Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3937 | 1 A-shop | 1 A-shop | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in A-shop 0.70 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2007-3933 | 1 Quickestore | 1 Quickestore | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in insertorder.cfm in QuickEStore 8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the CFTOKEN parameter, a different vector than CVE-2006-2053. | |||||
| CVE-2007-3687 | 1 Infernotechnologies | 1 Rpg Inferno | 2017-09-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in inferno.php in the Inferno Technologies RPG Inferno 2.4 and earlier, a vBulletin module, allows remote authenticated attackers to execute arbitrary SQL commands via the id parameter in a ScanMember do action. | |||||
| CVE-2007-3539 | 1 Qt-cute | 2 Quicktalk Forum, Quickticket | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in QuickTicket 1.2 build:20070621 and QuickTalk Forum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) t and (2) f parameters in (a) qti_ind_post.php and (b) qti_ind_post_prt.php; (3) dir and (4) order parameters in qti_ind_member.php; (5) id parameter in qti_usr.php; and the (6) f parameter in qti_ind_topic.php. NOTE: it was later reported that vector 5 also affects 1.4, 1.5, and 1.5.0.3. | |||||
| CVE-2017-7973 | 1 Schneider-electric | 1 U.motion Builder | 2017-09-27 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database. | |||||
| CVE-2014-9229 | 1 Symantec | 1 Endpoint Protection | 2017-09-23 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow remote authenticated users to execute arbitrary SQL commands by leveraging the Limited Administrator role. | |||||
| CVE-2015-4073 | 1 Helpdesk Pro Project | 1 Helpdesk Pro | 2017-09-22 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter. | |||||
| CVE-2017-14600 | 1 Pragyan Cms Project | 1 Pragyan Cms | 2017-09-22 | 4.0 MEDIUM | 4.9 MEDIUM |
| Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure. | |||||
| CVE-2017-14601 | 1 Pragyan Cms Project | 1 Pragyan Cms | 2017-09-22 | 4.0 MEDIUM | 4.9 MEDIUM |
| Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure. | |||||
| CVE-2015-4634 | 1 Cacti | 1 Cacti | 2017-09-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter. | |||||
| CVE-2017-14345 | 1 Blog Project | 1 Blog | 2017-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php. | |||||
| CVE-2017-14396 | 1 Osticket | 1 Osticket | 2017-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php. | |||||
| CVE-2017-1002010 | 1 Ontraport | 1 Membership Simplified | 2017-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete_media function. | |||||
| CVE-2017-1002009 | 1 Ontraport | 1 Membership Simplified | 2017-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function. | |||||
| CVE-2017-1002023 | 1 Daisythemes | 1 Easy Team Manager | 2017-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php | |||||
| CVE-2017-1002025 | 1 Add-edit-delete-listing-for-member-module Project | 1 Add-edit-delete-listing-for-member-module | 2017-09-21 | 6.5 MEDIUM | 7.2 HIGH |
| Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement. | |||||
| CVE-2015-7877 | 1 User Dashboard Project | 1 User Dashboard | 2017-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in the User Dashboard module 7.x before 7.x-1.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-14512 | 1 Nexusphp Project | 1 Nexusphp | 2017-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981. | |||||
| CVE-2015-1491 | 1 Symantec | 1 Endpoint Protection Manager | 2017-09-21 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-1002015 | 1 Anblik | 1 Image-gallery-with-slideshow | 2017-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter. | |||||