Total
19064 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-6028 | 1 Castlerock | 1 Snmpc | 2025-04-20 | 8.8 High |
| Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter. | ||||
| CVE-2017-17598 | 1 Affiliate Mlm Script Project | 1 Affiliate Mlm Script | 2025-04-20 | N/A |
| Affiliate MLM Script 1.0 has SQL Injection via the product-category.php key parameter. | ||||
| CVE-2017-16543 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | N/A |
| Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter. | ||||
| CVE-2017-16561 | 1 Ingenious School Management System Project | 1 Ingenious School Management System | 2025-04-20 | N/A |
| /view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the 'friend_index' parameter of a GET request. | ||||
| CVE-2016-5952 | 1 Ibm | 1 Kenexa Lcms Premier | 2025-04-20 | N/A |
| IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. | ||||
| CVE-2015-9226 | 1 Alegrocart | 1 Alegrocart | 2025-04-20 | N/A |
| Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_admin_download.php or remote authenticated users with a valid Paypal transaction token to execute arbitrary SQL commands via the ref parameter in the (3) orderUpdate function in upload/catalog/extension/payment/paypal.php. | ||||
| CVE-2017-14846 | 1 Dasinfomedia | 1 Hospital Management System | 2025-04-20 | N/A |
| Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter. | ||||
| CVE-2017-11445 | 1 Intelliants | 1 Subrion Cms | 2025-04-20 | N/A |
| Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $_POST array. | ||||
| CVE-2017-2133 | 1 Panasonic | 2 Kx-hjb1000, Kx-hjb1000 Firmware | 2025-04-20 | N/A |
| SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2017-16733 | 1 Ecava | 1 Integraxor | 2025-04-20 | N/A |
| A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database. | ||||
| CVE-2017-7410 | 1 Websitebaker | 1 Websitebaker | 2025-04-20 | 9.8 Critical |
| Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter. | ||||
| CVE-2017-1002012 | 1 Anblik | 1 Image-gallery-with-slideshow | 2025-04-20 | N/A |
| Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, In image-gallery-with-slideshow/admin_setting.php the following snippet of code does not sanitize input via the gid variable before passing it into an SQL statement. | ||||
| CVE-2017-1002015 | 1 Anblik | 1 Image-gallery-with-slideshow | 2025-04-20 | N/A |
| Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter. | ||||
| CVE-2017-16735 | 1 Ecava | 1 Integraxor | 2025-04-20 | N/A |
| A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log. | ||||
| CVE-2017-2120 | 1 Wbce | 1 Wbce Cms | 2025-04-20 | N/A |
| SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2017-1002021 | 1 Surveys Project | 1 Surveys | 2025-04-20 | N/A |
| Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query. | ||||
| CVE-2017-11416 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | N/A |
| Fiyo CMS 2.0.7 has SQL injection in /apps/app_comment/controller/insert.php via the name parameter. | ||||
| CVE-2017-16847 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | N/A |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action. | ||||
| CVE-2017-16851 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | N/A |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter. | ||||
| CVE-2017-1002025 | 1 Add-edit-delete-listing-for-member-module Project | 1 Add-edit-delete-listing-for-member-module | 2025-04-20 | N/A |
| Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement. | ||||