Search Results (19783 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-10379 1 Virtuemart 1 Virtuemart 2025-04-20 N/A
The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL injection by remote authenticated administrators via the virtuemart_paymentmethod_id or virtuemart_shipmentmethod_id parameter to administrator/index.php.
CVE-2017-15880 1 Eyesofnetwork 1 Eyesofnetwork 2025-04-20 N/A
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group).
CVE-2017-2195 1 Multi Feed Reader Project 1 Multi Feed Reader 2025-04-20 N/A
SQL injection vulnerability in the Multi Feed Reader prior to version 2.2.4 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-7788 1 Exponentcms 1 Exponent Cms 2025-04-20 N/A
SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2017-8198 1 Huawei 1 Fusionsphere 2025-04-20 N/A
FusionSphere V100R006C00SPC102(NFV) has an SQL injection vulnerability. An authenticated, remote attacker could craft interface messages carrying malicious SQL statements and send them to a target device. Successful exploit could allow the attacker to launch an SQL injection attack and execute SQL commands.
CVE-2016-7789 1 Exponentcms 1 Exponent Cms 2025-04-20 N/A
SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the apikey parameter.
CVE-2016-1914 1 Blackberry 1 Blackberry Enterprise Service 2025-04-20 N/A
Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to execute arbitrary SQL commands via the imageName parameter to (1) mydevice/client/image, (2) admin/client/image, (3) myapps/client/image, (4) ssam/client/image, or (5) all/client/image.
CVE-2017-17599 1 Advance Online Learning Management Script Project 1 Advance Online Learning Management Script 2025-04-20 N/A
Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter.
CVE-2017-17605 1 Consumer Complaints Clone Script Project 1 Consumer Complaints Clone Script 2025-04-20 N/A
Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter.
CVE-2017-17872 1 Jextn 1 Jextn Video Gallery 2025-04-20 N/A
The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection via the id parameter in a view=category action.
CVE-2017-17609 1 Chartered Accountant Booking Script Project 1 Chartered Accountant Booking Script 2025-04-20 N/A
Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter.
CVE-2017-17103 1 Fiyo 1 Fiyo Cms 2025-04-20 N/A
Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via $_POST[name] or $_POST[email]. This vulnerability can lead to escalation from normal user privileges to administrator privileges.
CVE-2017-2120 1 Wbce 1 Wbce Cms 2025-04-20 N/A
SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.
CVE-2017-17612 1 Hot Scripts Clone Project 1 Hot Scripts Clone 2025-04-20 N/A
Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter.
CVE-2017-14600 1 Pragyan Cms Project 1 Pragyan Cms 2025-04-20 N/A
Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure.
CVE-2017-14601 1 Pragyan Cms Project 1 Pragyan Cms 2025-04-20 N/A
Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure.
CVE-2016-7400 1 Exponentcms 1 Exponent Cms 2025-04-20 N/A
Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id parameter in a showComments expComment controller action.
CVE-2016-10378 1 E107 1 E107 2025-04-20 N/A
e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function.
CVE-2016-2034 1 Arubanetworks 1 Clearpass 2025-04-20 N/A
SQL injection vulnerability in ClearPass Policy Manager 6.5.x through 6.5.6 and 6.6.0.
CVE-2016-4468 2 Cloudfoundry, Pivotal Software 5 Cloud Foundry Uaa Bosh, Cloud Foundry, Cloud Foundry Elastic Runtime and 2 more 2025-04-20 N/A
SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.