Total
19054 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-0304 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2025-04-20 | N/A |
| A SQL injection vulnerability exists in the BIG-IP AFM management UI on versions 12.0.0, 12.1.0, 12.1.1, 12.1.2 and 13.0.0 that may allow a copy of the firewall rules to be tampered with and impact the Configuration Utility until there is a resync of the rules. Traffic processing and the live firewall rules in use are not affected. | ||||
| CVE-2017-15974 | 1 Datacomponents | 1 Tpanel | 2025-04-20 | N/A |
| tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php. | ||||
| CVE-2017-15959 | 1 Adultscriptpro | 1 Adultscriptpro | 2025-04-20 | N/A |
| Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576. | ||||
| CVE-2017-15965 | 1 Nswd | 1 Ns Download Shop | 2025-04-20 | N/A |
| The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action. | ||||
| CVE-2017-17640 | 1 Advanced World Database Project | 1 Advanced World Database | 2025-04-20 | N/A |
| Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter. | ||||
| CVE-2017-17604 | 1 Entrepreneur Bus Booking Script Project | 1 Entrepreneur Bus Booking Script | 2025-04-20 | N/A |
| Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the booker_details.php sourcebus parameter. | ||||
| CVE-2017-17599 | 1 Advance Online Learning Management Script Project | 1 Advance Online Learning Management Script | 2025-04-20 | N/A |
| Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter. | ||||
| CVE-2017-12227 | 1 Cisco | 1 Emergency Responder | 2025-04-20 | N/A |
| A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker could exploit this vulnerability by sending crafted URLs that include SQL statements. An exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data. Cisco Bug IDs: CSCvb58973. | ||||
| CVE-2017-4972 | 2 Cloudfoundry, Pivotal Software | 3 Cf-release, Cloud Foundry Uaa Bosh, Cloud Foundry Uaa | 2025-04-20 | 7.5 High |
| An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30. An attacker can use a blind SQL injection attack to query the contents of the UAA database. | ||||
| CVE-2017-14848 | 1 Dasinfomedia | 1 Wphrm Human Resource Management System | 2025-04-20 | 8.8 High |
| WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter. | ||||
| CVE-2017-17822 | 1 Piwigo | 1 Piwigo | 2025-04-20 | N/A |
| The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database. | ||||
| CVE-2017-17824 | 1 Piwigo | 1 Piwigo | 2025-04-20 | N/A |
| The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database. | ||||
| CVE-2017-11494 | 1 Sol-connect | 2 Sol.connect Iset-mpp Meter, Sol.connect Iset-mpp Meter Firmware | 2025-04-20 | N/A |
| SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a login action. | ||||
| CVE-2017-17872 | 1 Jextn | 1 Jextn Video Gallery | 2025-04-20 | N/A |
| The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection via the id parameter in a view=category action. | ||||
| CVE-2017-11184 | 1 Glpi-project | 1 Glpi | 2025-04-20 | N/A |
| SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter. | ||||
| CVE-2015-3314 | 1 Tune Library Project | 1 Tune Library | 2025-04-20 | N/A |
| SQL injection vulnerability in WordPress Tune Library plugin before 1.5.5. | ||||
| CVE-2017-17892 | 1 Readymade Video Sharing Script Project | 1 Readymade Video Sharing Script | 2025-04-20 | N/A |
| Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter. | ||||
| CVE-2016-9994 | 1 Ibm | 1 Kenexa Lcms Premier | 2025-04-20 | N/A |
| IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1976805. | ||||
| CVE-2017-1000060 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | 9.8 Critical |
| EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root | ||||
| CVE-2016-9992 | 1 Ibm | 1 Kenexa Lcms Premier | 2025-04-20 | N/A |
| IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067. | ||||