Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17591 | 1 Realestate Crowdfunding Script Project | 1 Realestate Crowdfunding Script | 2017-12-21 | 7.5 HIGH | 9.8 CRITICAL |
| Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter. | |||||
| CVE-2017-17592 | 1 Website Auction Marketplace Project | 1 Website Auction Marketplace | 2017-12-21 | 7.5 HIGH | 9.8 CRITICAL |
| Website Auction Marketplace 2.0.5 has SQL Injection via the search.php cat_id parameter. | |||||
| CVE-2017-17695 | 1 Techno - Portfolio Management Panel Project | 1 Techno - Portfolio Management Panel | 2017-12-21 | 6.5 MEDIUM | 8.8 HIGH |
| Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter. | |||||
| CVE-2017-17573 | 1 Fortunescripts | 1 Ebay Clone | 2017-12-20 | 7.5 HIGH | 9.8 CRITICAL |
| FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, or the search.php category_id or sub_category_id parameter. | |||||
| CVE-2017-10682 | 1 Piwigo | 1 Piwigo | 2017-12-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or status page to cat_options.php. | |||||
| CVE-2017-16893 | 1 Piwigo | 1 Piwigo | 2017-12-19 | 4.0 MEDIUM | 6.5 MEDIUM |
| The application Piwigo is affected by an SQL injection vulnerability in version 2.9.2 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. tags.php is affected: values of the edit_list parameters are not sanitized; these are used to construct an SQL query and retrieve a list of registered users into the application. | |||||
| CVE-2017-1356 | 1 Ibm | 1 Atlas Ediscovery Process Management | 2017-12-19 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126683. | |||||
| CVE-2017-17103 | 1 Fiyo | 1 Fiyo Cms | 2017-12-15 | 6.5 MEDIUM | 8.8 HIGH |
| Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via $_POST[name] or $_POST[email]. This vulnerability can lead to escalation from normal user privileges to administrator privileges. | |||||
| CVE-2017-10899 | 1 Ark-web | 1 A-reserve | 2017-12-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the A-Reserve and A-Reserve for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-10898 | 1 Ark-web | 1 A-member | 2017-12-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the A-Member and A-Member for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-17102 | 1 Fiyo | 1 Fiyo Cms | 2017-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST['link']. | |||||
| CVE-2008-6046 | 1 Adbnewssender Project | 1 Adbnewssender | 2017-12-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ADbNewsSender before 1.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors in (1) opt_in_out.php.inc, (2) confirmation.php.inc, and (3) renewal.php.inc in mailinglist/. | |||||
| CVE-2015-3934 | 1 Fiyo | 1 Fiyo Cms | 2017-12-12 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/app_article/controller/rating.php or (2) user parameter to user/login. | |||||
| CVE-2017-8198 | 1 Huawei | 1 Fusionsphere | 2017-12-08 | 6.5 MEDIUM | 7.2 HIGH |
| FusionSphere V100R006C00SPC102(NFV) has an SQL injection vulnerability. An authenticated, remote attacker could craft interface messages carrying malicious SQL statements and send them to a target device. Successful exploit could allow the attacker to launch an SQL injection attack and execute SQL commands. | |||||
| CVE-2017-16955 | 1 Inlinks Project | 1 Inlinks | 2017-12-07 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the InLinks plugin through 1.1 for WordPress allows authenticated users to execute arbitrary SQL commands via the "keyword" parameter to /wp-admin/options-general.php?page=inlinks/inlinks.php. | |||||
| CVE-2017-16961 | 1 Bigtreecms | 1 Bigtree Cms | 2017-12-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The attack uses an admin/trees/add/process request with a crafted _tags[] parameter that is mishandled in a later admin/ajax/dashboard/approve-change request. | |||||
| CVE-2012-0401 | 1 Rsa | 1 Envision | 2017-12-06 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-16896 | 1 Tt-rss | 1 Tiny Tiny Rss | 2017-12-05 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter. | |||||
| CVE-2010-4876 | 1 Mblogger Project | 1 Mblogger | 2017-11-30 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows remote attackers to execute arbitrary SQL commands via the postID parameter. | |||||
| CVE-2017-1000129 | 1 S9y | 1 Serendipity | 2017-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure | |||||