Export limit exceeded: 19727 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19727 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-16893 1 Piwigo 1 Piwigo 2025-04-20 N/A
The application Piwigo is affected by an SQL injection vulnerability in version 2.9.2 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. tags.php is affected: values of the edit_list parameters are not sanitized; these are used to construct an SQL query and retrieve a list of registered users into the application.
CVE-2017-9443 1 Bigtreecms 1 Bigtree Cms 2025-04-20 8.8 High
BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and core\admin\modules\developer\packages\install\process.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files.
CVE-2017-7878 1 Flatcore 1 Flatcore-cms 2025-04-20 N/A
SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database.
CVE-2017-7879 1 Flatcore 1 Flatcore-cms 2025-04-20 N/A
SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database.
CVE-2017-17611 1 Doctor Search Script Project 1 Doctor Search Script 2025-04-20 N/A
Doctor Search Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-7581 1 News System Project 1 News System 2025-04-20 N/A
SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed.
CVE-2017-7886 1 Dolibarr 1 Dolibarr Erp\/crm 2025-04-20 N/A
Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter.
CVE-2017-17613 1 Freelance Website Script Project 1 Freelance Website Script 2025-04-20 N/A
Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php pr_id parameter or the searchbycat_list.php catid parameter.
CVE-2017-17615 1 Facebook Clone Script Project 1 Facebook Clone Script 2025-04-20 N/A
Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter.
CVE-2017-7681 1 Apache 1 Openmeetings 2025-04-20 N/A
Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end.
CVE-2017-17627 1 Readymade Video Sharing Script Project 1 Readymade Video Sharing Script 2025-04-20 N/A
Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter.
CVE-2017-17632 1 Responsive Events And Movie Ticket Booking Script Project 1 Responsive Events And Movie Ticket Booking Script 2025-04-20 N/A
Responsive Events And Movie Ticket Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.
CVE-2017-17635 1 Mlm Forex Market Plan Script Project 1 Mlm Forex Market Plan Script 2025-04-20 N/A
MLM Forex Market Plan Script 2.0.4 has SQL Injection via the news_detail.php newid parameter or the event_detail.php eventid parameter.
CVE-2017-7410 1 Websitebaker 1 Websitebaker 2025-04-20 9.8 Critical
Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter.
CVE-2017-17640 1 Advanced World Database Project 1 Advanced World Database 2025-04-20 N/A
Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter.
CVE-2017-5347 1 Metalgenix 1 Genixcms 2025-04-20 N/A
SQL injection vulnerability in inc/mod/newsletter/options.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the recipient parameter to gxadmin/index.php.
CVE-2017-17643 1 Lynda Clone Project 1 Lynda Clone 2025-04-20 9.8 Critical
FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tutorial/.
CVE-2017-17645 1 Phpautoclassifiedscript 1 Bus Booking Script 2025-04-20 N/A
Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php.
CVE-2017-5346 1 Genixcms 1 Genixcms 2025-04-20 N/A
SQL injection vulnerability in inc/lib/Control/Backend/posts.control.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to gxadmin/index.php.
CVE-2017-6550 1 Kinsey 1 Infor-lawson 2025-04-20 N/A
Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute arbitrary SQL commands via the (1) TABLE parameter to esbus/servlet/GetSQLData or (2) QUERY parameter to KK_LS9ReportingPortal/GetData.