Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6617 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-06-30 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4) are affected. | |||||
| CVE-2016-6652 | 1 Pivotal Software | 1 Spring Data Jpa | 2017-06-30 | 6.8 MEDIUM | 5.6 MEDIUM |
| SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call. | |||||
| CVE-2016-7405 | 3 Adodb Project, Fedoraproject, Php | 3 Adodb, Fedora, Php | 2017-06-30 | 7.5 HIGH | 9.8 CRITICAL |
| The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting. | |||||
| CVE-2016-9333 | 1 Moxa | 1 Softcms | 2017-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. The SoftCMS Application does not properly sanitize input that may allow a remote attacker access to SoftCMS with administrator's privilege through specially crafted input (SQL INJECTION). | |||||
| CVE-2017-1347 | 1 Ibm | 1 Sterling B2b Integrator | 2017-06-26 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126462. | |||||
| CVE-2017-9759 | 1 Zenbership | 1 Zenbership | 2017-06-22 | 6.5 MEDIUM | 8.8 HIGH |
| SQL Injection exists in admin/index.php in Zenbership 1.0.8 via the filters array parameter, exploitable by a privileged account. | |||||
| CVE-2017-9463 | 1 Piwigo | 1 Piwigo | 2017-06-19 | 4.0 MEDIUM | 6.5 MEDIUM |
| The application Piwigo is affected by a SQL injection vulnerability in version 2.9.0 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The user_list_backend.php component is affected: values of the iDisplayStart & iDisplayLength parameters are not sanitized; these are used to construct a SQL query and retrieve a list of registered users into the application. | |||||
| CVE-2016-2034 | 1 Arubanetworks | 1 Clearpass | 2017-06-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in ClearPass Policy Manager 6.5.x through 6.5.6 and 6.6.0. | |||||
| CVE-2017-9436 | 1 Teampass | 1 Teampass | 2017-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php. | |||||
| CVE-2017-9437 | 1 Openbravo | 1 Openbravo Erp | 2017-06-13 | 6.5 MEDIUM | 8.8 HIGH |
| Openbravo Business Suite 3.0 is affected by SQL injection. This vulnerability could allow remote authenticated attackers to inject arbitrary SQL code. | |||||
| CVE-2016-7803 | 1 Cybozu | 1 Garoon | 2017-06-13 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function. | |||||
| CVE-2015-7346 | 1 Zcms Project | 1 Zcms | 2017-06-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in ZCMS 1.1. | |||||
| CVE-2017-9449 | 1 Bigtreecms | 1 Bigtree Cms | 2017-06-12 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. The attacker creates a crafted table name at admin/developer/modules/views/create/ and the injection is visible at admin/ajax/auto-modules/views/searchable-page/ or admin/modules_name. | |||||
| CVE-2017-9443 | 1 Bigtreecms | 1 Bigtree Cms | 2017-06-09 | 6.5 MEDIUM | 8.8 HIGH |
| ** DISPUTED ** BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and core\admin\modules\developer\packages\install\process.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files." | |||||
| CVE-2016-5939 | 1 Ibm | 1 Kenexa Lms On Cloud | 2017-06-08 | 6.5 MEDIUM | 6.3 MEDIUM |
| IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. | |||||
| CVE-2017-9435 | 1 Dolibarr | 1 Dolibarr | 2017-06-08 | 7.5 HIGH | 9.8 CRITICAL |
| Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters). | |||||
| CVE-2016-10379 | 1 Virtuemart | 1 Virtuemart | 2017-06-08 | 6.5 MEDIUM | 7.2 HIGH |
| The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL injection by remote authenticated administrators via the virtuemart_paymentmethod_id or virtuemart_shipmentmethod_id parameter to administrator/index.php. | |||||
| CVE-2016-10378 | 1 E107 | 1 E107 | 2017-06-07 | 6.5 MEDIUM | 7.2 HIGH |
| e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function. | |||||
| CVE-2017-9360 | 1 Websitebaker | 1 Websitebaker | 2017-06-06 | 7.5 HIGH | 9.8 CRITICAL |
| WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php. | |||||
| CVE-2017-9427 | 1 Bigtreecms | 1 Bigtree Cms | 2017-06-06 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core\admin\modules\developer\modules\designer\form-create.php. The attacker creates a crafted table name at admin/developer/modules/designer/ and the injection is visible at admin/dashboard/vitals-statistics/integrity/check/?external=true. | |||||