Export limit exceeded: 19781 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19781 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-10899 1 Ark-web 1 A-reserve 2025-04-20 N/A
SQL injection vulnerability in the A-Reserve and A-Reserve for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors.
CVE-2017-11582 1 Finecms 1 Finecms 2025-04-20 N/A
dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an action=related or action=tags request to libraries/Template.php.
CVE-2017-12199 1 Etoilewebdesign 1 Ultimate Product Catalog 2025-04-20 N/A
The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogue_update_order list-item, video_update_order video-item, image_update_order list-item, tag_group_update_order list_item, category_products_update_order category-product-item, custom_fields_update_order field-item, categories_update_order category-item, subcategories_update_order subcategory-item, and tags_update_order tag-list-item.
CVE-2017-9246 1 Newrelic 1 .net Agent 2025-04-20 N/A
New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLAN_ALL ON protection mechanism.
CVE-2017-12650 1 Loginizer 1 Loginizer 2025-04-20 N/A
SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header.
CVE-2017-12679 1 Nexusphp 1 Nexusphp 2025-04-20 N/A
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php.
CVE-2017-9463 1 Piwigo 1 Piwigo 2025-04-20 N/A
The application Piwigo is affected by a SQL injection vulnerability in version 2.9.0 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The user_list_backend.php component is affected: values of the iDisplayStart & iDisplayLength parameters are not sanitized; these are used to construct a SQL query and retrieve a list of registered users into the application.
CVE-2017-1347 1 Ibm 1 Sterling B2b Integrator 2025-04-20 N/A
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126462.
CVE-2017-14125 1 Wpdevart 1 Responsive Image Gallery Gallery Album 2025-04-20 N/A
SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php.
CVE-2017-14507 1 Shindiristudio 1 Content Timeline 2025-04-20 N/A
Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) timeline parameter in content_timeline_class.php; or the id parameter to (2) pages/content_timeline_edit.php or (3) pages/content_timeline_index.php.
CVE-2017-14508 1 Sugarcrm 1 Sugarcrm 2025-04-20 N/A
An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). Several areas have been identified in the Documents and Emails module that could allow an authenticated user to perform SQL injection, as demonstrated by a backslash character at the end of a bean_id to modules/Emails/DetailView.php. An attacker could exploit these vulnerabilities by sending a crafted SQL request to the affected areas. An exploit could allow the attacker to modify the SQL database. Proper SQL escaping has been added to prevent such exploits.
CVE-2017-14703 1 Cashbackcomparisonscript 1 Cash Back Comparison 2025-04-20 N/A
SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to search/.
CVE-2017-5517 1 Metalgenix 1 Genixcms 2025-04-20 N/A
SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter.
CVE-2017-14723 1 Wordpress 1 Wordpress 2025-04-20 N/A
Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.
CVE-2015-6028 1 Castlerock 1 Snmpc 2025-04-20 8.8 High
Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter.
CVE-2017-14845 1 Dasinfomedia 1 Wpchurch Church Management System 2025-04-20 N/A
Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter.
CVE-2017-14846 1 Dasinfomedia 1 Hospital Management System 2025-04-20 N/A
Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter.
CVE-2017-14847 1 Dasinfomedia 1 Wpams Apartment Management System 2025-04-20 N/A
Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter.
CVE-2017-14848 1 Dasinfomedia 1 Wphrm Human Resource Management System 2025-04-20 8.8 High
WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter.
CVE-2015-7568 1 Yeager 1 Yeager Cms 2025-04-20 N/A
SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter.