Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4521 | 1 Advantech | 1 Advantech Webaccess | 2018-01-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via crafted string input. | |||||
| CVE-2012-0244 | 1 Advantech | 1 Advantech Webaccess | 2018-01-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input. | |||||
| CVE-2017-16735 | 1 Ecava | 1 Integraxor | 2018-01-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log. | |||||
| CVE-2017-16733 | 1 Ecava | 1 Integraxor | 2018-01-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database. | |||||
| CVE-2017-17731 | 1 Dedecms | 1 Dedecms | 2018-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php. | |||||
| CVE-2017-17730 | 1 Dedecms | 1 Dedecms | 2018-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php. | |||||
| CVE-2017-17713 | 1 Boxug | 1 Trape | 2018-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter. | |||||
| CVE-2017-1757 | 1 Ibm | 1 Security Guardium | 2018-01-03 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858. | |||||
| CVE-2017-17822 | 1 Piwigo | 1 Piwigo | 2018-01-03 | 4.0 MEDIUM | 4.9 MEDIUM |
| The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database. | |||||
| CVE-2017-17823 | 1 Piwigo | 1 Piwigo | 2018-01-03 | 4.0 MEDIUM | 4.9 MEDIUM |
| The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database. | |||||
| CVE-2017-17824 | 1 Piwigo | 1 Piwigo | 2018-01-03 | 4.0 MEDIUM | 4.9 MEDIUM |
| The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database. | |||||
| CVE-2017-17779 | 1 Paid To Read Script Project | 1 Paid To Read Script | 2018-01-03 | 7.5 HIGH | 9.8 CRITICAL |
| Paid To Read Script 2.0.5 has SQL injection via the referrals.php id parameter. | |||||
| CVE-2017-17829 | 1 Doditsolutions | 1 Bus Booking Script | 2018-01-03 | 6.5 MEDIUM | 7.2 HIGH |
| Bus Booking Script has SQL Injection via the admin/view_seatseller.php sp_id parameter or the admin/view_member.php memid parameter. | |||||
| CVE-2017-15875 | 1 Sistemagpweb | 1 Gpweb | 2018-01-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter. | |||||
| CVE-2017-17624 | 1 Php Multivendor Ecommerce Project | 1 Php Multivendor Ecommerce | 2018-01-02 | 7.5 HIGH | 9.8 CRITICAL |
| PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1 parameter. | |||||
| CVE-2017-17651 | 1 Paid To Read Script Project | 1 Paid To Read Script | 2018-01-02 | 7.5 HIGH | 9.8 CRITICAL |
| Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter. | |||||
| CVE-2017-14508 | 1 Sugarcrm | 1 Sugarcrm | 2017-12-30 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). Several areas have been identified in the Documents and Emails module that could allow an authenticated user to perform SQL injection, as demonstrated by a backslash character at the end of a bean_id to modules/Emails/DetailView.php. An attacker could exploit these vulnerabilities by sending a crafted SQL request to the affected areas. An exploit could allow the attacker to modify the SQL database. Proper SQL escaping has been added to prevent such exploits. | |||||
| CVE-2017-17632 | 1 Responsive Events And Movie Ticket Booking Script Project | 1 Responsive Events And Movie Ticket Booking Script | 2017-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| Responsive Events And Movie Ticket Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter. | |||||
| CVE-2017-17623 | 1 Opensource Classified Ads Script Project | 1 Opensource Classified Ads Script | 2017-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| Opensource Classified Ads Script 3.2 has SQL Injection via the advance_result.php keyword parameter. | |||||
| CVE-2017-17631 | 1 Multireligion Responsive Matrimonial Project | 1 Multireligion Responsive Matrimonial | 2017-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the success-story.php succid parameter. | |||||
| CVE-2017-17633 | 1 Multiplex Movie Theater Booking Script Project | 1 Multiplex Movie Theater Booking Script | 2017-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| Multiplex Movie Theater Booking Script 3.1.5 has SQL Injection via the trailer-detail.php moid parameter, show-time.php moid parameter, or event-detail.php eid parameter. | |||||
| CVE-2017-17634 | 1 Single Theater Booking Script Project | 1 Single Theater Booking Script | 2017-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| Single Theater Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter. | |||||
| CVE-2017-17637 | 1 Car Rental Script Project | 1 Car Rental Script | 2017-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter. | |||||
| CVE-2017-17635 | 1 Mlm Forex Market Plan Script Project | 1 Mlm Forex Market Plan Script | 2017-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| MLM Forex Market Plan Script 2.0.4 has SQL Injection via the news_detail.php newid parameter or the event_detail.php eventid parameter. | |||||
