Search Results (19635 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-7783 1 Exponentcms 1 Exponent Cms 2025-04-20 N/A
SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.
CVE-2017-17583 1 Shutterstock Clone Project 1 Shutterstock Clone 2025-04-20 9.8 Critical
FS Shutterstock Clone 1.0 has SQL Injection via the /Category keywords parameter.
CVE-2017-16896 1 Tt-rss 1 Tiny Tiny Rss 2025-04-20 N/A
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter.
CVE-2016-2566 1 Samsung 2 Galaxy S6, Galaxy S6 Firmware 2025-04-20 N/A
Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices has SQL injection, aka SVE-2015-5081.
CVE-2017-6095 1 Mail-masta Project 1 Mail-masta 2025-04-20 N/A
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php (Unauthenticated) with the GET Parameter: list_id.
CVE-2017-17586 1 Olx Clone Project 1 Olx Clone 2025-04-20 9.8 Critical
FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter or the message.php pid parameter.
CVE-2016-4337 1 Ktools 1 Photostore 2025-04-20 N/A
SQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore before 4.7.5 allows remote attackers to execute arbitrary SQL commands via the email parameter in a recover_login action.
CVE-2016-4338 1 Zabbix 1 Zabbix 2025-04-20 N/A
The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size parameter.
CVE-2017-1002026 1 Eventespresso 1 Event Espresso 2025-04-20 N/A
Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement.
CVE-2017-17829 1 Doditsolutions 1 Bus Booking Script 2025-04-20 N/A
Bus Booking Script has SQL Injection via the admin/view_seatseller.php sp_id parameter or the admin/view_member.php memid parameter.
CVE-2016-6233 2 Fedoraproject, Zend 2 Fedora, Zend Framework 2025-04-20 N/A
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression.
CVE-2017-1002021 1 Surveys Project 1 Surveys 2025-04-20 N/A
Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query.
CVE-2017-17620 1 Lawyer Search Script Project 1 Lawyer Search Script 2025-04-20 N/A
Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city parameter.
CVE-2016-9728 1 Ibm 1 Qradar Security Information And Event Manager 2025-04-20 N/A
IBM Qradar 7.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM Reference #: 1999543.
CVE-2017-17895 1 Basic Job Site Script Project 1 Basic Job Site Script 2025-04-20 N/A
Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI.
CVE-2015-5052 1 Sefrengo 1 Sefrengo 2025-04-20 N/A
SQL injection vulnerability in Sefrengo before 1.6.5 beta2.
CVE-2017-1002014 1 Anblik 1 Image-gallery-with-slideshow 2025-04-20 N/A
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter.
CVE-2017-17614 1 Hotel Restaurant Reviews And Feedback Script Project 1 Hotel Restaurant Reviews And Feedback Script 2025-04-20 N/A
Food Order Script 1.0 has SQL Injection via the /list city parameter.
CVE-2016-9333 1 Moxa 1 Softcms 2025-04-20 N/A
An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. The SoftCMS Application does not properly sanitize input that may allow a remote attacker access to SoftCMS with administrator's privilege through specially crafted input (SQL INJECTION).
CVE-2015-4627 1 Pragyan Cms Project 1 Pragyan Cms 2025-04-20 N/A
SQL injection vulnerability in Pragyan CMS 3.0.