Export limit exceeded: 363654 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 19727 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19727 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-3835 1 Cisco 1 Identity Services Engine Software 2025-04-20 N/A
A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. More Information: CSCvb15627. Known Affected Releases: 1.4(0.908).
CVE-2017-9418 1 Goldplugins 1 Testimonials Plugin Easy Testimonials 2025-04-20 N/A
SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php.
CVE-2017-5218 1 Sagecrm 1 Sagecrm 2025-04-20 N/A
A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The AP_DocumentUI.asp web resource includes Utilityfuncs.js when the file is opened or viewed. This file crafts a SQL statement to identify the database that is to be in use with the current user's session. The database variable can be populated from the URL, and when supplied non-expected characters, can be manipulated to obtain access to the underlying database. The /CRM/CustomPages/ACCPAC/AP_DocumentUI.asp?SID=<VALID-SID>&database=1';WAITFOR DELAY '0:0:5'-- URI is a Proof of Concept.
CVE-2017-5519 1 Metalgenix 1 Genixcms 2025-04-20 N/A
SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2017-5527 1 Tibco 2 Spotfire Analytics Platform For Aws, Spotfire Server 2025-04-20 N/A
TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks.
CVE-2017-7581 1 News System Project 1 News System 2025-04-20 N/A
SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed.
CVE-2017-7628 1 Smart Related Articles Project 1 Smart Related Articles 2025-04-20 N/A
The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability).
CVE-2017-7681 1 Apache 1 Openmeetings 2025-04-20 N/A
Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end.
CVE-2017-6550 1 Kinsey 1 Infor-lawson 2025-04-20 N/A
Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute arbitrary SQL commands via the (1) TABLE parameter to esbus/servlet/GetSQLData or (2) QUERY parameter to KK_LS9ReportingPortal/GetData.
CVE-2017-6570 1 Mail-masta Project 1 Mail-masta 2025-04-20 N/A
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign-list.php with the GET Parameter: id.
CVE-2017-6571 1 Mail-masta Project 1 Mail-masta 2025-04-20 N/A
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign.php with the GET Parameter: id.
CVE-2017-6572 1 Mail-masta Project 1 Mail-masta 2025-04-20 N/A
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/add_member.php with the GET Parameter: filter_list.
CVE-2017-6573 1 Mail-masta Project 1 Mail-masta 2025-04-20 N/A
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit-list.php with the GET Parameter: id.
CVE-2014-8621 1 Store Locator Project 1 Store Locator 2025-04-20 N/A
SQL injection vulnerability in the Store Locator plugin 2.3 through 3.11 for WordPress allows remote attackers to execute arbitrary SQL commands via the sl_custom_field parameter to sl-xml.php.
CVE-2015-0780 1 Novell 1 Zenworks Configuration Management 2025-04-20 N/A
SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-0782 1 Novell 1 Zenworks Configuration Management 2025-04-20 N/A
SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-2798 1 Web-dorado 1 Contact Form Maker 2025-04-20 N/A
SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2015-4073 1 Helpdesk Pro Project 1 Helpdesk Pro 2025-04-20 N/A
Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter.
CVE-2015-5376 1 Gsi-office 1 Winpat Portal 2025-04-20 N/A
SQL injection vulnerability in the login form in GSI WiNPAT Portal 3.2.0.1001 through 3.6.1.0 allows remote attackers to execute arbitrary SQL commands via the username field.
CVE-2015-7390 1 Testlink 1 Testlink 2025-04-20 N/A
SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php.