Search Results (19729 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-12650 1 Loginizer 1 Loginizer 2025-04-20 N/A
SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header.
CVE-2017-12679 1 Nexusphp 1 Nexusphp 2025-04-20 N/A
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php.
CVE-2017-1269 1 Ibm 1 Security Guardium 2025-04-20 N/A
IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-force ID: 124744
CVE-2017-12710 1 Advantech 1 Webaccess 2025-04-20 N/A
A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information.
CVE-2017-12774 1 Finecms Project 1 Finecms 2025-04-20 N/A
finecms in 1.9.5\controllers\member\ContentController.php allows remote attackers to operate website database
CVE-2017-12776 1 Nexusphp Project 1 Nexusphp 2025-04-20 N/A
SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter.
CVE-2017-8917 1 Joomla 1 Joomla\! 2025-04-20 N/A
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-4914 2 Debian, Zend 2 Debian Linux, Zend Framework 2025-04-20 N/A
The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.
CVE-2017-8015 1 Emc 1 Appsync 2025-04-20 N/A
EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system.
CVE-2017-8002 1 Emc 1 Data Protection Advisor 2025-04-20 N/A
EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker may potentially exploit these vulnerabilities to gain information about the application by causing execution of arbitrary SQL commands.
CVE-2017-7991 1 Exponentcms 1 Exponent Cms 2025-04-20 N/A
Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.
CVE-2017-7952 1 Infor 1 Enterprise Asset Management 2025-04-20 N/A
INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter.
CVE-2017-9436 1 Teampass 1 Teampass 2025-04-20 N/A
TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php.
CVE-2017-6098 1 Mail-masta Project 1 Mail-masta 2025-04-20 N/A
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign_save.php (Requires authentication to Wordpress admin) with the POST Parameter: list_id.
CVE-2017-6097 1 Mail-masta Project 1 Mail-masta 2025-04-20 N/A
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign/count_of_send.php (Requires authentication to Wordpress admin) with the POST Parameter: camp_id.
CVE-2017-6096 1 Mail-masta Project 1 Mail-masta 2025-04-20 N/A
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to Wordpress admin) with the GET Parameter: filter_list.
CVE-2017-6095 1 Mail-masta Project 1 Mail-masta 2025-04-20 N/A
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php (Unauthenticated) with the GET Parameter: list_id.
CVE-2017-6089 1 Phpcollab 1 Phpcollab 2025-04-20 N/A
SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) project or id parameters to topics/deletetopics.php; the (2) id parameter to bookmarks/deletebookmarks.php; or the (3) id parameter to calendar/deletecalendar.php.
CVE-2017-6088 1 Eyesofnetwork 1 Eyesofnetwork 2025-04-20 N/A
Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter to module/monitoring_ged/ged_functions.php or the (5) type parameter to monitoring_ged/ajax.php.
CVE-2017-12908 1 Nexusphp Project 1 Nexusphp 2025-04-20 N/A
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter.