Export limit exceeded: 364625 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19764 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-17822 | 1 Piwigo | 1 Piwigo | 2025-04-20 | N/A |
| The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database. | ||||
| CVE-2017-17636 | 1 Mlm Forced Matrix Project | 1 Mlm Forced Matrix | 2025-04-20 | N/A |
| MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter. | ||||
| CVE-2017-17631 | 1 Multireligion Responsive Matrimonial Project | 1 Multireligion Responsive Matrimonial | 2025-04-20 | N/A |
| Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the success-story.php succid parameter. | ||||
| CVE-2017-17630 | 1 Yoga Class Script Project | 1 Yoga Class Script | 2025-04-20 | N/A |
| Yoga Class Script 1.0 has SQL Injection via the /list city parameter. | ||||
| CVE-2017-17629 | 1 Secure E-commerce Script Project | 1 Secure E-commerce Script | 2025-04-20 | N/A |
| Secure E-commerce Script 2.0.1 has SQL Injection via the category.php searchmain or searchcat parameter, or the single_detail.php sid parameter. | ||||
| CVE-2017-17626 | 1 Readymade Php Classified Script Project | 1 Readymade Php Classified Script | 2025-04-20 | N/A |
| Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter. | ||||
| CVE-2017-17625 | 1 On Demand Marketplace Script Project | 1 On Demand Marketplace Script | 2025-04-20 | 9.8 Critical |
| Professional Service Script 1.0 has SQL Injection via the service-list city parameter. | ||||
| CVE-2017-17624 | 1 Php Multivendor Ecommerce Project | 1 Php Multivendor Ecommerce | 2025-04-20 | N/A |
| PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1 parameter. | ||||
| CVE-2017-17623 | 1 Opensource Classified Ads Script Project | 1 Opensource Classified Ads Script | 2025-04-20 | N/A |
| Opensource Classified Ads Script 3.2 has SQL Injection via the advance_result.php keyword parameter. | ||||
| CVE-2017-17612 | 1 Hot Scripts Clone Project | 1 Hot Scripts Clone | 2025-04-20 | N/A |
| Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter. | ||||
| CVE-2017-17609 | 1 Chartered Accountant Booking Script Project | 1 Chartered Accountant Booking Script | 2025-04-20 | N/A |
| Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter. | ||||
| CVE-2017-17605 | 1 Consumer Complaints Clone Script Project | 1 Consumer Complaints Clone Script | 2025-04-20 | N/A |
| Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter. | ||||
| CVE-2017-17599 | 1 Advance Online Learning Management Script Project | 1 Advance Online Learning Management Script | 2025-04-20 | N/A |
| Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter. | ||||
| CVE-2017-13068 | 1 Qnap | 1 Qts Helpdesk | 2025-04-20 | N/A |
| QNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information. A remote attacker does not require any privileges to successfully execute this attack. | ||||
| CVE-2016-9416 | 1 Mybb | 2 Merge System, Mybb | 2025-04-20 | N/A |
| SQL injection vulnerability in the users data handler in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2017-15907 | 1 Phpcollab | 1 Phpcollab | 2025-04-20 | N/A |
| SQL injection vulnerability in phpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to newsdesk/newsdesk.php. | ||||
| CVE-2017-17928 | 1 Ordermanagementscript | 1 Professional Service Script | 2025-04-20 | N/A |
| PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter. | ||||
| CVE-2017-1000004 | 1 Atutor | 1 Atutor | 2025-04-20 | N/A |
| ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, Glossary, Social Group Member Search, Social Friend Search, Social Group Search, File Comment, Gradebook Test Title, User Group Membership, Inbox/Sent Items, Sent Messages, Links, Photo Album, Poll, Social Application, Social Profile, Test, Content Menu, Auto-Login, and Gradebook components resulting in information disclosure, database modification, or potential code execution. | ||||
| CVE-2017-6195 | 1 Ipswitch | 2 Moveit Dmz, Moveit Transfer 2017 | 2025-04-20 | N/A |
| Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017 9.0.0.201, MOVEit DMZ 8.3.0.30, and MOVEit DMZ 8.2.0.20. | ||||
| CVE-2017-17920 | 1 Rubyonrails | 1 Ruby On Rails | 2025-04-20 | N/A |
| SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input | ||||