Search Results (19648 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-15964 1 Nicephpscripts 1 Job Board Script 2025-04-20 N/A
Job Board Script Software allows SQL Injection via the PATH_INFO to a /job-details URI.
CVE-2017-15960 1 Yourarticlesdirectory 1 Article Directory Script 2025-04-20 N/A
Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php.
CVE-2017-15988 1 Nicephpscripts 1 Nice Php Faq Script 2025-04-20 N/A
Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme parameter, a different vulnerability than CVE-2008-6525.
CVE-2017-6570 1 Mail-masta Project 1 Mail-masta 2025-04-20 N/A
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign-list.php with the GET Parameter: id.
CVE-2017-14145 1 Helpdezk 1 Helpdezk 2025-04-20 N/A
HelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\loginController.php via the admin/login/getWarningInfo/id/ PATH_INFO, related to the selectWarning function.
CVE-2017-17626 1 Readymade Php Classified Script Project 1 Readymade Php Classified Script 2025-04-20 N/A
Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter.
CVE-2015-9098 1 Red-gate 1 Sql Monitor 2025-04-20 9.8 Critical
In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monitor is connecting to these machines using an account with SQL admin privileges, then code execution on the operating system can result in full system compromise (if Microsoft SQL Server is running with local administrator privileges).
CVE-2017-15993 1 Zomato Clone Script Project 1 Zomato Clone Script 2025-04-20 N/A
Zomato Clone Script allows SQL Injection via the restaurant-menu.php resid parameter.
CVE-2015-7346 1 Zcms Project 1 Zcms 2025-04-20 N/A
SQL injection vulnerability in ZCMS 1.1.
CVE-2017-15933 1 Eyesofnetwork 1 Eyesofnetwork 2025-04-20 N/A
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php.
CVE-2015-2147 1 Phpbugtracker Project 1 Phpbugtracker 2025-04-20 N/A
Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters.
CVE-2015-3616 1 Fortinet 7 Fortimanager 2000e, Fortimanager 200d, Fortimanager 3000f and 4 more 2025-04-20 N/A
SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters.
CVE-2015-3934 1 Fiyo 1 Fiyo Cms 2025-04-20 N/A
Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/app_article/controller/rating.php or (2) user parameter to user/login.
CVE-2015-7569 1 Yeager 1 Yeager Cms 2025-04-20 N/A
SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter.
CVE-2017-7681 1 Apache 1 Openmeetings 2025-04-20 N/A
Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end.
CVE-2012-4570 1 Letodms Project 1 Letodms 2025-04-20 N/A
SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in LetoDMS (formerly MyDMS) before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2017-17612 1 Hot Scripts Clone Project 1 Hot Scripts Clone 2025-04-20 N/A
Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter.
CVE-2017-2120 1 Wbce 1 Wbce Cms 2025-04-20 N/A
SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.
CVE-2017-5609 1 S9y 1 Serendipity 2025-04-20 N/A
SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter.
CVE-2017-5575 1 Metalgenix 1 Genixcms 2025-04-20 N/A
SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the modules parameter.