Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6393 | 1 Ace Image Hosting Script | 1 Ace Image Hosting Script | 2017-09-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in albums.php in Ace Image Hosting Script allows remote authenticated users to execute arbitrary SQL commands via the id parameter in editalbum mode. | |||||
| CVE-2007-6394 | 1 P3mbo | 1 Content Injector | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Content Injector 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter in an expand action. | |||||
| CVE-2007-6472 | 1 Phpmyrealty | 1 Phpmyrealty | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 allow (1) remote attackers to execute arbitrary SQL commands via the type parameter to search.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the listing_updated_days parameter to admin/findlistings.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-6458 | 1 My123tkshop | 1 E-commerce-suite | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php. | |||||
| CVE-2007-6462 | 1 Php Real Estate Classifieds | 1 Php Real Estate Classifieds Premium Plus | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-6466 | 1 Freewebshop | 1 Freewebshop | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the prod parameter in a details action, (2) the cat parameter in a browse list action, or (3) the group parameter in a categories action. NOTE: it was later reported that MOG - Web Shop (MOG-WebShop), a product based on the same code, is also affected. | |||||
| CVE-2007-6543 | 1 Esyndicat | 1 Esyndicat Link Exchange | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in suggest-link.php in eSyndiCat Link Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-6551 | 1 Mailmachinepro | 1 Mailmachine Pro | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showMsg.php in MailMachine Pro 2.2.4, and other versions before 2.2.6, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-6556 | 1 Websihirbazi | 1 Websihirbazi | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in websihirbazi 5.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to default.asp in a news page action or (2) the pageid parameter to default.asp. | |||||
| CVE-2007-6557 | 1 Megacheatz | 1 Megacheatz | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MeGaCheatZ 1.1 allow remote attackers to execute arbitrary SQL commands via the ItemID parameter to (1) comments.php, (2) view.php, (3) siteadmin/ViewItem.php, and unspecified other vectors. | |||||
| CVE-2017-7973 | 1 Schneider-electric | 1 U.motion Builder | 2017-09-27 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database. | |||||
| CVE-2014-9229 | 1 Symantec | 1 Endpoint Protection | 2017-09-23 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow remote authenticated users to execute arbitrary SQL commands by leveraging the Limited Administrator role. | |||||
| CVE-2015-4073 | 1 Helpdesk Pro Project | 1 Helpdesk Pro | 2017-09-22 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter. | |||||
| CVE-2017-14600 | 1 Pragyan Cms Project | 1 Pragyan Cms | 2017-09-22 | 4.0 MEDIUM | 4.9 MEDIUM |
| Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure. | |||||
| CVE-2017-14601 | 1 Pragyan Cms Project | 1 Pragyan Cms | 2017-09-22 | 4.0 MEDIUM | 4.9 MEDIUM |
| Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure. | |||||
| CVE-2015-4634 | 1 Cacti | 1 Cacti | 2017-09-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter. | |||||
| CVE-2017-14345 | 1 Blog Project | 1 Blog | 2017-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php. | |||||
| CVE-2017-14396 | 1 Osticket | 1 Osticket | 2017-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php. | |||||
| CVE-2017-1002010 | 1 Ontraport | 1 Membership Simplified | 2017-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete_media function. | |||||
| CVE-2017-1002009 | 1 Ontraport | 1 Membership Simplified | 2017-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function. | |||||
| CVE-2017-1002023 | 1 Daisythemes | 1 Easy Team Manager | 2017-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php | |||||
| CVE-2017-1002025 | 1 Add-edit-delete-listing-for-member-module Project | 1 Add-edit-delete-listing-for-member-module | 2017-09-21 | 6.5 MEDIUM | 7.2 HIGH |
| Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement. | |||||
| CVE-2015-7877 | 1 User Dashboard Project | 1 User Dashboard | 2017-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in the User Dashboard module 7.x before 7.x-1.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-14512 | 1 Nexusphp Project | 1 Nexusphp | 2017-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981. | |||||
| CVE-2015-1491 | 1 Symantec | 1 Endpoint Protection Manager | 2017-09-21 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-1002015 | 1 Anblik | 1 Image-gallery-with-slideshow | 2017-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter. | |||||
