Total
17787 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7517 | 1 Labwebdesigns | 1 Double Opt-in For Download | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin before 2.0.9 for WordPress allow remote attackers to execute arbitrary SQL commands via the ver parameter to (1) class-doifd-download.php or (2) class-doifd-landing-page.php in public/includes/. | |||||
| CVE-2017-17591 | 1 Realestate Crowdfunding Script Project | 1 Realestate Crowdfunding Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter. | |||||
| CVE-2017-14703 | 1 Cashbackcomparisonscript | 1 Cash Back Comparison | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to search/. | |||||
| CVE-2017-14145 | 1 Helpdezk | 1 Helpdezk | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| HelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\loginController.php via the admin/login/getWarningInfo/id/ PATH_INFO, related to the selectWarning function. | |||||
| CVE-2017-11412 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/controller/comment_status.php via $_GET['id']. | |||||
| CVE-2017-17895 | 1 Basic Job Site Script Project | 1 Basic Job Site Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI. | |||||
| CVE-2017-1002005 | 1 Dtracker Project | 1 Dtracker | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query. | |||||
| CVE-2017-17959 | 1 Php Multivendor Ecommerce Project | 1 Php Multivendor Ecommerce | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter. | |||||
| CVE-2015-4073 | 1 Helpdesk Pro Project | 1 Helpdesk Pro | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter. | |||||
| CVE-2017-17102 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST['link']. | |||||
| CVE-2016-3046 | 1 Ibm | 5 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile, Security Access Manager For Mobile Appliance and 2 more | 2025-04-20 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Access Manager for Web is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements which could allow the attacker to view information in the back-end database. | |||||
| CVE-2017-17633 | 1 Multiplex Movie Theater Booking Script Project | 1 Multiplex Movie Theater Booking Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Multiplex Movie Theater Booking Script 3.1.5 has SQL Injection via the trailer-detail.php moid parameter, show-time.php moid parameter, or event-detail.php eid parameter. | |||||
| CVE-2017-11413 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/comment_status.php via $_GET['id']. | |||||
| CVE-2017-17590 | 1 Stackoverflow-clone Project | 1 Stackoverflow-clone | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FS Stackoverflow Clone 1.0 has SQL Injection via the /question keywords parameter. | |||||
| CVE-2017-17597 | 1 Nearbuy Clone Script Project | 1 Nearbuy Clone Script | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Nearbuy Clone Script 3.2 has SQL Injection via the category_list.php search parameter. | |||||
| CVE-2017-14069 | 1 Nexusphp | 1 Nexusphp | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php. | |||||
| CVE-2017-12710 | 1 Advantech | 1 Webaccess | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information. | |||||
| CVE-2017-11386 | 1 Trendmicro | 1 Control Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x4707 due to lack of proper user input validation in cmdHandlerNewReportScheduler.dll. Formerly ZDI-CAN-4549. | |||||
| CVE-2015-3933 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php. | |||||
| CVE-2017-15984 | 1 Bekirk | 1 Creative Management System Lite | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php. | |||||