Export limit exceeded: 19783 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19783 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-4974 | 2 Cloudfoundry, Pivotal Software | 3 Cf-release, Cloud Foundry Uaa Bosh, Cloud Foundry Uaa | 2025-04-20 | 6.5 Medium |
| An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v258; UAA release 2.x versions prior to v2.7.4.15, 3.6.x versions prior to v3.6.9, 3.9.x versions prior to v3.9.11, and other versions prior to v3.16.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.13, 24.x versions prior to v24.8, and other versions prior to v30.1. An authorized user can use a blind SQL injection attack to query the contents of the UAA database, aka "Blind SQL Injection with privileged UAA endpoints." | ||||
| CVE-2017-15992 | 1 Website Broker Script Project | 1 Website Broker Script | 2025-04-20 | N/A |
| Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php. | ||||
| CVE-2017-15989 | 1 Online Exam Test Application Project | 1 Online Exam Test Application | 2025-04-20 | N/A |
| Online Exam Test Application allows SQL Injection via the resources.php sort parameter in a category action. | ||||
| CVE-2017-15982 | 1 Geniusocean | 1 News | 2025-04-20 | 9.8 Critical |
| Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. | ||||
| CVE-2017-15979 | 1 Odallated | 1 Shareet | 2025-04-20 | N/A |
| Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via the photo parameter. | ||||
| CVE-2017-15978 | 1 Arox | 1 School Erp Php Script | 2025-04-20 | N/A |
| AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter. | ||||
| CVE-2017-5569 | 1 Eclinicalworks | 1 Patient Portal | 2025-04-20 | N/A |
| An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP POST request, and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile(). | ||||
| CVE-2017-5598 | 1 Eclinicalworks | 1 Patient Portal | 2025-04-20 | N/A |
| An issue was discovered in eClinicalWorks healow@work 8.0 build 8. This is a blind SQL injection within the EmployeePortalServlet, which can be exploited by un-authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects the EmployeePortalServlet page and the following parameter: employer. | ||||
| CVE-2017-15907 | 1 Phpcollab | 1 Phpcollab | 2025-04-20 | N/A |
| SQL injection vulnerability in phpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to newsdesk/newsdesk.php. | ||||
| CVE-2017-6088 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | N/A |
| Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter to module/monitoring_ged/ged_functions.php or the (5) type parameter to monitoring_ged/ajax.php. | ||||
| CVE-2017-6096 | 1 Mail-masta Project | 1 Mail-masta | 2025-04-20 | N/A |
| A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to Wordpress admin) with the GET Parameter: filter_list. | ||||
| CVE-2017-7581 | 1 News System Project | 1 News System | 2025-04-20 | N/A |
| SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed. | ||||
| CVE-2017-15880 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | N/A |
| SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group). | ||||
| CVE-2017-5347 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | N/A |
| SQL injection vulnerability in inc/mod/newsletter/options.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the recipient parameter to gxadmin/index.php. | ||||
| CVE-2017-9463 | 1 Piwigo | 1 Piwigo | 2025-04-20 | N/A |
| The application Piwigo is affected by a SQL injection vulnerability in version 2.9.0 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The user_list_backend.php component is affected: values of the iDisplayStart & iDisplayLength parameters are not sanitized; these are used to construct a SQL query and retrieve a list of registered users into the application. | ||||
| CVE-2017-9429 | 1 Event List Project | 1 Event List | 2025-04-20 | N/A |
| SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the id parameter to wp-admin/admin.php. | ||||
| CVE-2017-9418 | 1 Goldplugins | 1 Testimonials Plugin Easy Testimonials | 2025-04-20 | N/A |
| SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php. | ||||
| CVE-2016-6233 | 2 Fedoraproject, Zend | 2 Fedora, Zend Framework | 2025-04-20 | N/A |
| The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression. | ||||
| CVE-2017-1002012 | 1 Anblik | 1 Image-gallery-with-slideshow | 2025-04-20 | N/A |
| Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, In image-gallery-with-slideshow/admin_setting.php the following snippet of code does not sanitize input via the gid variable before passing it into an SQL statement. | ||||
| CVE-2015-5052 | 1 Sefrengo | 1 Sefrengo | 2025-04-20 | N/A |
| SQL injection vulnerability in Sefrengo before 1.6.5 beta2. | ||||