Search
Total
2383 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15974 | 1 Datacomponents | 1 Tpanel | 2017-11-16 | 7.5 HIGH | 9.8 CRITICAL |
| tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php. | |||||
| CVE-2017-15973 | 1 Sokial | 1 Sokial | 2017-11-16 | 7.5 HIGH | 9.8 CRITICAL |
| Sokial Social Network Script 1.0 allows SQL Injection via the id parameter to admin/members_view.php. | |||||
| CVE-2017-15972 | 1 Softdatepro | 1 Dating Software | 2017-11-16 | 7.5 HIGH | 9.8 CRITICAL |
| SoftDatepro Dating Social Network 1.3 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15971. | |||||
| CVE-2012-4570 | 1 Letodms Project | 1 Letodms | 2017-11-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in LetoDMS (formerly MyDMS) before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-2023 | 1 Tapatalk | 1 Tapatalk | 2017-11-15 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API request to (1) unsubscribe_forum.php or (2) unsubscribe_topic.php in mobiquo/functions/. | |||||
| CVE-2017-15907 | 1 Phpcollab | 1 Phpcollab | 2017-11-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in phpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to newsdesk/newsdesk.php. | |||||
| CVE-2017-15919 | 1 Accesspressthemes | 1 Ultimate-form-builder-lite | 2017-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php. | |||||
| CVE-2017-15081 | 1 Phpsugar | 1 Php Melody | 2017-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php. | |||||
| CVE-2017-14723 | 1 Wordpress | 1 Wordpress | 2017-11-10 | 7.5 HIGH | 9.8 CRITICAL |
| Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks. | |||||
| CVE-2017-15579 | 1 Phpsugar | 1 Php Melody | 2017-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php. | |||||
| CVE-2017-15539 | 1 Zorovavi\/blog Project | 1 Zorovavi\/blog | 2017-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php. | |||||
| CVE-2017-6050 | 1 Ecava | 1 Integraxor | 2017-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. The application fails to properly validate user input, which may allow for an unauthenticated attacker to remotely execute arbitrary code in the form of SQL queries. | |||||
| CVE-2015-5376 | 1 Gsi-office | 1 Winpat Portal | 2017-11-06 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the login form in GSI WiNPAT Portal 3.2.0.1001 through 3.6.1.0 allows remote attackers to execute arbitrary SQL commands via the username field. | |||||
| CVE-2016-10134 | 1 Zabbix | 1 Zabbix | 2017-11-04 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php. | |||||
| CVE-2017-5154 | 1 Advantech | 1 Webaccess | 2017-11-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files. | |||||
| CVE-2017-15381 | 1 Softwarepublico | 1 E-sic | 2017-10-31 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script). | |||||
| CVE-2017-3221 | 1 Inmarsat | 1 Amosconnect 8 | 2017-10-29 | 5.0 MEDIUM | 9.8 CRITICAL |
| Blind SQL injection in Inmarsat AmosConnect 8 login form allows remote attackers to access user credentials, including user names and passwords. | |||||
| CVE-2017-15373 | 1 Softwarepublico | 1 E-sic | 2017-10-27 | 7.5 HIGH | 9.8 CRITICAL |
| E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area). | |||||
| CVE-2014-8621 | 1 Store Locator Project | 1 Store Locator | 2017-10-25 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the Store Locator plugin 2.3 through 3.11 for WordPress allows remote attackers to execute arbitrary SQL commands via the sl_custom_field parameter to sl-xml.php. | |||||
| CVE-2015-2146 | 1 Phpbugtracker Project | 1 Phpbugtracker | 2017-10-11 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to project.php, the (2) group_id parameter to group.php, the (3) status_id parameter to status.php, the (4) resolution_id parameter to resolution.php, the (5) severity_id parameter to severity.php, the (6) priority_id parameter to priority.php, the (7) os_id parameter to os.php, or the (8) site_id parameter to site.php. | |||||
| CVE-2015-2147 | 1 Phpbugtracker Project | 1 Phpbugtracker | 2017-10-11 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. | |||||
| CVE-2017-6089 | 1 Phpcollab | 1 Phpcollab | 2017-10-11 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) project or id parameters to topics/deletetopics.php; the (2) id parameter to bookmarks/deletebookmarks.php; or the (3) id parameter to calendar/deletecalendar.php. | |||||
| CVE-2017-14738 | 1 Filerun | 1 Filerun | 2017-10-10 | 7.5 HIGH | 9.8 CRITICAL |
| FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function). | |||||
| CVE-2017-14507 | 1 Shindiristudio | 1 Content Timeline | 2017-10-10 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) timeline parameter in content_timeline_class.php; or the id parameter to (2) pages/content_timeline_edit.php or (3) pages/content_timeline_index.php. | |||||
| CVE-2017-14703 | 1 Cashbackcomparisonscript | 1 Cash Back Comparison | 2017-10-06 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to search/. | |||||
| CVE-2017-14760 | 1 Eventespresso | 1 Event Espresso Lite | 2017-10-06 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in /includes/event-management/index.php in the event-espresso-free (aka Event Espresso Lite) plugin v3.1.37.12.L for WordPress via the recurrence_id parameter to /wp-admin/admin.php. | |||||
| CVE-2017-14125 | 1 Wpdevart | 1 Responsive Image Gallery Gallery Album | 2017-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php. | |||||
| CVE-2017-14652 | 1 Tapatalk | 1 Tapatalk | 2017-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tapatalk plugin before 4.5.8 for MyBB allows an unauthenticated remote attacker to inject arbitrary SQL commands via an XML-RPC encoded document sent as part of the user registration process. | |||||
| CVE-2017-14078 | 1 Trendmicro | 1 Mobile Security | 2017-09-29 | 10.0 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | |||||
| CVE-2017-12930 | 1 Tecnovision | 1 Dlx Spot Player4 | 2017-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version >1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password. | |||||
| CVE-2017-7973 | 1 Schneider-electric | 1 U.motion Builder | 2017-09-27 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database. | |||||
| CVE-2015-4073 | 1 Helpdesk Pro Project | 1 Helpdesk Pro | 2017-09-22 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter. | |||||
| CVE-2017-14345 | 1 Blog Project | 1 Blog | 2017-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php. | |||||
| CVE-2017-14396 | 1 Osticket | 1 Osticket | 2017-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php. | |||||
| CVE-2017-1002010 | 1 Ontraport | 1 Membership Simplified | 2017-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete_media function. | |||||
| CVE-2017-1002009 | 1 Ontraport | 1 Membership Simplified | 2017-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function. | |||||
| CVE-2017-1002023 | 1 Daisythemes | 1 Easy Team Manager | 2017-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php | |||||
| CVE-2015-7877 | 1 User Dashboard Project | 1 User Dashboard | 2017-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in the User Dashboard module 7.x before 7.x-1.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-14512 | 1 Nexusphp Project | 1 Nexusphp | 2017-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981. | |||||
| CVE-2017-1002015 | 1 Anblik | 1 Image-gallery-with-slideshow | 2017-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter. | |||||
| CVE-2017-1002013 | 1 Anblik | 1 Image-gallery-with-slideshow | 2017-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php. | |||||
| CVE-2017-1002014 | 1 Anblik | 1 Image-gallery-with-slideshow | 2017-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter. | |||||
| CVE-2017-1002028 | 1 Angrybyte | 1 Gallery-transformation | 2017-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query. | |||||
| CVE-2017-1002027 | 1 Rayanehdownload | 1 Rk-responsive-contact-form | 2017-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rk_user_list.php. | |||||
| CVE-2017-1002020 | 1 Surveys Project | 1 Surveys | 2017-09-19 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query. | |||||
| CVE-2017-8015 | 1 Emc | 1 Appsync | 2017-09-19 | 7.5 HIGH | 9.8 CRITICAL |
| EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2017-12776 | 1 Nexusphp Project | 1 Nexusphp | 2017-09-19 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter. | |||||
| CVE-2017-1002022 | 1 Surveys Project | 1 Surveys | 2017-09-18 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query. | |||||
| CVE-2017-1002021 | 1 Surveys Project | 1 Surveys | 2017-09-18 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query. | |||||
| CVE-2017-1002019 | 1 Eventr Project | 1 Eventr | 2017-09-18 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this allows for blind SQL injection via the event parameter. | |||||