Search
Total
2383 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17601 | 1 Cab Booking Script Project | 1 Cab Booking Script | 2017-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| Cab Booking Script 1.0 has SQL Injection via the /service-list city parameter. | |||||
| CVE-2017-17599 | 1 Advance Online Learning Management Script Project | 1 Advance Online Learning Management Script | 2017-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter. | |||||
| CVE-2017-17597 | 1 Nearbuy Clone Script Project | 1 Nearbuy Clone Script | 2017-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| Nearbuy Clone Script 3.2 has SQL Injection via the category_list.php search parameter. | |||||
| CVE-2017-17598 | 1 Affiliate Mlm Script Project | 1 Affiliate Mlm Script | 2017-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| Affiliate MLM Script 1.0 has SQL Injection via the product-category.php key parameter. | |||||
| CVE-2017-17596 | 1 Entrepreneur Job Portal Script Project | 1 Entrepreneur Job Portal Script | 2017-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter. | |||||
| CVE-2017-17594 | 1 Domainsale Php Script Project | 1 Domainsale Php Script | 2017-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter. | |||||
| CVE-2017-17595 | 1 Beauty Parlour Booking Script Project | 1 Beauty Parlour Booking Script | 2017-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| Beauty Parlour Booking Script 1.0 has SQL Injection via the /list gender or city parameter. | |||||
| CVE-2017-17591 | 1 Realestate Crowdfunding Script Project | 1 Realestate Crowdfunding Script | 2017-12-21 | 7.5 HIGH | 9.8 CRITICAL |
| Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter. | |||||
| CVE-2017-17592 | 1 Website Auction Marketplace Project | 1 Website Auction Marketplace | 2017-12-21 | 7.5 HIGH | 9.8 CRITICAL |
| Website Auction Marketplace 2.0.5 has SQL Injection via the search.php cat_id parameter. | |||||
| CVE-2017-17573 | 1 Fortunescripts | 1 Ebay Clone | 2017-12-20 | 7.5 HIGH | 9.8 CRITICAL |
| FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, or the search.php category_id or sub_category_id parameter. | |||||
| CVE-2017-17590 | 1 Fortunescripts | 1 Stackoverflow Clone | 2017-12-20 | 7.5 HIGH | 9.8 CRITICAL |
| FS Stackoverflow Clone 1.0 has SQL Injection via the /question keywords parameter. | |||||
| CVE-2017-10682 | 1 Piwigo | 1 Piwigo | 2017-12-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or status page to cat_options.php. | |||||
| CVE-2017-10899 | 1 Ark-web | 1 A-reserve | 2017-12-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the A-Reserve and A-Reserve for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-10898 | 1 Ark-web | 1 A-member | 2017-12-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the A-Member and A-Member for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-3934 | 1 Fiyo | 1 Fiyo Cms | 2017-12-12 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/app_article/controller/rating.php or (2) user parameter to user/login. | |||||
| CVE-2017-16896 | 1 Tt-rss | 1 Tiny Tiny Rss | 2017-12-05 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter. | |||||
| CVE-2017-16561 | 1 Ingenious School Management System Project | 1 Ingenious School Management System | 2017-11-29 | 7.5 HIGH | 9.8 CRITICAL |
| /view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the 'friend_index' parameter of a GET request. | |||||
| CVE-2015-3933 | 1 Metalgenix | 1 Genixcms | 2017-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php. | |||||
| CVE-2017-16848 | 1 Zohocorp | 1 Manageengine Applications Manager | 2017-11-27 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter. | |||||
| CVE-2017-15946 | 1 Selfget | 1 Tag Meta | 2017-11-25 | 7.5 HIGH | 9.8 CRITICAL |
| In the com_tag component 1.7.6 for Joomla!, a SQL injection vulnerability is located in the `tag` parameter to index.php. The request method to execute is GET. | |||||
| CVE-2017-15988 | 1 Nicephpscripts | 1 Nice Php Faq Script | 2017-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme parameter, a different vulnerability than CVE-2008-6525. | |||||
| CVE-2017-15983 | 1 Geniusocean | 1 Mymagazine Magazine \& Blog Cms | 2017-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. | |||||
| CVE-2017-15986 | 1 Cpa Lead Reward Script Project | 1 Cpa Lead Reward Script | 2017-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| CPA Lead Reward Script allows SQL Injection via the username parameter. | |||||
