Search Results (19646 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-11582 1 Finecms 1 Finecms 2025-04-20 N/A
dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an action=related or action=tags request to libraries/Template.php.
CVE-2017-17595 1 Beauty Parlour Booking Script Project 1 Beauty Parlour Booking Script 2025-04-20 N/A
Beauty Parlour Booking Script 1.0 has SQL Injection via the /list gender or city parameter.
CVE-2017-17638 1 Groupon Clone Script Project 1 Groupon Clone Script 2025-04-20 N/A
Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php state_id parameter.
CVE-2017-17618 1 Kickstarter Clone Script Project 1 Kickstarter Clone Script 2025-04-20 N/A
Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter.
CVE-2017-17613 1 Freelance Website Script Project 1 Freelance Website Script 2025-04-20 N/A
Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php pr_id parameter or the searchbycat_list.php catid parameter.
CVE-2017-17592 1 Website Auction Marketplace Project 1 Website Auction Marketplace 2025-04-20 N/A
Website Auction Marketplace 2.0.5 has SQL Injection via the search.php cat_id parameter.
CVE-2017-11475 1 Glpi-project 1 Glpi 2025-04-20 N/A
GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php.
CVE-2017-1002027 1 Rayanehdownload 1 Rk-responsive-contact-form 2025-04-20 N/A
Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rk_user_list.php.
CVE-2017-1002010 1 Ontraport 1 Membership Simplified 2025-04-20 N/A
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete_media function.
CVE-2017-1002005 1 Dtracker Project 1 Dtracker 2025-04-20 N/A
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query.
CVE-2017-1002004 1 Dtracker Project 1 Dtracker 2025-04-20 N/A
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query.
CVE-2017-12679 1 Nexusphp 1 Nexusphp 2025-04-20 N/A
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php.
CVE-2017-1000004 1 Atutor 1 Atutor 2025-04-20 N/A
ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, Glossary, Social Group Member Search, Social Friend Search, Social Group Search, File Comment, Gradebook Test Title, User Group Membership, Inbox/Sent Items, Sent Messages, Links, Photo Album, Poll, Social Application, Social Profile, Test, Content Menu, Auto-Login, and Gradebook components resulting in information disclosure, database modification, or potential code execution.
CVE-2017-14125 1 Wpdevart 1 Responsive Image Gallery Gallery Album 2025-04-20 N/A
SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php.
CVE-2016-9019 1 Exponentcms 1 Exponent Cms 2025-04-20 N/A
SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter.
CVE-2016-9020 1 Exponentcms 1 Exponent Cms 2025-04-20 N/A
SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.
CVE-2016-9994 1 Ibm 1 Kenexa Lcms Premier 2025-04-20 N/A
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1976805.
CVE-2016-9087 1 Exponentcms 1 Exponent Cms 2025-04-20 N/A
SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter.
CVE-2017-14600 1 Pragyan Cms Project 1 Pragyan Cms 2025-04-20 N/A
Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure.
CVE-2017-5345 1 Metalgenix 1 Genixcms 2025-04-20 N/A
SQL injection vulnerability in inc/lib/Control/Ajax/tags-ajax.control.php in GeniXCMS 0.0.8 allows remote authenticated editors to execute arbitrary SQL commands via the term parameter to the default URI.