Search Results (19646 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-1002028 1 Angrybyte 1 Gallery-transformation 2025-04-20 N/A
Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query.
CVE-2017-1002022 1 Surveys Project 1 Surveys 2025-04-20 N/A
Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query.
CVE-2017-1002020 1 Surveys Project 1 Surveys 2025-04-20 N/A
Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query.
CVE-2017-1002019 1 Eventr Project 1 Eventr 2025-04-20 N/A
Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this allows for blind SQL injection via the event parameter.
CVE-2017-1002018 1 Eventr Project 1 Eventr 2025-04-20 N/A
Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this allows for blind SQL injection via the event parameter.
CVE-2017-1002015 1 Anblik 1 Image-gallery-with-slideshow 2025-04-20 N/A
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter.
CVE-2017-1002009 1 Ontraport 1 Membership Simplified 2025-04-20 N/A
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function.
CVE-2015-8974 1 Mybb 2 Merge System, Mybb 2025-04-20 N/A
SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-8341 1 Ecava 1 Integraxor 2025-04-20 N/A
An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host's database could be subject to read, write, and delete commands.
CVE-2016-9994 1 Ibm 1 Kenexa Lcms Premier 2025-04-20 N/A
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1976805.
CVE-2015-7564 1 Teampass 1 Teampass 2025-04-20 N/A
Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php.
CVE-2017-17574 1 Care Clone Project 1 Care Clone 2025-04-20 9.8 Critical
FS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or jobFrequency parameter.
CVE-2016-9087 1 Exponentcms 1 Exponent Cms 2025-04-20 N/A
SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter.
CVE-2017-14758 1 Opentext 1 Document Sciences Xpression 2025-04-20 N/A
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.jsp, parameter: documentId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first.
CVE-2017-17567 1 Scubez 1 Posty Readymade Classifieds 2025-04-20 N/A
Scubez Posty Readymade Classifieds has SQL Injection via the admin/user_activate_submit.php ID parameter.
CVE-2017-14760 1 Eventespresso 1 Event Espresso Lite 2025-04-20 N/A
SQL Injection exists in /includes/event-management/index.php in the event-espresso-free (aka Event Espresso Lite) plugin v3.1.37.12.L for WordPress via the recurrence_id parameter to /wp-admin/admin.php.
CVE-2017-17586 1 Olx Clone Project 1 Olx Clone 2025-04-20 9.8 Critical
FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter or the message.php pid parameter.
CVE-2017-5611 3 Debian, Oracle, Wordpress 3 Debian Linux, Data Integrator, Wordpress 2025-04-20 9.8 Critical
SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name.
CVE-2015-4724 1 Concretecms 1 Concrete Cms 2025-04-20 N/A
SQL injection vulnerability in Concrete5 5.7.3.1.
CVE-2017-17588 1 Imdb Clone Project 1 Imdb Clone 2025-04-20 9.8 Critical
FS IMDB Clone 1.0 has SQL Injection via the movie.php f parameter, tvshow.php s parameter, or show_misc_video.php id parameter.