Total
9311 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-14600 | 1 Pragyan Cms Project | 1 Pragyan Cms | 2017-09-22 | 4.0 MEDIUM | 4.9 MEDIUM |
Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure. | |||||
CVE-2015-4634 | 1 Cacti | 1 Cacti | 2017-09-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter. | |||||
CVE-2017-14345 | 1 Blog Project | 1 Blog | 2017-09-21 | 7.5 HIGH | 9.8 CRITICAL |
SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php. | |||||
CVE-2017-14396 | 1 Osticket | 1 Osticket | 2017-09-21 | 7.5 HIGH | 9.8 CRITICAL |
In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php. | |||||
CVE-2017-1002010 | 1 Ontraport | 1 Membership Simplified | 2017-09-21 | 7.5 HIGH | 9.8 CRITICAL |
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete_media function. | |||||
CVE-2017-1002009 | 1 Ontraport | 1 Membership Simplified | 2017-09-21 | 7.5 HIGH | 9.8 CRITICAL |
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function. | |||||
CVE-2017-1002023 | 1 Daisythemes | 1 Easy Team Manager | 2017-09-21 | 7.5 HIGH | 9.8 CRITICAL |
Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php | |||||
CVE-2017-1002025 | 1 Add-edit-delete-listing-for-member-module Project | 1 Add-edit-delete-listing-for-member-module | 2017-09-21 | 6.5 MEDIUM | 7.2 HIGH |
Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement. | |||||
CVE-2015-7877 | 1 User Dashboard Project | 1 User Dashboard | 2017-09-21 | 7.5 HIGH | 9.8 CRITICAL |
Multiple SQL injection vulnerabilities in the User Dashboard module 7.x before 7.x-1.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2017-14512 | 1 Nexusphp Project | 1 Nexusphp | 2017-09-21 | 7.5 HIGH | 9.8 CRITICAL |
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981. | |||||
CVE-2015-1491 | 1 Symantec | 1 Endpoint Protection Manager | 2017-09-20 | 6.0 MEDIUM | N/A |
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2017-1002015 | 1 Anblik | 1 Image-gallery-with-slideshow | 2017-09-20 | 7.5 HIGH | 9.8 CRITICAL |
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter. | |||||
CVE-2017-1002013 | 1 Anblik | 1 Image-gallery-with-slideshow | 2017-09-20 | 7.5 HIGH | 9.8 CRITICAL |
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php. | |||||
CVE-2017-1002014 | 1 Anblik | 1 Image-gallery-with-slideshow | 2017-09-20 | 7.5 HIGH | 9.8 CRITICAL |
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter. | |||||
CVE-2017-1002028 | 1 Angrybyte | 1 Gallery-transformation | 2017-09-20 | 7.5 HIGH | 9.8 CRITICAL |
Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query. | |||||
CVE-2017-1002027 | 1 Rayanehdownload | 1 Rk-responsive-contact-form | 2017-09-20 | 7.5 HIGH | 9.8 CRITICAL |
Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rk_user_list.php. | |||||
CVE-2017-1002020 | 1 Surveys Project | 1 Surveys | 2017-09-19 | 7.5 HIGH | 9.8 CRITICAL |
Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query. | |||||
CVE-2017-8015 | 1 Emc | 1 Appsync | 2017-09-19 | 7.5 HIGH | 9.8 CRITICAL |
EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
CVE-2017-12776 | 1 Nexusphp Project | 1 Nexusphp | 2017-09-18 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter. | |||||
CVE-2010-4700 | 1 Php | 1 Php | 2017-09-18 | 6.8 MEDIUM | N/A |
The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions. |