| CVE-2017-1002013 | 1 Anblik | 1 Image-gallery-with-slideshow | 2017-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php. | |||||
| CVE-2017-1002014 | 1 Anblik | 1 Image-gallery-with-slideshow | 2017-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter. | |||||
| CVE-2017-1002028 | 1 Angrybyte | 1 Gallery-transformation | 2017-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query. | |||||
| CVE-2017-1002027 | 1 Rayanehdownload | 1 Rk-responsive-contact-form | 2017-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rk_user_list.php. | |||||
| CVE-2017-1002020 | 1 Surveys Project | 1 Surveys | 2017-09-19 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query. | |||||
| CVE-2017-8015 | 1 Emc | 1 Appsync | 2017-09-19 | 7.5 HIGH | 9.8 CRITICAL |
| EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2017-12776 | 1 Nexusphp Project | 1 Nexusphp | 2017-09-19 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter. | |||||
| CVE-2010-4700 | 1 Php | 1 Php | 2017-09-19 | 6.8 MEDIUM | N/A |
| The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions. | |||||
| CVE-2009-4797 | 1 Jobhut.spranger | 1 Jobhut | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in browse.php in JobHut 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pk parameter. | |||||
| CVE-2009-4798 | 1 Diskos | 1 Diskos Cms | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Diskos CMS 6.x allow remote attackers to execute arbitrary SQL commands via the (1) kat parameter to side.asp, and the (2) brugerid and (3) password fields to the administration login feature. | |||||
| CVE-2009-4807 | 1 Graugon | 1 Php Article Publisher | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Graugon PHP Article Publisher 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) c parameter to index.php and the (2) id parameter to view.php. | |||||
| CVE-2009-4855 | 1 Typo3 | 1 Typo3 | 2017-09-19 | 7.5 HIGH | N/A |
| ** DISPUTED ** SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid parameter. NOTE: the TYPO3 Security Team disputes this report, stating that "there is no such vulnerability... The showUid parameter is generally used in third-party TYPO3 extensions - not in TYPO3 Core." | |||||
| CVE-2009-4860 | 1 Demarque | 1 Typing Pal | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in demo.php in Typing Pal 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idTableProduit parameter. | |||||
| CVE-2009-4862 | 1 Abushhab | 1 Alwasel | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Alwasel 1.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) show.php and (2) xml.php. | |||||
| CVE-2009-4870 | 1 Phpcityportal | 1 Phpcityportal | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login.php in PHPCityPortal allow remote attackers to execute arbitrary SQL commands via the (1) req_username (aka Username) and (2) req_password (aka Password) parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4871 | 1 Logoshows | 1 Logoshows Bbs | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in globepersonnel_forum.asp in Logoshows BBS 2.0 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. | |||||
| CVE-2009-4872 | 1 Logoshows | 1 Logoshows Bbs | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in globepersonnel_login.asp in Logoshows BBS 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. | |||||
| CVE-2009-4883 | 1 Todd Rogers | 1 Phprecipebook | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PHPRecipeBook 2.24 and 2.39 allows remote attackers to execute arbitrary SQL commands via the (1) base_id or (2) course_id parameter in a search action. | |||||
| CVE-2009-4889 | 2 Basti2web, Php-fusion | 2 Book Panel, Php-fusion | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in books.php in the Book Panel (book_panel) module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the bookid parameter. | |||||
| CVE-2009-5094 | 1 Cmsfaethon | 1 Cms Faethon | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in info.php in CMS Faethon 2.2.0 Ultimate allows remote attackers to execute arbitrary SQL commands via the item parameter. | |||||
| CVE-2009-4891 | 1 Cs-cart | 1 Cs-cart | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in CS-Cart 2.0.0 Beta 3 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a products.view action. | |||||
| CVE-2009-5091 | 1 Vlinks | 1 Vlinks | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in page.php in Vlinks 1.0.3 and 1.1.6 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-4892 | 1 Webjump | 1 Webjump\! | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Content Management System WEBjump! allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) portfolio_genre.php and (2) news_id.php. | |||||
| CVE-2009-5090 | 1 Daman371 | 1 Bloggeruniverse | 2017-09-19 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in editcomments.php in Bloggeruniverse Beta 2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter and possibly other unspecified vectors. | |||||