Search Results (19778 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-8198 1 Huawei 1 Fusionsphere 2025-04-20 N/A
FusionSphere V100R006C00SPC102(NFV) has an SQL injection vulnerability. An authenticated, remote attacker could craft interface messages carrying malicious SQL statements and send them to a target device. Successful exploit could allow the attacker to launch an SQL injection attack and execute SQL commands.
CVE-2017-8377 1 Genixcms 1 Genixcms 2025-04-20 N/A
GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid parameter.
CVE-2016-9333 1 Moxa 1 Softcms 2025-04-20 N/A
An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. The SoftCMS Application does not properly sanitize input that may allow a remote attacker access to SoftCMS with administrator's privilege through specially crafted input (SQL INJECTION).
CVE-2016-9402 1 Mybb 2 Merge System, Mybb 2025-04-20 N/A
SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2017-1002004 1 Dtracker Project 1 Dtracker 2025-04-20 N/A
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query.
CVE-2017-1002014 1 Anblik 1 Image-gallery-with-slideshow 2025-04-20 N/A
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter.
CVE-2017-1002022 1 Surveys Project 1 Surveys 2025-04-20 N/A
Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query.
CVE-2017-1002026 1 Eventespresso 1 Event Espresso 2025-04-20 N/A
Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement.
CVE-2017-1002027 1 Rayanehdownload 1 Rk-responsive-contact-form 2025-04-20 N/A
Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rk_user_list.php.
CVE-2017-1002028 1 Angrybyte 1 Gallery-transformation 2025-04-20 N/A
Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query.
CVE-2017-11184 1 Glpi-project 1 Glpi 2025-04-20 N/A
SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter.
CVE-2017-11445 1 Intelliants 1 Subrion Cms 2025-04-20 N/A
Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $_POST array.
CVE-2017-1183 1 Ibm 1 Tivoli Monitoring 2025-04-20 N/A
IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force ID: 123494.
CVE-2017-13137 1 Formcrafts 1 Formcraft 2025-04-20 9.8 Critical
The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php.
CVE-2017-14145 1 Helpdezk 1 Helpdezk 2025-04-20 N/A
HelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\loginController.php via the admin/login/getWarningInfo/id/ PATH_INFO, related to the selectWarning function.
CVE-2017-14242 1 Dolibarr 1 Dolibarr 2025-04-20 N/A
SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter.
CVE-2017-14247 1 Eyesofnetwork 1 Eyesofnetwork 2025-04-20 N/A
SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue to CVE-2017-1000060.
CVE-2017-15578 1 Phpsugar 1 Php Melody 2025-04-20 N/A
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php.
CVE-2017-15579 1 Phpsugar 1 Php Melody 2025-04-20 N/A
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php.
CVE-2017-16896 1 Tt-rss 1 Tiny Tiny Rss 2025-04-20 N/A
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter.