Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17573 | 1 Fortunescripts | 1 Ebay Clone | 2017-12-20 | 7.5 HIGH | 9.8 CRITICAL |
| FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, or the search.php category_id or sub_category_id parameter. | |||||
| CVE-2017-10682 | 1 Piwigo | 1 Piwigo | 2017-12-19 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or status page to cat_options.php. | |||||
| CVE-2017-16893 | 1 Piwigo | 1 Piwigo | 2017-12-19 | 4.0 MEDIUM | 6.5 MEDIUM |
| The application Piwigo is affected by an SQL injection vulnerability in version 2.9.2 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. tags.php is affected: values of the edit_list parameters are not sanitized; these are used to construct an SQL query and retrieve a list of registered users into the application. | |||||
| CVE-2017-1356 | 1 Ibm | 1 Atlas Ediscovery Process Management | 2017-12-19 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126683. | |||||
| CVE-2017-17103 | 1 Fiyo | 1 Fiyo Cms | 2017-12-15 | 6.5 MEDIUM | 8.8 HIGH |
| Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via $_POST[name] or $_POST[email]. This vulnerability can lead to escalation from normal user privileges to administrator privileges. | |||||
| CVE-2017-10899 | 1 Ark-web | 1 A-reserve | 2017-12-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the A-Reserve and A-Reserve for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-10898 | 1 Ark-web | 1 A-member | 2017-12-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the A-Member and A-Member for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-17102 | 1 Fiyo | 1 Fiyo Cms | 2017-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST['link']. | |||||
| CVE-2008-6046 | 1 Adbnewssender Project | 1 Adbnewssender | 2017-12-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ADbNewsSender before 1.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors in (1) opt_in_out.php.inc, (2) confirmation.php.inc, and (3) renewal.php.inc in mailinglist/. | |||||
| CVE-2015-3934 | 1 Fiyo | 1 Fiyo Cms | 2017-12-12 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/app_article/controller/rating.php or (2) user parameter to user/login. | |||||
| CVE-2017-8198 | 1 Huawei | 1 Fusionsphere | 2017-12-08 | 6.5 MEDIUM | 7.2 HIGH |
| FusionSphere V100R006C00SPC102(NFV) has an SQL injection vulnerability. An authenticated, remote attacker could craft interface messages carrying malicious SQL statements and send them to a target device. Successful exploit could allow the attacker to launch an SQL injection attack and execute SQL commands. | |||||
| CVE-2017-16955 | 1 Inlinks Project | 1 Inlinks | 2017-12-07 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the InLinks plugin through 1.1 for WordPress allows authenticated users to execute arbitrary SQL commands via the "keyword" parameter to /wp-admin/options-general.php?page=inlinks/inlinks.php. | |||||
| CVE-2017-16961 | 1 Bigtreecms | 1 Bigtree Cms | 2017-12-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The attack uses an admin/trees/add/process request with a crafted _tags[] parameter that is mishandled in a later admin/ajax/dashboard/approve-change request. | |||||
| CVE-2012-0401 | 1 Rsa | 1 Envision | 2017-12-05 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-16896 | 1 Tt-rss | 1 Tiny Tiny Rss | 2017-12-05 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter. | |||||
| CVE-2010-4876 | 1 Mblogger Project | 1 Mblogger | 2017-11-30 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows remote attackers to execute arbitrary SQL commands via the postID parameter. | |||||
| CVE-2017-1000129 | 1 S9y | 1 Serendipity | 2017-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure | |||||
| CVE-2017-16561 | 1 Ingenious School Management System Project | 1 Ingenious School Management System | 2017-11-29 | 7.5 HIGH | 9.8 CRITICAL |
| /view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the 'friend_index' parameter of a GET request. | |||||
| CVE-2015-3933 | 1 Metalgenix | 1 Genixcms | 2017-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php. | |||||
| CVE-2017-16848 | 1 Zohocorp | 1 Manageengine Applications Manager | 2017-11-27 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter. | |||||