Search
Total
2383 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6550 | 1 Kinsey | 1 Infor-lawson | 2017-03-23 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute arbitrary SQL commands via the (1) TABLE parameter to esbus/servlet/GetSQLData or (2) QUERY parameter to KK_LS9ReportingPortal/GetData. | |||||
| CVE-2016-10204 | 1 Zoneminder | 1 Zoneminder | 2017-03-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php. | |||||
| CVE-2016-8341 | 1 Ecava | 1 Integraxor | 2017-03-01 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host's database could be subject to read, write, and delete commands. | |||||
| CVE-2016-3694 | 1 Modified | 1 Ecommerce Shopsoftware | 2017-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module is not installed, allow remote attackers to execute arbitrary SQL commands via the (1) orders_status or (2) customers_status parameter to api/easybill/easybillcsv.php. | |||||
| CVE-2017-5879 | 1 Exponentcms | 1 Exponent Cms | 2017-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects source_selector.php and the following parameter: src. | |||||
| CVE-2016-9416 | 1 Mybb | 2 Merge System, Mybb | 2017-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the users data handler in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-9402 | 1 Mybb | 2 Merge System, Mybb | 2017-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-8974 | 1 Mybb | 2 Merge System, Mybb | 2017-02-05 | 7.5 HIGH | 10.0 CRITICAL |
| SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-5517 | 1 Metalgenix | 1 Genixcms | 2017-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter. | |||||
| CVE-2017-5519 | 1 Metalgenix | 1 Genixcms | 2017-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2017-5575 | 1 Metalgenix | 1 Genixcms | 2017-01-26 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the modules parameter. | |||||
| CVE-2017-5574 | 1 Metalgenix | 1 Genixcms | 2017-01-26 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows unauthenticated users to execute arbitrary SQL commands via the activation parameter. | |||||
| CVE-2017-5569 | 1 Eclinicalworks | 1 Patient Portal | 2017-01-26 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP POST request, and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile(). | |||||
| CVE-2016-10114 | 1 Awebsupport | 1 Aweb Cart Watching System For Virtuemart | 2017-01-11 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the "aWeb Cart Watching System for Virtuemart" extension before 2.6.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via vectors involving categorysearch and smartSearch. | |||||
| CVE-2016-2355 | 1 Dotcms | 1 Dotcms | 2016-12-23 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1. | |||||
| CVE-2016-1000217 | 1 Zotpress Project | 1 Zotpress | 2016-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| Zotpress plugin for WordPress SQLi in zp_get_account() | |||||
| CVE-2015-6319 | 1 Cisco | 22 Rv016 Multi-wan Vpn Router, Rv042 Dual Wan Vpn Router, Rv042g Dual Gigabit Wan Vpn Router and 19 more | 2016-12-07 | 10.0 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574. | |||||
| CVE-2016-5048 | 1 Readydesk | 1 Readydesk | 2016-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in chat/staff/default.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary SQL commands via the user name field. | |||||
| CVE-2016-7453 | 1 Exponentcms | 1 Exponent Cms | 2016-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection. | |||||
| CVE-2015-1000011 | 1 Dukapress Project | 1 Dukapress | 2016-11-30 | 7.5 HIGH | 9.8 CRITICAL |
| Blind SQL Injection in wordpress plugin dukapress v2.5.9 | |||||
| CVE-2016-8902 | 1 Dotcms | 1 Dotcms | 2016-11-29 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the categoriesServlet servlet in dotCMS before 3.3.1 allows remote not authenticated attackers to execute arbitrary SQL commands via the sort parameter. | |||||
| CVE-2016-9272 | 1 Exponentcms | 1 Exponent Cms | 2016-11-29 | 6.4 MEDIUM | 9.1 CRITICAL |
| A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service. | |||||
| CVE-2016-9287 | 1 Exponentcms | 1 Exponent Cms | 2016-11-29 | 7.5 HIGH | 9.8 CRITICAL |
| In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. The method getSearchResults is defined in the search model with the parameter '$term' used directly in SQL. Impact is a SQL injection. | |||||
| CVE-2016-5843 | 1 Otrs | 1 Faq | 2016-11-28 | 9.0 HIGH | 9.4 CRITICAL |
| Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL commands via crafted search parameters. | |||||
| CVE-2016-5792 | 1 Moxa | 1 Softcms | 2016-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified fields. | |||||
| CVE-2016-4522 | 1 Rockwellautomation | 1 Factorytalk Energrymetrix | 2016-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-7695 | 2 Debian, Zend | 2 Debian Linux, Zend Framework | 2016-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query. | |||||
| CVE-2016-5817 | 1 Navis | 1 Webaccess | 2016-08-22 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in news pages in Cargotec Navis WebAccess before 2016-08-10 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-0224 | 1 Ibm | 1 Marketing Platform | 2016-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-4350 | 1 Solarwinds | 1 Storage Resource Monitor | 2016-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in the Web Services web server in SolarWinds Storage Resource Monitor (SRM) Profiler (formerly Storage Manager (STM)) before 6.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) ScriptSchedule parameter in the ScriptServlet servlet; the (2) winEventId or (3) winEventLog parameter in the WindowsEventLogsServlet servlet; the (4) processOS parameter in the ProcessesServlet servlet; the (5) group, (6) groupName, or (7) clientName parameter in the BackupExceptionsServlet servlet; the (8) valDB or (9) valFS parameter in the BackupAssociationServlet servlet; the (10) orderBy or (11) orderDir parameter in the HostStorageServlet servlet; the (12) fileName, (13) sortField, or (14) sortDirection parameter in the DuplicateFilesServlet servlet; the (15) orderFld or (16) orderDir parameter in the QuantumMonitorServlet servlet; the (17) exitCode parameter in the NbuErrorMessageServlet servlet; the (18) udfName, (19) displayName, (20) udfDescription, (21) udfDataValue, (22) udfSectionName, or (23) udfId parameter in the UserDefinedFieldConfigServlet servlet; the (24) sortField or (25) sortDirection parameter in the XiotechMonitorServlet servlet; the (26) sortField or (27) sortDirection parameter in the BexDriveUsageSummaryServlet servlet; the (28) state parameter in the ScriptServlet servlet; the (29) assignedNames parameter in the FileActionAssignmentServlet servlet; the (30) winEventSource parameter in the WindowsEventLogsServlet servlet; or the (31) name, (32) ipOne, (33) ipTwo, or (34) ipThree parameter in the XiotechMonitorServlet servlet. | |||||
| CVE-2016-2351 | 1 Accellion | 1 File Transfer Appliance | 2016-05-10 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in home/seos/courier/security_key2.api on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote attackers to execute arbitrary SQL commands via the client_id parameter. | |||||
| CVE-2016-1154 | 1 Cuore | 1 Ec-cube Help Plugin | 2016-03-02 | 7.5 HIGH | 9.1 CRITICAL |
| SQL injection vulnerability in the Help plug-in 1.3.5 and earlier in Cuore EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-6537 | 1 Epiphanyhealthdata | 1 Cardio Server | 2015-12-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the login page in Epiphany Cardio Server 3.3 allows remote attackers to execute arbitrary SQL commands via a crafted URL. | |||||