Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1002014 | 1 Anblik | 1 Image-gallery-with-slideshow | 2017-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter. | |||||
| CVE-2017-1002013 | 1 Anblik | 1 Image-gallery-with-slideshow | 2017-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php. | |||||
| CVE-2017-1002028 | 1 Angrybyte | 1 Gallery-transformation | 2017-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query. | |||||
| CVE-2017-1002027 | 1 Rayanehdownload | 1 Rk-responsive-contact-form | 2017-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rk_user_list.php. | |||||
| CVE-2017-1002020 | 1 Surveys Project | 1 Surveys | 2017-09-19 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query. | |||||
| CVE-2017-8015 | 1 Emc | 1 Appsync | 2017-09-19 | 7.5 HIGH | 9.8 CRITICAL |
| EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2017-12776 | 1 Nexusphp Project | 1 Nexusphp | 2017-09-19 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter. | |||||
| CVE-2010-4700 | 1 Php | 1 Php | 2017-09-19 | 6.8 MEDIUM | N/A |
| The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions. | |||||
| CVE-2009-5094 | 1 Cmsfaethon | 1 Cms Faethon | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in info.php in CMS Faethon 2.2.0 Ultimate allows remote attackers to execute arbitrary SQL commands via the item parameter. | |||||
| CVE-2009-5091 | 1 Vlinks | 1 Vlinks | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in page.php in Vlinks 1.0.3 and 1.1.6 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-5090 | 1 Daman371 | 1 Bloggeruniverse | 2017-09-19 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in editcomments.php in Bloggeruniverse Beta 2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter and possibly other unspecified vectors. | |||||
| CVE-2009-5088 | 1 Ideacart | 1 Ideacart | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in secure/index.php in IdeaCart 0.02 allows remote attackers to execute arbitrary SQL commands via the cID parameter. | |||||
| CVE-2009-4992 | 1 Script-shop24 | 1 Lm Starmail Paidmail | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in paidbanner.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2009-4985 | 1 Websitesrus | 1 Accessories Me Php Affiliate Script | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in browse.php in Accessories Me PHP Affiliate Script 1.4 allows remote attackers to execute arbitrary SQL commands via the Go parameter. | |||||
| CVE-2009-4982 | 1 Irokez | 1 Irokez Cms | 2017-09-19 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the select function in Irokez CMS 0.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to the default URI. | |||||
| CVE-2009-4973 | 1 Sweetphp | 1 Totalcalendar | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary SQL commands via the selectedCal parameter in a SwitchCal action. | |||||
| CVE-2009-4958 | 1 Emophp | 1 Emo Breeder Manager | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in video.php in EMO Breeder Manager (aka EMO Breader Manager) allows remote attackers to execute arbitrary SQL commands via the idd parameter. | |||||
| CVE-2009-4940 | 1 Zeuscart | 1 Zeuscart | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Zeus Cart 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action. | |||||
| CVE-2009-4938 | 2 Joomla, Warphd | 2 Joomla\!, Com Jvideo | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JVideo! (com_jvideo) component 0.3.11c Beta and 0.3.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a user action to index.php. | |||||
| CVE-2009-4935 | 1 Esoftpro | 1 Online Guestbook Pro | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ogp_show.php in Online Guestbook Pro allows remote attackers to execute arbitrary SQL commands via the display parameter. | |||||