Export limit exceeded: 363821 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19729 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-15961 1 Iproject Management System Project 1 Iproject Management System 2025-04-20 N/A
iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php.
CVE-2017-17906 1 Car Rental Script Project 1 Car Rental Script 2025-04-20 N/A
PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter.
CVE-2017-17900 1 Dolibarr 1 Dolibarr Erp\/crm 2025-04-20 N/A
SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter.
CVE-2017-17895 1 Basic Job Site Script Project 1 Basic Job Site Script 2025-04-20 N/A
Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI.
CVE-2017-17892 1 Readymade Video Sharing Script Project 1 Readymade Video Sharing Script 2025-04-20 N/A
Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter.
CVE-2017-17875 1 Jextn 1 Jextn Faq Pro 2025-04-20 N/A
The JEXTN FAQ Pro extension 4.0.0 for Joomla! has SQL Injection via the id parameter in a view=category action.
CVE-2017-2133 1 Panasonic 2 Kx-hjb1000, Kx-hjb1000 Firmware 2025-04-20 N/A
SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2017-17871 1 Jextn 1 Jextn Question And Answer 2025-04-20 N/A
The "JEXTN Question And Answer" extension 3.1.0 for Joomla! has SQL Injection via the an parameter in a view=tags action, or the ques-srch parameter.
CVE-2017-17872 1 Jextn 1 Jextn Video Gallery 2025-04-20 N/A
The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection via the id parameter in a view=category action.
CVE-2017-17824 1 Piwigo 1 Piwigo 2025-04-20 N/A
The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database.
CVE-2017-17823 1 Piwigo 1 Piwigo 2025-04-20 N/A
The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database.
CVE-2017-11385 1 Trendmicro 1 Control Manager 2025-04-20 N/A
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. Formerly ZDI-CAN-4545.
CVE-2017-17822 1 Piwigo 1 Piwigo 2025-04-20 N/A
The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database.
CVE-2017-17779 1 Paid To Read Script Project 1 Paid To Read Script 2025-04-20 N/A
Paid To Read Script 2.0.5 has SQL injection via the referrals.php id parameter.
CVE-2017-17873 1 Vanguard Project 1 Marketplace Digital Products Php 2025-04-20 N/A
Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI.
CVE-2017-17111 1 Scubez 1 Posty Readymade Classifieds 2025-04-20 N/A
Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request.
CVE-2017-17103 1 Fiyo 1 Fiyo Cms 2025-04-20 N/A
Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via $_POST[name] or $_POST[email]. This vulnerability can lead to escalation from normal user privileges to administrator privileges.
CVE-2017-16961 1 Bigtreecms 1 Bigtree Cms 2025-04-20 N/A
A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The attack uses an admin/trees/add/process request with a crafted _tags[] parameter that is mishandled in a later admin/ajax/dashboard/approve-change request.
CVE-2017-16955 1 Inlinks Project 1 Inlinks 2025-04-20 N/A
SQL injection vulnerability in the InLinks plugin through 1.1 for WordPress allows authenticated users to execute arbitrary SQL commands via the "keyword" parameter to /wp-admin/options-general.php?page=inlinks/inlinks.php.
CVE-2017-11386 1 Trendmicro 1 Control Manager 2025-04-20 N/A
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x4707 due to lack of proper user input validation in cmdHandlerNewReportScheduler.dll. Formerly ZDI-CAN-4549.