Export limit exceeded: 19728 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19728 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-8356 | 1 Bitrix Project | 1 Bitrix | 2025-04-20 | N/A |
| Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to admin/mcart_xls_import.php or the (2) xls_iblock_id, (3) xls_iblock_section_id, (4) firstRow, (5) titleRow, (6) firstColumn, (7) highestColumn, (8) sku_iblock_id, or (9) xls_iblock_section_id_new parameter to admin/mcart_xls_import_step_2.php. | ||||
| CVE-2015-8974 | 1 Mybb | 2 Merge System, Mybb | 2025-04-20 | N/A |
| SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2015-7569 | 1 Yeager | 1 Yeager Cms | 2025-04-20 | N/A |
| SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter. | ||||
| CVE-2015-7568 | 1 Yeager | 1 Yeager Cms | 2025-04-20 | N/A |
| SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter. | ||||
| CVE-2015-6028 | 1 Castlerock | 1 Snmpc | 2025-04-20 | 8.8 High |
| Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter. | ||||
| CVE-2017-11184 | 1 Glpi-project | 1 Glpi | 2025-04-20 | N/A |
| SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter. | ||||
| CVE-2016-9019 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | N/A |
| SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter. | ||||
| CVE-2017-15991 | 1 Vastal | 1 Agent Zone | 2025-04-20 | N/A |
| Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type, city, or bedroom parameter, a different vulnerability than CVE-2008-3951, CVE-2009-3497, and CVE-2012-0982. | ||||
| CVE-2017-11161 | 1 Synology | 1 Photo Station | 2025-04-20 | N/A |
| Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php. | ||||
| CVE-2017-17695 | 1 Techno - Portfolio Management Panel Project | 1 Techno - Portfolio Management Panel | 2025-04-20 | N/A |
| Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter. | ||||
| CVE-2017-5574 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | N/A |
| SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows unauthenticated users to execute arbitrary SQL commands via the activation parameter. | ||||
| CVE-2014-2023 | 1 Tapatalk | 1 Tapatalk | 2025-04-20 | N/A |
| Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API request to (1) unsubscribe_forum.php or (2) unsubscribe_topic.php in mobiquo/functions/. | ||||
| CVE-2017-5598 | 1 Eclinicalworks | 1 Patient Portal | 2025-04-20 | N/A |
| An issue was discovered in eClinicalWorks healow@work 8.0 build 8. This is a blind SQL injection within the EmployeePortalServlet, which can be exploited by un-authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects the EmployeePortalServlet page and the following parameter: employer. | ||||
| CVE-2017-6492 | 1 Admidio | 1 Admidio | 2025-04-20 | N/A |
| SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. The POST parameter dat_cat_id is concatenated into a SQL query without any input validation/sanitization. | ||||
| CVE-2017-9834 | 1 Calendarscripts | 1 Watupro | 2025-04-20 | N/A |
| SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the watupro_questions parameter in a watupro_submit action to wp-admin/admin-ajax.php. | ||||
| CVE-2017-9759 | 1 Zenbership | 1 Zenbership | 2025-04-20 | N/A |
| SQL Injection exists in admin/index.php in Zenbership 1.0.8 via the filters array parameter, exploitable by a privileged account. | ||||
| CVE-2017-8917 | 1 Joomla | 1 Joomla\! | 2025-04-20 | N/A |
| SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2017-2641 | 1 Moodle | 1 Moodle | 2025-04-20 | N/A |
| In Moodle 2.x and 3.x, SQL injection can occur via user preferences. | ||||
| CVE-2017-7290 | 1 Xoops | 1 Xoops | 2025-04-20 | N/A |
| SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An example attack uses "into outfile" to create a backdoor program. | ||||
| CVE-2017-5663 | 1 Apache | 1 Fineract | 2025-04-20 | N/A |
| In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. The 'sqlSearch' parameter on a number of endpoints is not sanitized and appended directly to the query. | ||||