Export limit exceeded: 348295 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18906 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-8835 | 1 Peplink | 12 1350hw2 Firmware, 2500 Firmware, 380hw6 Firmware and 9 more | 2025-04-20 | N/A |
| SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. An attack vector is the bauth cookie to cgi-bin/MANGA/admin.cgi. One impact is enumeration of user accounts by observing whether a session ID can be retrieved from the sessions database. | ||||
| CVE-2017-9437 | 1 Openbravo | 1 Openbravo Erp | 2025-04-20 | N/A |
| Openbravo Business Suite 3.0 is affected by SQL injection. This vulnerability could allow remote authenticated attackers to inject arbitrary SQL code. | ||||
| CVE-2017-9443 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | 8.8 High |
| BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and core\admin\modules\developer\packages\install\process.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files. | ||||
| CVE-2017-9449 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | N/A |
| SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. The attacker creates a crafted table name at admin/developer/modules/views/create/ and the injection is visible at admin/ajax/auto-modules/views/searchable-page/ or admin/modules_name. | ||||
| CVE-2016-1218 | 1 Cybozu | 1 Garoon | 2025-04-20 | N/A |
| SQL injection vulnerability in Cybozu Garoon before 4.2.2. | ||||
| CVE-2017-9463 | 1 Piwigo | 1 Piwigo | 2025-04-20 | N/A |
| The application Piwigo is affected by a SQL injection vulnerability in version 2.9.0 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The user_list_backend.php component is affected: values of the iDisplayStart & iDisplayLength parameters are not sanitized; these are used to construct a SQL query and retrieve a list of registered users into the application. | ||||
| CVE-2017-9603 | 1 Intensewp | 1 Wp Jobs | 2025-04-20 | N/A |
| SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress allows authenticated users to execute arbitrary SQL commands via the jobid parameter to wp-admin/edit.php. | ||||
| CVE-2017-6668 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-20 | N/A |
| Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc52784 CSCvc97648. Known Affected Releases: 8.1(7)ER1. | ||||
| CVE-2017-6578 | 1 Mail-masta Project | 1 Mail-masta | 2025-04-20 | N/A |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: subscriber_email. | ||||
| CVE-2015-8974 | 1 Mybb | 2 Merge System, Mybb | 2025-04-20 | N/A |
| SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2015-8356 | 1 Bitrix Project | 1 Bitrix | 2025-04-20 | N/A |
| Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to admin/mcart_xls_import.php or the (2) xls_iblock_id, (3) xls_iblock_section_id, (4) firstRow, (5) titleRow, (6) firstColumn, (7) highestColumn, (8) sku_iblock_id, or (9) xls_iblock_section_id_new parameter to admin/mcart_xls_import_step_2.php. | ||||
| CVE-2015-8334 | 1 Huawei | 2 Vcn500, Vcn500 Firmware | 2025-04-20 | N/A |
| SQL injection vulnerability in the Operation and Maintenance Unit (OMU) in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request. | ||||
| CVE-2015-7569 | 1 Yeager | 1 Yeager Cms | 2025-04-20 | N/A |
| SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter. | ||||
| CVE-2015-7568 | 1 Yeager | 1 Yeager Cms | 2025-04-20 | N/A |
| SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter. | ||||
| CVE-2015-7564 | 1 Teampass | 1 Teampass | 2025-04-20 | N/A |
| Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php. | ||||
| CVE-2015-7517 | 1 Labwebdesigns | 1 Double Opt-in For Download | 2025-04-20 | N/A |
| Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin before 2.0.9 for WordPress allow remote attackers to execute arbitrary SQL commands via the ver parameter to (1) class-doifd-download.php or (2) class-doifd-landing-page.php in public/includes/. | ||||
| CVE-2015-7390 | 1 Testlink | 1 Testlink | 2025-04-20 | N/A |
| SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php. | ||||
| CVE-2015-7346 | 1 Zcms Project | 1 Zcms | 2025-04-20 | N/A |
| SQL injection vulnerability in ZCMS 1.1. | ||||
| CVE-2015-2146 | 1 Phpbugtracker Project | 1 Phpbugtracker | 2025-04-20 | N/A |
| Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to project.php, the (2) group_id parameter to group.php, the (3) status_id parameter to status.php, the (4) resolution_id parameter to resolution.php, the (5) severity_id parameter to severity.php, the (6) priority_id parameter to priority.php, the (7) os_id parameter to os.php, or the (8) site_id parameter to site.php. | ||||
| CVE-2015-2798 | 1 Web-dorado | 1 Contact Form Maker | 2025-04-20 | N/A |
| SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||