| CVE-2017-15985 | 1 Readymadeb2bscript | 1 Basic B2b Script | 2017-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter. | |||||
| CVE-2017-15979 | 1 Odallated | 1 Shareet | 2017-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via the photo parameter. | |||||
| CVE-2017-15984 | 1 Bekirk | 1 Creative Management System Lite | 2017-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php. | |||||
| CVE-2017-15987 | 1 Fake Magazine Cover Script Project | 1 Fake Magazine Cover Script | 2017-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter. | |||||
| CVE-2017-15991 | 1 Vastal | 1 Agent Zone | 2017-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type, city, or bedroom parameter, a different vulnerability than CVE-2008-3951, CVE-2009-3497, and CVE-2012-0982. | |||||
| CVE-2017-14356 | 1 Hp | 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express | 2017-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection. | |||||
| CVE-2017-15980 | 1 Rowindex | 1 Us Zip Codes Database Script | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter. | |||||
| CVE-2017-15976 | 1 Zeescripts | 1 Zeebuddy | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid parameter, a different vulnerability than CVE-2008-3604. | |||||
| CVE-2017-15975 | 1 Vastal | 1 Dating Zone | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461. | |||||
| CVE-2017-15960 | 1 Yourarticlesdirectory | 1 Article Directory Script | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php. | |||||
| CVE-2017-15964 | 1 Nicephpscripts | 1 Job Board Script | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| Job Board Script Software allows SQL Injection via the PATH_INFO to a /job-details URI. | |||||
| CVE-2017-15961 | 1 Iproject Management System Project | 1 Iproject Management System | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php. | |||||
| CVE-2017-15958 | 1 Domainzaar | 1 D-park Pro | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the username to admin/loginform.php. | |||||
| CVE-2017-15989 | 1 Online Exam Test Application Project | 1 Online Exam Test Application | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| Online Exam Test Application allows SQL Injection via the resources.php sort parameter in a category action. | |||||
| CVE-2017-15978 | 1 Arox | 1 School Erp Php Script | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter. | |||||
| CVE-2017-15977 | 1 Protectedlinks | 1 Expiring Download Links | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| Protected Links - Expiring Download Links 1.0 allows SQL Injection via the username parameter. | |||||
| CVE-2017-15992 | 1 Website Broker Script Project | 1 Website Broker Script | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php. | |||||
| CVE-2017-15993 | 1 Zomato Clone Script Project | 1 Zomato Clone Script | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| Zomato Clone Script allows SQL Injection via the restaurant-menu.php resid parameter. | |||||
| CVE-2017-15966 | 1 Zh Yandexmap Project | 1 Zh Yandexmap | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php. | |||||
| CVE-2017-15967 | 1 Mailing-manager | 1 Mailing List Manager Pro | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template. | |||||
| CVE-2017-15965 | 1 Nswd | 1 Ns Download Shop | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action. | |||||
| CVE-2017-15968 | 1 Contractorscripts | 1 Mybuildersite | 2017-11-16 | 7.5 HIGH | 9.8 CRITICAL |
| MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.php subcategory parameter. | |||||
| CVE-2017-15969 | 1 Pilotgroup | 1 Allsharevideo | 2017-11-16 | 7.5 HIGH | 9.8 CRITICAL |
| PG All Share Video 1.0 allows SQL Injection via the PATH_INFO to search/tag, friends/index, users/profile, or video_catalog/category. | |||||
| CVE-2017-15970 | 1 Phpcityportal | 1 Phpcityportal | 2017-11-16 | 7.5 HIGH | 9.8 CRITICAL |
| PHP CityPortal 2.0 allows SQL Injection via the nid parameter to index.php in a page=news action, or the cat parameter. | |||||
| CVE-2008-3604 | 1 Zeescripts | 1 Zeebuddy | 2017-11-16 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows remote attackers to execute arbitrary SQL commands via the adid parameter. | |||||
| CVE-2017-15963 | 1 Itechscripts | 1 Gigs Script | 2017-11-16 | 7.5 HIGH | 9.8 CRITICAL |
| iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.php sc parameter or the service-provider.php ser parameter. | |||||
| CVE-2017-15959 | 1 Adultscriptpro | 1 Adultscriptpro | 2017-11-16 | 7.5 HIGH | 9.8 CRITICAL |
| Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576. | |||||