Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16561 | 1 Ingenious School Management System Project | 1 Ingenious School Management System | 2017-11-29 | 7.5 HIGH | 9.8 CRITICAL |
| /view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the 'friend_index' parameter of a GET request. | |||||
| CVE-2015-3933 | 1 Metalgenix | 1 Genixcms | 2017-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php. | |||||
| CVE-2017-16848 | 1 Zohocorp | 1 Manageengine Applications Manager | 2017-11-27 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter. | |||||
| CVE-2017-15946 | 1 Selfget | 1 Tag Meta | 2017-11-25 | 7.5 HIGH | 9.8 CRITICAL |
| In the com_tag component 1.7.6 for Joomla!, a SQL injection vulnerability is located in the `tag` parameter to index.php. The request method to execute is GET. | |||||
| CVE-2017-11508 | 1 Tenable | 1 Securitycenter | 2017-11-22 | 6.5 MEDIUM | 8.8 HIGH |
| SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a diagnostic scan within SecurityCenter. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access. | |||||
| CVE-2012-2007 | 1 Hp | 1 Performance Insight | 2017-11-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-4257 | 1 Wordpress | 1 Wordpress | 2017-11-21 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field. | |||||
| CVE-2017-15988 | 1 Nicephpscripts | 1 Nice Php Faq Script | 2017-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme parameter, a different vulnerability than CVE-2008-6525. | |||||
| CVE-2017-15983 | 1 Geniusocean | 1 Mymagazine Magazine \& Blog Cms | 2017-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. | |||||
| CVE-2017-15986 | 1 Cpa Lead Reward Script Project | 1 Cpa Lead Reward Script | 2017-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| CPA Lead Reward Script allows SQL Injection via the username parameter. | |||||
| CVE-2017-15985 | 1 Readymadeb2bscript | 1 Basic B2b Script | 2017-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter. | |||||
| CVE-2017-15979 | 1 Odallated | 1 Shareet | 2017-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via the photo parameter. | |||||
| CVE-2017-15984 | 1 Bekirk | 1 Creative Management System Lite | 2017-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php. | |||||
| CVE-2017-15987 | 1 Fake Magazine Cover Script Project | 1 Fake Magazine Cover Script | 2017-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter. | |||||
| CVE-2017-15991 | 1 Vastal | 1 Agent Zone | 2017-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type, city, or bedroom parameter, a different vulnerability than CVE-2008-3951, CVE-2009-3497, and CVE-2012-0982. | |||||
| CVE-2017-15980 | 1 Rowindex | 1 Us Zip Codes Database Script | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter. | |||||
| CVE-2017-15976 | 1 Zeescripts | 1 Zeebuddy | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid parameter, a different vulnerability than CVE-2008-3604. | |||||
| CVE-2017-15975 | 1 Vastal | 1 Dating Zone | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461. | |||||
| CVE-2017-15960 | 1 Yourarticlesdirectory | 1 Article Directory Script | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php. | |||||
| CVE-2017-15964 | 1 Nicephpscripts | 1 Job Board Script | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| Job Board Script Software allows SQL Injection via the PATH_INFO to a /job-details URI. | |||||