Total
17787 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12909 | 1 Nexusphp Project | 1 Nexusphp | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter. | |||||
| CVE-2017-9449 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. The attacker creates a crafted table name at admin/developer/modules/views/create/ and the injection is visible at admin/ajax/auto-modules/views/searchable-page/ or admin/modules_name. | |||||
| CVE-2017-12910 | 1 Nexusphp Project | 1 Nexusphp | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter. | |||||
| CVE-2017-15989 | 1 Online Exam Test Application Project | 1 Online Exam Test Application | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Online Exam Test Application allows SQL Injection via the resources.php sort parameter in a category action. | |||||
| CVE-2016-9020 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. | |||||
| CVE-2016-2555 | 1 Atutor | 1 Atutor | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php. | |||||
| CVE-2017-16847 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action. | |||||
| CVE-2015-2798 | 1 Web-dorado | 1 Contact Form Maker | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2017-17110 | 1 Techno - Portfolio Management Panel Project | 1 Techno - Portfolio Management Panel | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request. | |||||
| CVE-2017-1002004 | 1 Dtracker Project | 1 Dtracker | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query. | |||||
| CVE-2017-12731 | 1 Opwglobal | 6 Sitesentinel Integra 100, Sitesentinel Integra 100 Firmware, Sitesentinel Integra 500 and 3 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. The application is vulnerable to injection of malicious SQL queries via the input from the client. | |||||
| CVE-2017-7290 | 1 Xoops | 1 Xoops | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An example attack uses "into outfile" to create a backdoor program. | |||||
| CVE-2017-6492 | 1 Admidio | 1 Admidio | 2025-04-20 | 9.0 HIGH | 7.2 HIGH |
| SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. The POST parameter dat_cat_id is concatenated into a SQL query without any input validation/sanitization. | |||||
| CVE-2017-11475 | 1 Glpi-project | 1 Glpi | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php. | |||||
| CVE-2017-17873 | 1 Vanguard Project | 1 Marketplace Digital Products Php | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI. | |||||
| CVE-2017-15982 | 1 Geniusocean | 1 News | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. | |||||
| CVE-2017-12981 | 1 Nexusphp | 1 Nexusphp | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action. | |||||
| CVE-2016-8025 | 1 Mcafee | 1 Virusscan Enterprise | 2025-04-20 | 6.0 MEDIUM | 6.2 MEDIUM |
| SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter. | |||||
| CVE-2017-8198 | 1 Huawei | 1 Fusionsphere | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| FusionSphere V100R006C00SPC102(NFV) has an SQL injection vulnerability. An authenticated, remote attacker could craft interface messages carrying malicious SQL statements and send them to a target device. Successful exploit could allow the attacker to launch an SQL injection attack and execute SQL commands. | |||||
| CVE-2016-9992 | 1 Ibm | 1 Kenexa Lcms Premier | 2025-04-20 | 6.5 MEDIUM | 7.1 HIGH |
| IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067. | |||||