Search
Total
1733 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5347 | 1 Metalgenix | 1 Genixcms | 2017-01-27 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in inc/mod/newsletter/options.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the recipient parameter to gxadmin/index.php. | |||||
| CVE-2017-5345 | 1 Metalgenix | 1 Genixcms | 2017-01-27 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in inc/lib/Control/Ajax/tags-ajax.control.php in GeniXCMS 0.0.8 allows remote authenticated editors to execute arbitrary SQL commands via the term parameter to the default URI. | |||||
| CVE-2016-0769 | 1 Elfden | 1 Eshop Plugin | 2017-01-26 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple SQL injection vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow (1) remote administrators to execute arbitrary SQL commands via the delid parameter or remote authenticated users to execute arbitrary SQL commands via the (2) view, (3) mark, or (4) change parameter. | |||||
| CVE-2017-5570 | 1 Eclinicalworks | 1 Patient Portal | 2017-01-26 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the messageJson.jsp, which can only be exploited by authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile(). | |||||
| CVE-2016-1000117 | 1 Huge-it | 1 Slideshow | 2017-01-06 | 6.5 MEDIUM | 7.2 HIGH |
| XSS & SQLi in HugeIT slideshow v1.0.4 | |||||
| CVE-2016-2873 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2016-12-23 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-1000122 | 1 Huge-it | 1 Slider | 2016-12-22 | 6.5 MEDIUM | 7.2 HIGH |
| XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension | |||||
| CVE-2016-1000120 | 1 Huge-it | 1 Catalog | 2016-12-22 | 6.5 MEDIUM | 7.2 HIGH |
| SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla | |||||
| CVE-2015-8769 | 1 Joomla | 1 Joomla\! | 2016-12-07 | 7.5 HIGH | 7.3 HIGH |
| SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-2299 | 1 Ecava | 1 Integraxor | 2016-12-03 | 7.5 HIGH | 7.3 HIGH |
| SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-8604 | 1 Cacti | 1 Cacti | 2016-12-03 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action. | |||||
| CVE-2015-8153 | 1 Symantec | 1 Endpoint Protection Manager | 2016-12-03 | 8.3 HIGH | 8.8 HIGH |
| SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-7919 | 1 Moodle | 1 Moodle | 2016-12-02 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process component. NOTE: the vendor disputes the relevance of this report, noting that "the person who is installing Moodle must know database access credentials and they can access the database directly; there is no need for them to create a SQL injection in one of the installation dialogue fields." | |||||
| CVE-2016-3659 | 1 Cacti | 1 Cacti | 2016-12-01 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter. | |||||
| CVE-2016-3172 | 1 Cacti | 1 Cacti | 2016-12-01 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action. | |||||
| CVE-2016-8906 | 1 Dotcms | 1 Dotcms | 2016-11-29 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the "Site Browser > Links pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | |||||
| CVE-2016-8905 | 1 Dotcms | 1 Dotcms | 2016-11-29 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the JSONTags servlet in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the sort parameter. | |||||
| CVE-2016-8904 | 1 Dotcms | 1 Dotcms | 2016-11-29 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the "Site Browser > Containers pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | |||||
| CVE-2016-8903 | 1 Dotcms | 1 Dotcms | 2016-11-29 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the "Site Browser > Templates pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | |||||
| CVE-2016-8907 | 1 Dotcms | 1 Dotcms | 2016-11-29 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | |||||
| CVE-2016-8908 | 1 Dotcms | 1 Dotcms | 2016-11-29 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the "Site Browser > HTML pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | |||||
| CVE-2016-9134 | 1 Exponentcms | 1 Exponent Cms | 2016-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter. Impact is Information Disclosure. | |||||
| CVE-2016-9135 | 1 Exponentcms | 1 Exponent Cms | 2016-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. Impact is Information Disclosure. | |||||
| CVE-2016-9184 | 1 Exponentcms | 1 Exponent Cms | 2016-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for SQL Injection. Impact is Information Disclosure. | |||||
| CVE-2016-9242 | 1 Exponentcms | 1 Exponent Cms | 2016-11-29 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype parameter. | |||||
| CVE-2016-6419 | 1 Cisco | 1 Firepower Management Center | 2016-11-28 | 6.0 MEDIUM | 7.5 HIGH |
| SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485. | |||||
| CVE-2016-1393 | 1 Cisco | 1 Cloud Network Automation Provisioner | 2016-11-28 | 6.5 MEDIUM | 7.1 HIGH |
| SQL injection vulnerability in Cisco Cloud Network Automation Provisioner (CNAP) 1.0 and 1.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy72175. | |||||
| CVE-2016-0249 | 1 Ibm | 1 Security Guardium | 2016-11-28 | 7.5 HIGH | 8.6 HIGH |
| SQL injection vulnerability in IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-0233 | 1 Ibm | 1 Marketing Platform | 2016-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-2174 | 1 Apache | 1 Ranger | 2016-06-14 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime. | |||||
| CVE-2016-4040 | 1 Dotcms | 1 Dotcms | 2016-04-22 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter. | |||||
| CVE-2016-0710 | 1 Apache | 1 Jetspeed | 2016-04-20 | 7.5 HIGH | 8.8 HIGH |
| Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/. | |||||
| CVE-2015-3947 | 1 Advantech | 1 Webaccess | 2016-01-18 | 6.5 MEDIUM | 8.1 HIGH |
| SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||