Search Results (19727 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-13068 1 Qnap 1 Qts Helpdesk 2025-04-20 N/A
QNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information. A remote attacker does not require any privileges to successfully execute this attack.
CVE-2017-1311 1 Ibm 1 Insights Foundation For Energy 2025-04-20 N/A
IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 125719.
CVE-2017-13137 1 Formcrafts 1 Formcraft 2025-04-20 9.8 Critical
The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php.
CVE-2017-14076 1 Nexusphp 1 Nexusphp 2025-04-20 N/A
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action.
CVE-2017-14069 1 Nexusphp 1 Nexusphp 2025-04-20 N/A
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php.
CVE-2017-14078 1 Trendmicro 1 Mobile Security 2025-04-20 N/A
SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.
CVE-2017-14125 1 Wpdevart 1 Responsive Image Gallery Gallery Album 2025-04-20 N/A
SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php.
CVE-2017-14145 1 Helpdezk 1 Helpdezk 2025-04-20 N/A
HelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\loginController.php via the admin/login/getWarningInfo/id/ PATH_INFO, related to the selectWarning function.
CVE-2017-14512 1 Nexusphp Project 1 Nexusphp 2025-04-20 N/A
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981.
CVE-2017-14600 1 Pragyan Cms Project 1 Pragyan Cms 2025-04-20 N/A
Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure.
CVE-2017-14601 1 Pragyan Cms Project 1 Pragyan Cms 2025-04-20 N/A
Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure.
CVE-2017-14703 1 Cashbackcomparisonscript 1 Cash Back Comparison 2025-04-20 N/A
SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to search/.
CVE-2017-15081 1 Phpsugar 1 Php Melody 2025-04-20 N/A
In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php.
CVE-2017-16510 1 Wordpress 1 Wordpress 2025-04-20 N/A
WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723.
CVE-2017-16542 1 Zohocorp 1 Manageengine Applications Manager 2025-04-20 N/A
Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request.
CVE-2017-16543 1 Zohocorp 1 Manageengine Applications Manager 2025-04-20 N/A
Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter.
CVE-2017-16561 1 Ingenious School Management System Project 1 Ingenious School Management System 2025-04-20 N/A
/view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the 'friend_index' parameter of a GET request.
CVE-2017-17572 1 Amazon Clone Project 1 Amazon Clone 2025-04-20 9.8 Critical
FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari.
CVE-2017-17822 1 Piwigo 1 Piwigo 2025-04-20 N/A
The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database.
CVE-2017-17823 1 Piwigo 1 Piwigo 2025-04-20 N/A
The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database.