Total
17787 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15919 | 1 Accesspressthemes | 1 Ultimate-form-builder-lite | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php. | |||||
| CVE-2016-9019 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter. | |||||
| CVE-2017-9463 | 1 Piwigo | 1 Piwigo | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| The application Piwigo is affected by a SQL injection vulnerability in version 2.9.0 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The user_list_backend.php component is affected: values of the iDisplayStart & iDisplayLength parameters are not sanitized; these are used to construct a SQL query and retrieve a list of registered users into the application. | |||||
| CVE-2017-12947 | 1 Easymodal Project | 1 Easy Modal | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in an untrash action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators. | |||||
| CVE-2017-12679 | 1 Nexusphp | 1 Nexusphp | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php. | |||||
| CVE-2017-16846 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter. | |||||
| CVE-2017-15880 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group). | |||||
| CVE-2017-5347 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in inc/mod/newsletter/options.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the recipient parameter to gxadmin/index.php. | |||||
| CVE-2017-17636 | 1 Mlm Forced Matrix Project | 1 Mlm Forced Matrix | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter. | |||||
| CVE-2017-12650 | 1 Loginizer | 1 Loginizer | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header. | |||||
| CVE-2016-4893 | 1 Setucocms Project | 1 Setucocms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the SetsucoCMS all versions allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-17600 | 1 Basic B2b Script Project | 1 Basic B2b Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter. | |||||
| CVE-2015-3616 | 1 Fortinet | 7 Fortimanager 2000e, Fortimanager 200d, Fortimanager 3000f and 4 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters. | |||||
| CVE-2017-16961 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The attack uses an admin/trees/add/process request with a crafted _tags[] parameter that is mishandled in a later admin/ajax/dashboard/approve-change request. | |||||
| CVE-2017-1174 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123296. | |||||
| CVE-2017-15978 | 1 Arox | 1 School Erp Php Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter. | |||||
| CVE-2017-5611 | 3 Debian, Oracle, Wordpress | 3 Debian Linux, Data Integrator, Wordpress | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name. | |||||
| CVE-2017-9437 | 1 Openbravo | 1 Openbravo Erp | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Openbravo Business Suite 3.0 is affected by SQL injection. This vulnerability could allow remote authenticated attackers to inject arbitrary SQL code. | |||||
| CVE-2017-7221 | 1 Opentext | 1 Documentum Content Server | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docbase method with a user-created dm_procedure object, as demonstrated by use of a backspace character in an injected string. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513. | |||||
| CVE-2015-3314 | 1 Tune Library Project | 1 Tune Library | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| SQL injection vulnerability in WordPress Tune Library plugin before 1.5.5. | |||||