Search Results (19727 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-7681 1 Apache 1 Openmeetings 2025-04-20 N/A
Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end.
CVE-2017-5519 1 Metalgenix 1 Genixcms 2025-04-20 N/A
SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2017-5517 1 Metalgenix 1 Genixcms 2025-04-20 N/A
SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter.
CVE-2017-6572 1 Mail-masta Project 1 Mail-masta 2025-04-20 N/A
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/add_member.php with the GET Parameter: filter_list.
CVE-2017-6573 1 Mail-masta Project 1 Mail-masta 2025-04-20 N/A
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit-list.php with the GET Parameter: id.
CVE-2017-9463 1 Piwigo 1 Piwigo 2025-04-20 N/A
The application Piwigo is affected by a SQL injection vulnerability in version 2.9.0 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The user_list_backend.php component is affected: values of the iDisplayStart & iDisplayLength parameters are not sanitized; these are used to construct a SQL query and retrieve a list of registered users into the application.
CVE-2017-15875 1 Sistemagpweb 1 Gpweb 2025-04-20 N/A
SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter.
CVE-2017-9435 1 Dolibarr 1 Dolibarr 2025-04-20 N/A
Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters).
CVE-2017-17582 1 Grubhub Clone Project 1 Grubhub Clone 2025-04-20 9.8 Critical
FS Grubhub Clone 1.0 has SQL Injection via the /food keywords parameter.
CVE-2017-17581 1 Quibids Clone Project 1 Quibids Clone 2025-04-20 9.8 Critical
FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter.
CVE-2017-9429 1 Event List Project 1 Event List 2025-04-20 N/A
SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the id parameter to wp-admin/admin.php.
CVE-2017-17580 1 Linkedin Clone Project 1 Linkedin Clone 2025-04-20 9.8 Critical
FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter.
CVE-2017-17579 1 Freelancer Clone Project 1 Freelancer Clone 2025-04-20 9.8 Critical
FS Freelancer Clone 1.0 has SQL Injection via the profile.php u parameter.
CVE-2017-17577 1 Trademe Clone Project 1 Trademe Clone 2025-04-20 9.8 Critical
FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter.
CVE-2017-9443 1 Bigtreecms 1 Bigtree Cms 2025-04-20 8.8 High
BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and core\admin\modules\developer\packages\install\process.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files.
CVE-2017-17576 1 Gigs Script Project 1 Gigs Script 2025-04-20 9.8 Critical
FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter.
CVE-2017-9360 1 Websitebaker 1 Websitebaker 2025-04-20 N/A
WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php.
CVE-2017-8015 1 Emc 1 Appsync 2025-04-20 N/A
EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system.
CVE-2017-8002 1 Emc 1 Data Protection Advisor 2025-04-20 N/A
EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker may potentially exploit these vulnerabilities to gain information about the application by causing execution of arbitrary SQL commands.
CVE-2017-7991 1 Exponentcms 1 Exponent Cms 2025-04-20 N/A
Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.