Total
19055 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-2195 | 1 Multi Feed Reader Project | 1 Multi Feed Reader | 2025-04-20 | N/A |
| SQL injection vulnerability in the Multi Feed Reader prior to version 2.2.4 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2017-11444 | 1 Intelliants | 1 Subrion Cms | 2025-04-20 | N/A |
| Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array. | ||||
| CVE-2017-16850 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | N/A |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action. | ||||
| CVE-2017-5598 | 1 Eclinicalworks | 1 Patient Portal | 2025-04-20 | N/A |
| An issue was discovered in eClinicalWorks healow@work 8.0 build 8. This is a blind SQL injection within the EmployeePortalServlet, which can be exploited by un-authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects the EmployeePortalServlet page and the following parameter: employer. | ||||
| CVE-2017-5569 | 1 Eclinicalworks | 1 Patient Portal | 2025-04-20 | N/A |
| An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP POST request, and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile(). | ||||
| CVE-2017-15971 | 1 Softdatepro | 1 Same Date Pro | 2025-04-20 | 9.8 Critical |
| Same Sex Dating Software Pro 1.0 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15972. | ||||
| CVE-2017-7991 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | N/A |
| Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php. | ||||
| CVE-2017-14758 | 1 Opentext | 1 Document Sciences Xpression | 2025-04-20 | N/A |
| OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.jsp, parameter: documentId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first. | ||||
| CVE-2017-7628 | 1 Smart Related Articles Project | 1 Smart Related Articles | 2025-04-20 | N/A |
| The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability). | ||||
| CVE-2017-8796 | 1 Accellion | 1 File Transfer Appliance | 2025-04-20 | N/A |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because mysql_real_escape_string is misused, seos/courier/communication_p2p.php allows SQL injection with the app_id parameter. | ||||
| CVE-2017-17640 | 1 Advanced World Database Project | 1 Advanced World Database | 2025-04-20 | N/A |
| Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter. | ||||
| CVE-2017-8198 | 1 Huawei | 1 Fusionsphere | 2025-04-20 | N/A |
| FusionSphere V100R006C00SPC102(NFV) has an SQL injection vulnerability. An authenticated, remote attacker could craft interface messages carrying malicious SQL statements and send them to a target device. Successful exploit could allow the attacker to launch an SQL injection attack and execute SQL commands. | ||||
| CVE-2017-17621 | 1 Multivendor Penny Auction Clone Script Project | 1 Multivendor Penny Auction Clone Script | 2025-04-20 | N/A |
| Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI. | ||||
| CVE-2017-17614 | 1 Hotel Restaurant Reviews And Feedback Script Project | 1 Hotel Restaurant Reviews And Feedback Script | 2025-04-20 | N/A |
| Food Order Script 1.0 has SQL Injection via the /list city parameter. | ||||
| CVE-2017-17613 | 1 Freelance Website Script Project | 1 Freelance Website Script | 2025-04-20 | N/A |
| Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php pr_id parameter or the searchbycat_list.php catid parameter. | ||||
| CVE-2017-14507 | 1 Shindiristudio | 1 Content Timeline | 2025-04-20 | N/A |
| Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) timeline parameter in content_timeline_class.php; or the id parameter to (2) pages/content_timeline_edit.php or (3) pages/content_timeline_index.php. | ||||
| CVE-2017-17604 | 1 Entrepreneur Bus Booking Script Project | 1 Entrepreneur Bus Booking Script | 2025-04-20 | N/A |
| Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the booker_details.php sourcebus parameter. | ||||
| CVE-2017-17599 | 1 Advance Online Learning Management Script Project | 1 Advance Online Learning Management Script | 2025-04-20 | N/A |
| Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter. | ||||
| CVE-2017-6577 | 1 Mail-masta Project | 1 Mail-masta | 2025-04-20 | N/A |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: list_id. | ||||
| CVE-2017-14402 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | N/A |
| The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT CREATION" section, related to lack of input validation in include/function.php. | ||||