| CVE-2017-17636 | 1 Mlm Forced Matrix Project | 1 Mlm Forced Matrix | 2017-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter. | |||||
| CVE-2014-1650 | 1 Symantec | 1 Web Gateway | 2017-12-28 | 5.2 MEDIUM | N/A |
| SQL injection vulnerability in user.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-1651 | 1 Symantec | 1 Web Gateway | 2017-12-28 | 5.8 MEDIUM | N/A |
| SQL injection vulnerability in clientreport.php in the management console in Symantec Web Gateway (SWG) before 5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-17622 | 1 Online Exam Test Application Script Project | 1 Online Exam Test Application Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Online Exam Test Application Script 1.6 has SQL Injection via the exams.php sort parameter. | |||||
| CVE-2017-17628 | 1 Responsive Realestate Script Project | 1 Responsive Realestate Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Responsive Realestate Script 3.2 has SQL Injection via the property-list tbud parameter. | |||||
| CVE-2017-17614 | 1 Hotel Restaurant Reviews And Feedback Script Project | 1 Hotel Restaurant Reviews And Feedback Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Food Order Script 1.0 has SQL Injection via the /list city parameter. | |||||
| CVE-2017-17627 | 1 Readymade Video Sharing Script Project | 1 Readymade Video Sharing Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter. | |||||
| CVE-2017-17626 | 1 Readymade Php Classified Script Project | 1 Readymade Php Classified Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter. | |||||
| CVE-2017-17609 | 1 Chartered Accountant Booking Script Project | 1 Chartered Accountant Booking Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter. | |||||
| CVE-2017-17621 | 1 Multivendor Penny Auction Clone Script Project | 1 Multivendor Penny Auction Clone Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI. | |||||
| CVE-2017-17608 | 1 Kindergarten - Elementary School Listing Script Project | 1 Kindergarten - Elementary School Listing Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Child Care Script 1.0 has SQL Injection via the /list city parameter. | |||||
| CVE-2017-17602 | 1 Advance B2b Script Project | 1 Advance B2b Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter. | |||||
| CVE-2017-17620 | 1 Lawyer Search Script Project | 1 Lawyer Search Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city parameter. | |||||
| CVE-2017-17618 | 1 Kickstarter Clone Script Project | 1 Kickstarter Clone Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter. | |||||
| CVE-2017-17619 | 1 Laundry Booking Script Project | 1 Laundry Booking Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Laundry Booking Script 1.0 has SQL Injection via the /list city parameter. | |||||
| CVE-2017-17617 | 1 Foodspotting Clone Script Project | 1 Foodspotting Clone Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php q parameter. | |||||
| CVE-2017-1606 | 1 Ibm | 1 Financial Transaction Manager | 2017-12-26 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 132926. | |||||
| CVE-2017-17615 | 1 Facebook Clone Script Project | 1 Facebook Clone Script | 2017-12-26 | 6.5 MEDIUM | 8.8 HIGH |
| Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter. | |||||
| CVE-2017-17610 | 1 E-commerce Mlm Software Project | 1 E-commerce Mlm Software | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| E-commerce MLM Software 1.0 has SQL Injection via the service_detail.php pid parameter, event_detail.php eventid parameter, or news_detail.php newid parameter. | |||||
| CVE-2017-17613 | 1 Freelance Website Script Project | 1 Freelance Website Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php pr_id parameter or the searchbycat_list.php catid parameter. | |||||
| CVE-2017-17642 | 1 Basic Job Site Script Project | 1 Basic Job Site Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job. | |||||
| CVE-2017-17640 | 1 Advanced World Database Project | 1 Advanced World Database | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter. | |||||
| CVE-2017-17648 | 1 Entrepreneur Dating Script Project | 1 Entrepreneur Dating Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter. | |||||
| CVE-2017-17641 | 1 Resume Clone Script Project | 1 Resume Clone Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Resume Clone Script 2.0.5 has SQL Injection via the preview.php id parameter. | |||||
| CVE-2017-17639 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter. | |||||
| CVE-2017-17638 | 1 Groupon Clone Script Project | 1 Groupon Clone Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php state_id parameter. | |||||