Total
18975 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-17605 | 1 Consumer Complaints Clone Script Project | 1 Consumer Complaints Clone Script | 2025-04-20 | N/A |
| Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter. | ||||
| CVE-2017-17604 | 1 Entrepreneur Bus Booking Script Project | 1 Entrepreneur Bus Booking Script | 2025-04-20 | N/A |
| Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the booker_details.php sourcebus parameter. | ||||
| CVE-2017-17603 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2025-04-20 | N/A |
| Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter. | ||||
| CVE-2017-17602 | 1 Advance B2b Script Project | 1 Advance B2b Script | 2025-04-20 | N/A |
| Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter. | ||||
| CVE-2017-17600 | 1 Basic B2b Script Project | 1 Basic B2b Script | 2025-04-20 | N/A |
| Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter. | ||||
| CVE-2015-4073 | 1 Helpdesk Pro Project | 1 Helpdesk Pro | 2025-04-20 | N/A |
| Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter. | ||||
| CVE-2015-7568 | 1 Yeager | 1 Yeager Cms | 2025-04-20 | N/A |
| SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter. | ||||
| CVE-2015-8974 | 1 Mybb | 2 Merge System, Mybb | 2025-04-20 | N/A |
| SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2017-7236 | 1 Netapp | 1 Oncommand Unified Manager Core Package | 2025-04-20 | N/A |
| SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2017-16561 | 1 Ingenious School Management System Project | 1 Ingenious School Management System | 2025-04-20 | N/A |
| /view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the 'friend_index' parameter of a GET request. | ||||
| CVE-2016-6233 | 2 Fedoraproject, Zend | 2 Fedora, Zend Framework | 2025-04-20 | N/A |
| The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression. | ||||
| CVE-2017-17594 | 1 Domainsale Php Script Project | 1 Domainsale Php Script | 2025-04-20 | N/A |
| DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter. | ||||
| CVE-2016-4337 | 1 Ktools | 1 Photostore | 2025-04-20 | N/A |
| SQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore before 4.7.5 allows remote attackers to execute arbitrary SQL commands via the email parameter in a recover_login action. | ||||
| CVE-2017-17592 | 1 Website Auction Marketplace Project | 1 Website Auction Marketplace | 2025-04-20 | N/A |
| Website Auction Marketplace 2.0.5 has SQL Injection via the search.php cat_id parameter. | ||||
| CVE-2017-15983 | 1 Geniusocean | 1 Mymagazine Magazine \& Blog Cms | 2025-04-20 | N/A |
| MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. | ||||
| CVE-2016-7789 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | N/A |
| SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the apikey parameter. | ||||
| CVE-2017-17591 | 1 Realestate Crowdfunding Script Project | 1 Realestate Crowdfunding Script | 2025-04-20 | N/A |
| Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter. | ||||
| CVE-2017-1000004 | 1 Atutor | 1 Atutor | 2025-04-20 | N/A |
| ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, Glossary, Social Group Member Search, Social Friend Search, Social Group Search, File Comment, Gradebook Test Title, User Group Membership, Inbox/Sent Items, Sent Messages, Links, Photo Album, Poll, Social Application, Social Profile, Test, Content Menu, Auto-Login, and Gradebook components resulting in information disclosure, database modification, or potential code execution. | ||||
| CVE-2017-17588 | 1 Imdb Clone Project | 1 Imdb Clone | 2025-04-20 | 9.8 Critical |
| FS IMDB Clone 1.0 has SQL Injection via the movie.php f parameter, tvshow.php s parameter, or show_misc_video.php id parameter. | ||||
| CVE-2017-12710 | 1 Advantech | 1 Webaccess | 2025-04-20 | N/A |
| A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information. | ||||