Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364869 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 19783 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19783 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-17627 | 1 Readymade Video Sharing Script Project | 1 Readymade Video Sharing Script | 2025-04-20 | N/A |
| Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter. | ||||
| CVE-2017-17632 | 1 Responsive Events And Movie Ticket Booking Script Project | 1 Responsive Events And Movie Ticket Booking Script | 2025-04-20 | N/A |
| Responsive Events And Movie Ticket Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter. | ||||
| CVE-2017-17635 | 1 Mlm Forex Market Plan Script Project | 1 Mlm Forex Market Plan Script | 2025-04-20 | N/A |
| MLM Forex Market Plan Script 2.0.4 has SQL Injection via the news_detail.php newid parameter or the event_detail.php eventid parameter. | ||||
| CVE-2017-17643 | 1 Lynda Clone Project | 1 Lynda Clone | 2025-04-20 | 9.8 Critical |
| FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tutorial/. | ||||
| CVE-2017-2641 | 1 Moodle | 1 Moodle | 2025-04-20 | N/A |
| In Moodle 2.x and 3.x, SQL injection can occur via user preferences. | ||||
| CVE-2017-1000120 | 1 Frappe | 1 Frappe | 2025-04-20 | N/A |
| [ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter. | ||||
| CVE-2017-1000129 | 1 S9y | 1 Serendipity | 2025-04-20 | N/A |
| Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure | ||||
| CVE-2017-1002005 | 1 Dtracker Project | 1 Dtracker | 2025-04-20 | N/A |
| Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query. | ||||
| CVE-2017-1002013 | 1 Anblik | 1 Image-gallery-with-slideshow | 2025-04-20 | N/A |
| Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php. | ||||
| CVE-2017-1002015 | 1 Anblik | 1 Image-gallery-with-slideshow | 2025-04-20 | N/A |
| Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter. | ||||
| CVE-2017-7878 | 1 Flatcore | 1 Flatcore-cms | 2025-04-20 | N/A |
| SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database. | ||||
| CVE-2017-7879 | 1 Flatcore | 1 Flatcore-cms | 2025-04-20 | N/A |
| SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database. | ||||
| CVE-2017-1002021 | 1 Surveys Project | 1 Surveys | 2025-04-20 | N/A |
| Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query. | ||||
| CVE-2016-9402 | 1 Mybb | 2 Merge System, Mybb | 2025-04-20 | N/A |
| SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2017-0304 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2025-04-20 | N/A |
| A SQL injection vulnerability exists in the BIG-IP AFM management UI on versions 12.0.0, 12.1.0, 12.1.1, 12.1.2 and 13.0.0 that may allow a copy of the firewall rules to be tampered with and impact the Configuration Utility until there is a resync of the rules. Traffic processing and the live firewall rules in use are not affected. | ||||
| CVE-2017-1000031 | 1 Cacti | 1 Cacti | 2025-04-20 | N/A |
| SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters. | ||||
| CVE-2017-1000067 | 1 Modx | 1 Revolution | 2025-04-20 | N/A |
| MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges. | ||||
| CVE-2017-11583 | 1 Finecms | 1 Finecms | 2025-04-20 | N/A |
| dayrui FineCms 5.0.9 has SQL Injection via the catid parameter in an action=related request to libraries/Template.php. | ||||
| CVE-2017-11631 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | N/A |
| dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL injection via the id parameter. | ||||
| CVE-2017-11678 | 1 Hashtopus Project | 1 Hashtopus | 2025-04-20 | N/A |
| SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php. | ||||