Search Results (19729 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-11416 1 Fiyo 1 Fiyo Cms 2025-04-20 N/A
Fiyo CMS 2.0.7 has SQL injection in /apps/app_comment/controller/insert.php via the name parameter.
CVE-2017-11415 1 Fiyo 1 Fiyo Cms 2025-04-20 N/A
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/sys_article.php via $_POST['parent_id'], $_POST['desc'], $_POST['keys'], and $_POST['level'].
CVE-2017-11413 1 Fiyo 1 Fiyo Cms 2025-04-20 N/A
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/comment_status.php via $_GET['id'].
CVE-2015-7877 1 User Dashboard Project 1 User Dashboard 2025-04-20 N/A
Multiple SQL injection vulnerabilities in the User Dashboard module 7.x before 7.x-1.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2017-15539 1 Zorovavi\/blog Project 1 Zorovavi\/blog 2025-04-20 N/A
SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php.
CVE-2017-14401 1 Eyesofnetwork 1 Eyesofnetwork 2025-04-20 N/A
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT UPDATE" section.
CVE-2017-8835 1 Peplink 12 1350hw2 Firmware, 2500 Firmware, 380hw6 Firmware and 9 more 2025-04-20 N/A
SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. An attack vector is the bauth cookie to cgi-bin/MANGA/admin.cgi. One impact is enumeration of user accounts by observing whether a session ID can be retrieved from the sessions database.
CVE-2017-17892 1 Readymade Video Sharing Script Project 1 Readymade Video Sharing Script 2025-04-20 N/A
Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter.
CVE-2017-17895 1 Basic Job Site Script Project 1 Basic Job Site Script 2025-04-20 N/A
Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI.
CVE-2017-17900 1 Dolibarr 1 Dolibarr Erp\/crm 2025-04-20 N/A
SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter.
CVE-2017-17906 1 Car Rental Script Project 1 Car Rental Script 2025-04-20 N/A
PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter.
CVE-2017-17959 1 Php Multivendor Ecommerce Project 1 Php Multivendor Ecommerce 2025-04-20 N/A
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter.
CVE-2016-8341 1 Ecava 1 Integraxor 2025-04-20 N/A
An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host's database could be subject to read, write, and delete commands.
CVE-2017-2641 1 Moodle 1 Moodle 2025-04-20 N/A
In Moodle 2.x and 3.x, SQL injection can occur via user preferences.
CVE-2017-6572 1 Mail-masta Project 1 Mail-masta 2025-04-20 N/A
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/add_member.php with the GET Parameter: filter_list.
CVE-2017-3899 1 Mcafee 1 Advanced Threat Defense 2025-04-20 N/A
SQL injection vulnerability in Intel Security Advanced Threat Defense (ATD) Linux 3.6.0 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request parameter.
CVE-2017-17829 1 Doditsolutions 1 Bus Booking Script 2025-04-20 N/A
Bus Booking Script has SQL Injection via the admin/view_seatseller.php sp_id parameter or the admin/view_member.php memid parameter.
CVE-2015-2798 1 Web-dorado 1 Contact Form Maker 2025-04-20 N/A
SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2015-9226 1 Alegrocart 1 Alegrocart 2025-04-20 N/A
Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_admin_download.php or remote authenticated users with a valid Paypal transaction token to execute arbitrary SQL commands via the ref parameter in the (3) orderUpdate function in upload/catalog/extension/payment/paypal.php.
CVE-2015-9234 1 Cfpaypal 1 Cp Contact Form With Paypal 2025-04-20 N/A
The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php.