Total
18977 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-11494 | 1 Sol-connect | 2 Sol.connect Iset-mpp Meter, Sol.connect Iset-mpp Meter Firmware | 2025-04-20 | N/A |
| SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a login action. | ||||
| CVE-2017-11508 | 1 Tenable | 1 Securitycenter | 2025-04-20 | N/A |
| SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a diagnostic scan within SecurityCenter. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access. | ||||
| CVE-2017-17103 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | N/A |
| Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via $_POST[name] or $_POST[email]. This vulnerability can lead to escalation from normal user privileges to administrator privileges. | ||||
| CVE-2017-17110 | 1 Techno - Portfolio Management Panel Project | 1 Techno - Portfolio Management Panel | 2025-04-20 | N/A |
| Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request. | ||||
| CVE-2017-15539 | 1 Zorovavi\/blog Project | 1 Zorovavi\/blog | 2025-04-20 | N/A |
| SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php. | ||||
| CVE-2017-15579 | 1 Phpsugar | 1 Php Melody | 2025-04-20 | N/A |
| In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php. | ||||
| CVE-2017-15880 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | N/A |
| SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group). | ||||
| CVE-2017-15933 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | N/A |
| SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php. | ||||
| CVE-2017-15959 | 1 Adultscriptpro | 1 Adultscriptpro | 2025-04-20 | N/A |
| Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576. | ||||
| CVE-2017-15960 | 1 Yourarticlesdirectory | 1 Article Directory Script | 2025-04-20 | N/A |
| Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php. | ||||
| CVE-2017-15967 | 1 Mailing-manager | 1 Mailing List Manager Pro | 2025-04-20 | N/A |
| Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template. | ||||
| CVE-2017-15972 | 1 Softdatepro | 1 Dating Software | 2025-04-20 | N/A |
| SoftDatepro Dating Social Network 1.3 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15971. | ||||
| CVE-2017-15974 | 1 Datacomponents | 1 Tpanel | 2025-04-20 | N/A |
| tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php. | ||||
| CVE-2017-15975 | 1 Vastal | 1 Dating Zone | 2025-04-20 | N/A |
| Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461. | ||||
| CVE-2017-15982 | 1 Geniusocean | 1 News | 2025-04-20 | 9.8 Critical |
| Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. | ||||
| CVE-2017-15983 | 1 Geniusocean | 1 Mymagazine Magazine \& Blog Cms | 2025-04-20 | N/A |
| MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. | ||||
| CVE-2017-15984 | 1 Bekirk | 1 Creative Management System Lite | 2025-04-20 | N/A |
| Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php. | ||||
| CVE-2017-15985 | 1 Readymadeb2bscript | 1 Basic B2b Script | 2025-04-20 | N/A |
| Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter. | ||||
| CVE-2017-15993 | 1 Zomato Clone Script Project | 1 Zomato Clone Script | 2025-04-20 | N/A |
| Zomato Clone Script allows SQL Injection via the restaurant-menu.php resid parameter. | ||||
| CVE-2017-12364 | 1 Cisco | 1 Prime Service Catalog | 2025-04-20 | N/A |
| A SQL Injection vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthorized Structured Query Language (SQL) queries. The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An attacker could exploit this vulnerability by sending a crafted SQL statement to an affected system. Successful exploitation could allow the attacker to read entries in some database tables. Cisco Bug IDs: CSCvg30333. | ||||