Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9283 | 1 Exponentcms | 1 Exponent Cms | 2017-07-27 | 5.0 MEDIUM | 7.5 HIGH |
| SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a "sef URL" issue. | |||||
| CVE-2016-9288 | 1 Exponentcms | 1 Exponent Cms | 2017-07-27 | 7.5 HIGH | 9.8 CRITICAL |
| In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injection. The payload can be used like this: /navigation/DragnDropReRank/target/1. | |||||
| CVE-2017-11583 | 1 Finecms | 1 Finecms | 2017-07-27 | 7.5 HIGH | 9.8 CRITICAL |
| dayrui FineCms 5.0.9 has SQL Injection via the catid parameter in an action=related request to libraries/Template.php. | |||||
| CVE-2017-11584 | 1 Finecms | 1 Finecms | 2017-07-27 | 7.5 HIGH | 9.8 CRITICAL |
| dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an action=module, action=member, action=form, or action=related request to libraries/Template.php. | |||||
| CVE-2017-11582 | 1 Finecms | 1 Finecms | 2017-07-27 | 7.5 HIGH | 9.8 CRITICAL |
| dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an action=related or action=tags request to libraries/Template.php. | |||||
| CVE-2017-11174 | 1 Xoops | 1 Xoops | 2017-07-27 | 7.5 HIGH | 9.8 CRITICAL |
| In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses. | |||||
| CVE-2017-11329 | 1 Glpi-project | 1 Glpi | 2017-07-26 | 7.5 HIGH | 9.8 CRITICAL |
| GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php request with an entity_restrict parameter that is not a list of integers. | |||||
| CVE-2017-3835 | 1 Cisco | 1 Identity Services Engine Software | 2017-07-24 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. More Information: CSCvb15627. Known Affected Releases: 1.4(0.908). | |||||
| CVE-2017-11471 | 1 Idera | 1 Uptime Infrastructure Monitor | 2017-07-24 | 7.5 HIGH | 9.8 CRITICAL |
| IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter. | |||||
| CVE-2017-11470 | 1 Idera | 1 Uptime Infrastructure Monitor | 2017-07-24 | 7.5 HIGH | 9.8 CRITICAL |
| IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php via the element parameter. | |||||
| CVE-2017-1000067 | 1 Modx | 1 Revolution | 2017-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges. | |||||
| CVE-2017-11474 | 1 Glpi-project | 1 Glpi | 2017-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computer_softwareversion.class.php, exploitable via ajax/common.tabs.php. | |||||
| CVE-2017-11354 | 1 Fiyo | 1 Fiyo Cms | 2017-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| Fiyo CMS v2.0.7 has an SQL injection vulnerability in dapur/apps/app_article/sys_article.php via the name parameter in editing or adding a tag name. | |||||
| CVE-2017-11445 | 1 Intelliants | 1 Subrion Cms | 2017-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $_POST array. | |||||
| CVE-2017-11444 | 1 Intelliants | 1 Subrion Cms | 2017-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array. | |||||
| CVE-2017-1183 | 1 Ibm | 1 Tivoli Monitoring | 2017-07-20 | 5.4 MEDIUM | 7.5 HIGH |
| IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force ID: 123494. | |||||
| CVE-2017-11419 | 1 Fiyo | 1 Fiyo Cms | 2017-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| Fiyo CMS 2.0.7 has SQL injection in /apps/app_article/controller/editor.php via $_POST['id'] and $_POST['art_title']. | |||||
| CVE-2017-11418 | 1 Fiyo | 1 Fiyo Cms | 2017-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_list.php via $_GET['cat'], $_GET['user'], $_GET['level'], and $_GET['iSortCol_'.$i]. | |||||
| CVE-2017-11416 | 1 Fiyo | 1 Fiyo Cms | 2017-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| Fiyo CMS 2.0.7 has SQL injection in /apps/app_comment/controller/insert.php via the name parameter. | |||||
| CVE-2017-11417 | 1 Fiyo | 1 Fiyo Cms | 2017-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_status.php via $_GET['id']. | |||||