Search Results (19647 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-17695 1 Techno - Portfolio Management Panel Project 1 Techno - Portfolio Management Panel 2025-04-20 N/A
Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter.
CVE-2017-6550 1 Kinsey 1 Infor-lawson 2025-04-20 N/A
Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute arbitrary SQL commands via the (1) TABLE parameter to esbus/servlet/GetSQLData or (2) QUERY parameter to KK_LS9ReportingPortal/GetData.
CVE-2017-17578 1 Crowdfunding Script Project 1 Crowdfunding Script 2025-04-20 9.8 Critical
FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter.
CVE-2017-6668 1 Cisco 1 Unified Communications Domain Manager 2025-04-20 N/A
Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc52784 CSCvc97648. Known Affected Releases: 8.1(7)ER1.
CVE-2017-9834 1 Calendarscripts 1 Watupro 2025-04-20 N/A
SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the watupro_questions parameter in a watupro_submit action to wp-admin/admin-ajax.php.
CVE-2017-17580 1 Linkedin Clone Project 1 Linkedin Clone 2025-04-20 9.8 Critical
FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter.
CVE-2017-17640 1 Advanced World Database Project 1 Advanced World Database 2025-04-20 N/A
Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter.
CVE-2017-1002012 1 Anblik 1 Image-gallery-with-slideshow 2025-04-20 N/A
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, In image-gallery-with-slideshow/admin_setting.php the following snippet of code does not sanitize input via the gid variable before passing it into an SQL statement.
CVE-2017-2120 1 Wbce 1 Wbce Cms 2025-04-20 N/A
SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.
CVE-2017-17596 1 Entrepreneur Job Portal Script Project 1 Entrepreneur Job Portal Script 2025-04-20 N/A
Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter.
CVE-2017-17635 1 Mlm Forex Market Plan Script Project 1 Mlm Forex Market Plan Script 2025-04-20 N/A
MLM Forex Market Plan Script 2.0.4 has SQL Injection via the news_detail.php newid parameter or the event_detail.php eventid parameter.
CVE-2017-17602 1 Advance B2b Script Project 1 Advance B2b Script 2025-04-20 N/A
Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter.
CVE-2017-17631 1 Multireligion Responsive Matrimonial Project 1 Multireligion Responsive Matrimonial 2025-04-20 N/A
Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the success-story.php succid parameter.
CVE-2017-9246 1 Newrelic 1 .net Agent 2025-04-20 N/A
New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLAN_ALL ON protection mechanism.
CVE-2017-17604 1 Entrepreneur Bus Booking Script Project 1 Entrepreneur Bus Booking Script 2025-04-20 N/A
Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the booker_details.php sourcebus parameter.
CVE-2017-17606 1 Co-work Space Search Script Project 1 Co-work Space Search Script 2025-04-20 N/A
Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17612 1 Hot Scripts Clone Project 1 Hot Scripts Clone 2025-04-20 N/A
Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter.
CVE-2017-16851 1 Zohocorp 1 Manageengine Applications Manager 2025-04-20 N/A
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter.
CVE-2017-16849 1 Zohocorp 1 Manageengine Applications Manager 2025-04-20 N/A
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter.
CVE-2017-16847 1 Zohocorp 1 Manageengine Applications Manager 2025-04-20 N/A
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action.