Search Results (19777 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-15539 1 Zorovavi\/blog Project 1 Zorovavi\/blog 2025-04-20 N/A
SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php.
CVE-2017-1000067 1 Modx 1 Revolution 2025-04-20 N/A
MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges.
CVE-2017-12946 1 Easymodal Project 1 Easy Modal 2025-04-20 N/A
classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators.
CVE-2017-1000031 1 Cacti 1 Cacti 2025-04-20 N/A
SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters.
CVE-2017-12947 1 Easymodal Project 1 Easy Modal 2025-04-20 N/A
classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in an untrash action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators.
CVE-2017-0304 1 F5 1 Big-ip Advanced Firewall Manager 2025-04-20 N/A
A SQL injection vulnerability exists in the BIG-IP AFM management UI on versions 12.0.0, 12.1.0, 12.1.1, 12.1.2 and 13.0.0 that may allow a copy of the firewall rules to be tampered with and impact the Configuration Utility until there is a resync of the rules. Traffic processing and the live firewall rules in use are not affected.
CVE-2017-12949 1 Podlove 1 Podlove Podcast Publisher 2025-04-20 N/A
lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF.
CVE-2016-9402 1 Mybb 2 Merge System, Mybb 2025-04-20 N/A
SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2017-1002021 1 Surveys Project 1 Surveys 2025-04-20 N/A
Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query.
CVE-2017-7879 1 Flatcore 1 Flatcore-cms 2025-04-20 N/A
SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database.
CVE-2017-7878 1 Flatcore 1 Flatcore-cms 2025-04-20 N/A
SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database.
CVE-2017-12977 1 10web 1 Photo Gallery 2025-04-20 N/A
The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It is exploitable by administrators via the tag_id parameter.
CVE-2017-1002015 1 Anblik 1 Image-gallery-with-slideshow 2025-04-20 N/A
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter.
CVE-2017-1002013 1 Anblik 1 Image-gallery-with-slideshow 2025-04-20 N/A
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php.
CVE-2017-1002005 1 Dtracker Project 1 Dtracker 2025-04-20 N/A
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query.
CVE-2017-1000120 1 Frappe 1 Frappe 2025-04-20 N/A
[ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter.
CVE-2017-2641 1 Moodle 1 Moodle 2025-04-20 N/A
In Moodle 2.x and 3.x, SQL injection can occur via user preferences.
CVE-2017-17605 1 Consumer Complaints Clone Script Project 1 Consumer Complaints Clone Script 2025-04-20 N/A
Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter.
CVE-2017-17643 1 Lynda Clone Project 1 Lynda Clone 2025-04-20 9.8 Critical
FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tutorial/.
CVE-2017-17609 1 Chartered Accountant Booking Script Project 1 Chartered Accountant Booking Script 2025-04-20 N/A
Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter.