Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0985 | 1 Phpcc | 1 Phpcc | 2017-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in nickpage.php in phpCC 4.2 beta and earlier allows remote attackers to execute arbitrary SQL commands via the npid parameter in a sign_gb action. | |||||
| CVE-2007-1163 | 1 Webspell | 1 Webspell | 2017-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783. | |||||
| CVE-2007-1776 | 1 Design For Joomla | 1 D4j Ezine | 2017-10-10 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in the DesignForJoomla.com D4J eZine (com_ezine) 2.8 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in a read action. | |||||
| CVE-2005-0413 | 1 Myphp Forum | 1 Myphp Forum | 2017-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the fid in forum.php, (2) the member parameter in member.php, (3) the email parameter in forgot.php, or (4) the nbuser or nbpass parameters in include.php. NOTE: it was later reported that vector 2 exists in 3.0 and earlier. | |||||
| CVE-2004-1553 | 1 Fullrevolution | 1 Aspwebalbum | 2017-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action. | |||||
| CVE-2017-14738 | 1 Filerun | 1 Filerun | 2017-10-10 | 7.5 HIGH | 9.8 CRITICAL |
| FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function). | |||||
| CVE-2017-14743 | 1 Faleemi | 2 Fsc-880, Fsc-880 Firmware | 2017-10-10 | 9.3 HIGH | 8.1 HIGH |
| Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/device_service, as demonstrated by reading the admin password. | |||||
| CVE-2017-14507 | 1 Shindiristudio | 1 Content Timeline | 2017-10-10 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) timeline parameter in content_timeline_class.php; or the id parameter to (2) pages/content_timeline_edit.php or (3) pages/content_timeline_index.php. | |||||
| CVE-2017-14703 | 1 Cashbackcomparisonscript | 1 Cash Back Comparison | 2017-10-06 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to search/. | |||||
| CVE-2015-9234 | 1 Cfpaypal | 1 Cp Contact Form With Paypal | 2017-10-06 | 6.5 MEDIUM | 7.2 HIGH |
| The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php. | |||||
| CVE-2017-14760 | 1 Eventespresso | 1 Event Espresso Lite | 2017-10-06 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in /includes/event-management/index.php in the event-espresso-free (aka Event Espresso Lite) plugin v3.1.37.12.L for WordPress via the recurrence_id parameter to /wp-admin/admin.php. | |||||
| CVE-2017-14844 | 1 Dasinfomedia | 1 Wpgym Gym Management System | 2017-10-05 | 6.5 MEDIUM | 8.8 HIGH |
| Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter. | |||||
| CVE-2017-14843 | 1 Dasinfomedia | 1 School Management System | 2017-10-05 | 6.5 MEDIUM | 8.8 HIGH |
| Mojoomla School Management System for WordPress allows SQL Injection via the id parameter. | |||||
| CVE-2017-14842 | 1 Dasinfomedia | 1 Smsmaster Multipurpose Sms Gateway | 2017-10-05 | 6.5 MEDIUM | 8.8 HIGH |
| Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter. | |||||
| CVE-2017-14846 | 1 Dasinfomedia | 1 Hospital Management System | 2017-10-05 | 6.5 MEDIUM | 8.8 HIGH |
| Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter. | |||||
| CVE-2017-14845 | 1 Dasinfomedia | 1 Wpchurch Church Management System | 2017-10-05 | 6.5 MEDIUM | 8.8 HIGH |
| Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter. | |||||
| CVE-2017-14847 | 1 Dasinfomedia | 1 Wpams Apartment Management System | 2017-10-05 | 6.5 MEDIUM | 8.8 HIGH |
| Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter. | |||||
| CVE-2017-14125 | 1 Wpdevart | 1 Responsive Image Gallery Gallery Album | 2017-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php. | |||||
| CVE-2017-14652 | 1 Tapatalk | 1 Tapatalk | 2017-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tapatalk plugin before 4.5.8 for MyBB allows an unauthenticated remote attacker to inject arbitrary SQL commands via an XML-RPC encoded document sent as part of the user registration process. | |||||
| CVE-2014-8596 | 1 Php-fusion | 1 Php-fusion | 2017-10-02 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/administration/members.php. | |||||