Export limit exceeded: 19780 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19780 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-3694 1 Modified 1 Ecommerce Shopsoftware 2025-04-20 N/A
Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module is not installed, allow remote attackers to execute arbitrary SQL commands via the (1) orders_status or (2) customers_status parameter to api/easybill/easybillcsv.php.
CVE-2017-17875 1 Jextn 1 Jextn Faq Pro 2025-04-20 N/A
The JEXTN FAQ Pro extension 4.0.0 for Joomla! has SQL Injection via the id parameter in a view=category action.
CVE-2017-17920 1 Rubyonrails 1 Ruby On Rails 2025-04-20 N/A
SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input
CVE-2017-1000004 1 Atutor 1 Atutor 2025-04-20 N/A
ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, Glossary, Social Group Member Search, Social Friend Search, Social Group Search, File Comment, Gradebook Test Title, User Group Membership, Inbox/Sent Items, Sent Messages, Links, Photo Album, Poll, Social Application, Social Profile, Test, Content Menu, Auto-Login, and Gradebook components resulting in information disclosure, database modification, or potential code execution.
CVE-2017-17928 1 Ordermanagementscript 1 Professional Service Script 2025-04-20 N/A
PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter.
CVE-2017-1000060 1 Eyesofnetwork 1 Eyesofnetwork 2025-04-20 9.8 Critical
EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root
CVE-2016-4893 1 Setucocms Project 1 Setucocms 2025-04-20 N/A
SQL injection vulnerability in the SetsucoCMS all versions allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-4905 1 Wp-olivecart 2 Olivecart, Olivecartpro 2025-04-20 N/A
SQL injection vulnerability in the WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows attackers with administrator rights to execute arbitrary SQL commands via unspecified vectors.
CVE-2017-15378 1 Softwarepublico 1 E-sic 2025-04-20 N/A
SQL Injection exists in the E-Sic 1.0 password reset parameter (aka the cpfcnpj parameter to the /reset URI).
CVE-2017-15539 1 Zorovavi\/blog Project 1 Zorovavi\/blog 2025-04-20 N/A
SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php.
CVE-2017-15946 1 Selfget 1 Tag Meta 2025-04-20 N/A
In the com_tag component 1.7.6 for Joomla!, a SQL injection vulnerability is located in the `tag` parameter to index.php. The request method to execute is GET.
CVE-2017-15949 1 Angry-frog 1 Xavier 2025-04-20 N/A
Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the log_id parameter to admin/editgroup.php.
CVE-2017-15958 1 Domainzaar 1 D-park Pro 2025-04-20 N/A
D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the username to admin/loginform.php.
CVE-2017-15967 1 Mailing-manager 1 Mailing List Manager Pro 2025-04-20 N/A
Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template.
CVE-2017-15968 1 Contractorscripts 1 Mybuildersite 2025-04-20 N/A
MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.php subcategory parameter.
CVE-2017-15969 1 Pilotgroup 1 Allsharevideo 2025-04-20 N/A
PG All Share Video 1.0 allows SQL Injection via the PATH_INFO to search/tag, friends/index, users/profile, or video_catalog/category.
CVE-2017-15970 1 Phpcityportal 1 Phpcityportal 2025-04-20 N/A
PHP CityPortal 2.0 allows SQL Injection via the nid parameter to index.php in a page=news action, or the cat parameter.
CVE-2017-15972 1 Softdatepro 1 Dating Software 2025-04-20 N/A
SoftDatepro Dating Social Network 1.3 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15971.
CVE-2017-15974 1 Datacomponents 1 Tpanel 2025-04-20 N/A
tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php.
CVE-2017-15975 1 Vastal 1 Dating Zone 2025-04-20 N/A
Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461.