Export limit exceeded: 364840 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 19781 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19781 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-4905 1 Wp-olivecart 2 Olivecart, Olivecartpro 2025-04-20 N/A
SQL injection vulnerability in the WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows attackers with administrator rights to execute arbitrary SQL commands via unspecified vectors.
CVE-2017-6095 1 Mail-masta Project 1 Mail-masta 2025-04-20 N/A
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php (Unauthenticated) with the GET Parameter: list_id.
CVE-2017-6097 1 Mail-masta Project 1 Mail-masta 2025-04-20 N/A
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign/count_of_send.php (Requires authentication to Wordpress admin) with the POST Parameter: camp_id.
CVE-2017-6098 1 Mail-masta Project 1 Mail-masta 2025-04-20 N/A
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign_save.php (Requires authentication to Wordpress admin) with the POST Parameter: list_id.
CVE-2017-9436 1 Teampass 1 Teampass 2025-04-20 N/A
TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php.
CVE-2017-7290 1 Xoops 1 Xoops 2025-04-20 N/A
SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An example attack uses "into outfile" to create a backdoor program.
CVE-2017-7952 1 Infor 1 Enterprise Asset Management 2025-04-20 N/A
INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter.
CVE-2017-7973 1 Schneider-electric 1 U.motion Builder 2025-04-20 N/A
A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database.
CVE-2017-8002 1 Emc 1 Data Protection Advisor 2025-04-20 N/A
EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker may potentially exploit these vulnerabilities to gain information about the application by causing execution of arbitrary SQL commands.
CVE-2017-8015 1 Emc 1 Appsync 2025-04-20 N/A
EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system.
CVE-2017-15880 1 Eyesofnetwork 1 Eyesofnetwork 2025-04-20 N/A
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group).
CVE-2017-15972 1 Softdatepro 1 Dating Software 2025-04-20 N/A
SoftDatepro Dating Social Network 1.3 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15971.
CVE-2017-15974 1 Datacomponents 1 Tpanel 2025-04-20 N/A
tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php.
CVE-2017-15975 1 Vastal 1 Dating Zone 2025-04-20 N/A
Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461.
CVE-2017-15976 1 Zeescripts 1 Zeebuddy 2025-04-20 N/A
ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid parameter, a different vulnerability than CVE-2008-3604.
CVE-2017-15977 1 Protectedlinks 1 Expiring Download Links 2025-04-20 N/A
Protected Links - Expiring Download Links 1.0 allows SQL Injection via the username parameter.
CVE-2017-15978 1 Arox 1 School Erp Php Script 2025-04-20 N/A
AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter.
CVE-2017-15979 1 Odallated 1 Shareet 2025-04-20 N/A
Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via the photo parameter.
CVE-2017-15982 1 Geniusocean 1 News 2025-04-20 9.8 Critical
Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
CVE-2017-15989 1 Online Exam Test Application Project 1 Online Exam Test Application 2025-04-20 N/A
Online Exam Test Application allows SQL Injection via the resources.php sort parameter in a category action.