Export limit exceeded: 19542 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19542 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-15579 | 1 Phpsugar | 1 Php Melody | 2025-04-20 | N/A |
| In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php. | ||||
| CVE-2017-6096 | 1 Mail-masta Project | 1 Mail-masta | 2025-04-20 | N/A |
| A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to Wordpress admin) with the GET Parameter: filter_list. | ||||
| CVE-2017-11418 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | N/A |
| Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_list.php via $_GET['cat'], $_GET['user'], $_GET['level'], and $_GET['iSortCol_'.$i]. | ||||
| CVE-2015-9234 | 1 Cfpaypal | 1 Cp Contact Form With Paypal | 2025-04-20 | N/A |
| The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php. | ||||
| CVE-2017-16851 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | N/A |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter. | ||||
| CVE-2017-1002019 | 1 Eventr Project | 1 Eventr | 2025-04-20 | N/A |
| Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this allows for blind SQL injection via the event parameter. | ||||
| CVE-2016-6233 | 2 Fedoraproject, Zend | 2 Fedora, Zend Framework | 2025-04-20 | N/A |
| The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression. | ||||
| CVE-2017-9360 | 1 Websitebaker | 1 Websitebaker | 2025-04-20 | N/A |
| WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php. | ||||
| CVE-2017-6065 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | N/A |
| SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticated users to execute arbitrary SQL commands via the order parameter. | ||||
| CVE-2017-2241 | 2 Apple, Hammock | 2 Mac Os X, Assetview | 2025-04-20 | N/A |
| SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via "File Transfer Web Service". | ||||
| CVE-2017-11582 | 1 Finecms | 1 Finecms | 2025-04-20 | N/A |
| dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an action=related or action=tags request to libraries/Template.php. | ||||
| CVE-2017-2195 | 1 Multi Feed Reader Project | 1 Multi Feed Reader | 2025-04-20 | N/A |
| SQL injection vulnerability in the Multi Feed Reader prior to version 2.2.4 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2017-11583 | 1 Finecms | 1 Finecms | 2025-04-20 | N/A |
| dayrui FineCms 5.0.9 has SQL Injection via the catid parameter in an action=related request to libraries/Template.php. | ||||
| CVE-2017-11584 | 1 Finecms | 1 Finecms | 2025-04-20 | N/A |
| dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an action=module, action=member, action=form, or action=related request to libraries/Template.php. | ||||
| CVE-2017-11736 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | N/A |
| SQL injection vulnerability in core\admin\auto-modules\forms\process.php in BigTree 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via the tags array parameter. | ||||
| CVE-2017-1174 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | N/A |
| IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123296. | ||||
| CVE-2017-17111 | 1 Scubez | 1 Posty Readymade Classifieds | 2025-04-20 | N/A |
| Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request. | ||||
| CVE-2017-16961 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | N/A |
| A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The attack uses an admin/trees/add/process request with a crafted _tags[] parameter that is mishandled in a later admin/ajax/dashboard/approve-change request. | ||||
| CVE-2017-16955 | 1 Inlinks Project | 1 Inlinks | 2025-04-20 | N/A |
| SQL injection vulnerability in the InLinks plugin through 1.1 for WordPress allows authenticated users to execute arbitrary SQL commands via the "keyword" parameter to /wp-admin/options-general.php?page=inlinks/inlinks.php. | ||||
| CVE-2017-1175 | 1 Ibm | 1 Maximo Asset Management | 2025-04-20 | N/A |
| IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123297. | ||||