Search Results (19635 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-17621 1 Multivendor Penny Auction Clone Script Project 1 Multivendor Penny Auction Clone Script 2025-04-20 N/A
Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI.
CVE-2017-17642 1 Basic Job Site Script Project 1 Basic Job Site Script 2025-04-20 N/A
Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job.
CVE-2017-17599 1 Advance Online Learning Management Script Project 1 Advance Online Learning Management Script 2025-04-20 N/A
Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter.
CVE-2017-17588 1 Imdb Clone Project 1 Imdb Clone 2025-04-20 9.8 Critical
FS IMDB Clone 1.0 has SQL Injection via the movie.php f parameter, tvshow.php s parameter, or show_misc_video.php id parameter.
CVE-2016-2034 1 Arubanetworks 1 Clearpass 2025-04-20 N/A
SQL injection vulnerability in ClearPass Policy Manager 6.5.x through 6.5.6 and 6.6.0.
CVE-2015-5533 1 Count Per Day Project 1 Count Per Day 2025-04-20 N/A
SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep_month parameter to wp-admin/options-general.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
CVE-2017-14145 1 Helpdezk 1 Helpdezk 2025-04-20 N/A
HelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\loginController.php via the admin/login/getWarningInfo/id/ PATH_INFO, related to the selectWarning function.
CVE-2017-14600 1 Pragyan Cms Project 1 Pragyan Cms 2025-04-20 N/A
Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure.
CVE-2017-16961 1 Bigtreecms 1 Bigtree Cms 2025-04-20 N/A
A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The attack uses an admin/trees/add/process request with a crafted _tags[] parameter that is mishandled in a later admin/ajax/dashboard/approve-change request.
CVE-2017-16542 1 Zohocorp 1 Manageengine Applications Manager 2025-04-20 N/A
Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request.
CVE-2017-16733 1 Ecava 1 Integraxor 2025-04-20 N/A
A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database.
CVE-2015-4592 1 Eclinicalworks 1 Population Health 2025-04-20 N/A
eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input.
CVE-2017-6570 1 Mail-masta Project 1 Mail-masta 2025-04-20 N/A
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign-list.php with the GET Parameter: id.
CVE-2015-9226 1 Alegrocart 1 Alegrocart 2025-04-20 N/A
Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_admin_download.php or remote authenticated users with a valid Paypal transaction token to execute arbitrary SQL commands via the ref parameter in the (3) orderUpdate function in upload/catalog/extension/payment/paypal.php.
CVE-2017-17824 1 Piwigo 1 Piwigo 2025-04-20 N/A
The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database.
CVE-2017-1002023 1 Daisythemes 1 Easy Team Manager 2025-04-20 N/A
Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php
CVE-2015-7569 1 Yeager 1 Yeager Cms 2025-04-20 N/A
SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter.
CVE-2017-17626 1 Readymade Php Classified Script Project 1 Readymade Php Classified Script 2025-04-20 N/A
Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter.
CVE-2016-8027 1 Mcafee 1 Epolicy Orchestrator 2025-04-20 N/A
SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post.
CVE-2017-17895 1 Basic Job Site Script Project 1 Basic Job Site Script 2025-04-20 N/A
Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI.