fl_orig or fl_dest parameter. | |||||
| CVE-2017-17916 | 1 Rubyonrails | 1 Rails | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input | |||||