Search Results (19783 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-15974 1 Datacomponents 1 Tpanel 2025-04-20 N/A
tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php.
CVE-2016-4337 1 Ktools 1 Photostore 2025-04-20 N/A
SQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore before 4.7.5 allows remote attackers to execute arbitrary SQL commands via the email parameter in a recover_login action.
CVE-2015-7569 1 Yeager 1 Yeager Cms 2025-04-20 N/A
SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter.
CVE-2017-15880 1 Eyesofnetwork 1 Eyesofnetwork 2025-04-20 N/A
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group).
CVE-2017-15977 1 Protectedlinks 1 Expiring Download Links 2025-04-20 N/A
Protected Links - Expiring Download Links 1.0 allows SQL Injection via the username parameter.
CVE-2015-7564 1 Teampass 1 Teampass 2025-04-20 N/A
Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php.
CVE-2017-15978 1 Arox 1 School Erp Php Script 2025-04-20 N/A
AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter.
CVE-2017-15979 1 Odallated 1 Shareet 2025-04-20 N/A
Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via the photo parameter.
CVE-2017-12364 1 Cisco 1 Prime Service Catalog 2025-04-20 N/A
A SQL Injection vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthorized Structured Query Language (SQL) queries. The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An attacker could exploit this vulnerability by sending a crafted SQL statement to an affected system. Successful exploitation could allow the attacker to read entries in some database tables. Cisco Bug IDs: CSCvg30333.
CVE-2016-8930 1 Ibm 1 Kenexa Lms 2025-04-20 N/A
IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2017-17111 1 Scubez 1 Posty Readymade Classifieds 2025-04-20 N/A
Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request.
CVE-2016-9019 1 Exponentcms 1 Exponent Cms 2025-04-20 N/A
SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter.
CVE-2016-9020 1 Exponentcms 1 Exponent Cms 2025-04-20 N/A
SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.
CVE-2017-17605 1 Consumer Complaints Clone Script Project 1 Consumer Complaints Clone Script 2025-04-20 N/A
Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter.
CVE-2017-17609 1 Chartered Accountant Booking Script Project 1 Chartered Accountant Booking Script 2025-04-20 N/A
Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter.
CVE-2017-17612 1 Hot Scripts Clone Project 1 Hot Scripts Clone 2025-04-20 N/A
Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter.
CVE-2017-17623 1 Opensource Classified Ads Script Project 1 Opensource Classified Ads Script 2025-04-20 N/A
Opensource Classified Ads Script 3.2 has SQL Injection via the advance_result.php keyword parameter.
CVE-2017-17624 1 Php Multivendor Ecommerce Project 1 Php Multivendor Ecommerce 2025-04-20 N/A
PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1 parameter.
CVE-2017-17625 1 On Demand Marketplace Script Project 1 On Demand Marketplace Script 2025-04-20 9.8 Critical
Professional Service Script 1.0 has SQL Injection via the service-list city parameter.
CVE-2017-17626 1 Readymade Php Classified Script Project 1 Readymade Php Classified Script 2025-04-20 N/A
Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter.