Export limit exceeded: 18206 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18206 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-15993 | 1 Zomato Clone Script Project | 1 Zomato Clone Script | 2025-04-20 | N/A |
| Zomato Clone Script allows SQL Injection via the restaurant-menu.php resid parameter. | ||||
| CVE-2017-15965 | 1 Nswd | 1 Ns Download Shop | 2025-04-20 | N/A |
| The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action. | ||||
| CVE-2017-15919 | 1 Accesspressthemes | 1 Ultimate-form-builder-lite | 2025-04-20 | N/A |
| The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php. | ||||
| CVE-2017-15907 | 1 Phpcollab | 1 Phpcollab | 2025-04-20 | N/A |
| SQL injection vulnerability in phpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to newsdesk/newsdesk.php. | ||||
| CVE-2017-15880 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | N/A |
| SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group). | ||||
| CVE-2016-4905 | 1 Wp-olivecart | 2 Olivecart, Olivecartpro | 2025-04-20 | N/A |
| SQL injection vulnerability in the WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows attackers with administrator rights to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2017-13669 | 1 Nexusphp | 1 Nexusphp | 2025-04-20 | N/A |
| SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered parameter to staffbox.php. | ||||
| CVE-2016-5742 | 1 Sixapart | 2 Movable Type, Movable Type Open Source | 2025-04-20 | N/A |
| SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2015-9234 | 1 Cfpaypal | 1 Cp Contact Form With Paypal | 2025-04-20 | N/A |
| The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php. | ||||
| CVE-2015-9226 | 1 Alegrocart | 1 Alegrocart | 2025-04-20 | N/A |
| Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_admin_download.php or remote authenticated users with a valid Paypal transaction token to execute arbitrary SQL commands via the ref parameter in the (3) orderUpdate function in upload/catalog/extension/payment/paypal.php. | ||||
| CVE-2017-1347 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | N/A |
| IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126462. | ||||
| CVE-2017-12650 | 1 Loginizer | 1 Loginizer | 2025-04-20 | N/A |
| SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header. | ||||
| CVE-2017-12585 | 1 Slims | 1 Akasia | 2025-04-20 | N/A |
| SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. It can be exploited by remote authenticated librarian users. | ||||
| CVE-2017-12567 | 1 Quest | 3 K1000 As A Service, Kace Asset Management Appliance, Kace Systems Management Appliance | 2025-04-20 | N/A |
| SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through 7.2.101, and K1000 as a Service 7.0 through 7.2. | ||||
| CVE-2017-1183 | 1 Ibm | 1 Tivoli Monitoring | 2025-04-20 | N/A |
| IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force ID: 123494. | ||||
| CVE-2017-1175 | 1 Ibm | 1 Maximo Asset Management | 2025-04-20 | N/A |
| IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123297. | ||||
| CVE-2017-1174 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | N/A |
| IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123296. | ||||
| CVE-2017-11736 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | N/A |
| SQL injection vulnerability in core\admin\auto-modules\forms\process.php in BigTree 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via the tags array parameter. | ||||
| CVE-2017-11678 | 1 Hashtopus Project | 1 Hashtopus | 2025-04-20 | N/A |
| SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php. | ||||
| CVE-2017-10899 | 1 Ark-web | 1 A-reserve | 2025-04-20 | N/A |
| SQL injection vulnerability in the A-Reserve and A-Reserve for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors. | ||||