Export limit exceeded: 364625 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19764 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-17822 1 Piwigo 1 Piwigo 2025-04-20 N/A
The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database.
CVE-2017-17636 1 Mlm Forced Matrix Project 1 Mlm Forced Matrix 2025-04-20 N/A
MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter.
CVE-2017-17631 1 Multireligion Responsive Matrimonial Project 1 Multireligion Responsive Matrimonial 2025-04-20 N/A
Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the success-story.php succid parameter.
CVE-2017-17630 1 Yoga Class Script Project 1 Yoga Class Script 2025-04-20 N/A
Yoga Class Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17629 1 Secure E-commerce Script Project 1 Secure E-commerce Script 2025-04-20 N/A
Secure E-commerce Script 2.0.1 has SQL Injection via the category.php searchmain or searchcat parameter, or the single_detail.php sid parameter.
CVE-2017-17626 1 Readymade Php Classified Script Project 1 Readymade Php Classified Script 2025-04-20 N/A
Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter.
CVE-2017-17625 1 On Demand Marketplace Script Project 1 On Demand Marketplace Script 2025-04-20 9.8 Critical
Professional Service Script 1.0 has SQL Injection via the service-list city parameter.
CVE-2017-17624 1 Php Multivendor Ecommerce Project 1 Php Multivendor Ecommerce 2025-04-20 N/A
PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1 parameter.
CVE-2017-17623 1 Opensource Classified Ads Script Project 1 Opensource Classified Ads Script 2025-04-20 N/A
Opensource Classified Ads Script 3.2 has SQL Injection via the advance_result.php keyword parameter.
CVE-2017-17612 1 Hot Scripts Clone Project 1 Hot Scripts Clone 2025-04-20 N/A
Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter.
CVE-2017-17609 1 Chartered Accountant Booking Script Project 1 Chartered Accountant Booking Script 2025-04-20 N/A
Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter.
CVE-2017-17605 1 Consumer Complaints Clone Script Project 1 Consumer Complaints Clone Script 2025-04-20 N/A
Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter.
CVE-2017-17599 1 Advance Online Learning Management Script Project 1 Advance Online Learning Management Script 2025-04-20 N/A
Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter.
CVE-2017-13068 1 Qnap 1 Qts Helpdesk 2025-04-20 N/A
QNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information. A remote attacker does not require any privileges to successfully execute this attack.
CVE-2016-9416 1 Mybb 2 Merge System, Mybb 2025-04-20 N/A
SQL injection vulnerability in the users data handler in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2017-15907 1 Phpcollab 1 Phpcollab 2025-04-20 N/A
SQL injection vulnerability in phpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to newsdesk/newsdesk.php.
CVE-2017-17928 1 Ordermanagementscript 1 Professional Service Script 2025-04-20 N/A
PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter.
CVE-2017-1000004 1 Atutor 1 Atutor 2025-04-20 N/A
ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, Glossary, Social Group Member Search, Social Friend Search, Social Group Search, File Comment, Gradebook Test Title, User Group Membership, Inbox/Sent Items, Sent Messages, Links, Photo Album, Poll, Social Application, Social Profile, Test, Content Menu, Auto-Login, and Gradebook components resulting in information disclosure, database modification, or potential code execution.
CVE-2017-6195 1 Ipswitch 2 Moveit Dmz, Moveit Transfer 2017 2025-04-20 N/A
Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017 9.0.0.201, MOVEit DMZ 8.3.0.30, and MOVEit DMZ 8.2.0.20.
CVE-2017-17920 1 Rubyonrails 1 Ruby On Rails 2025-04-20 N/A
SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input