Export limit exceeded: 19599 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19599 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-8377 | 1 Genixcms | 1 Genixcms | 2025-04-20 | N/A |
| GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid parameter. | ||||
| CVE-2017-15979 | 1 Odallated | 1 Shareet | 2025-04-20 | N/A |
| Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via the photo parameter. | ||||
| CVE-2017-15980 | 1 Rowindex | 1 Us Zip Codes Database Script | 2025-04-20 | N/A |
| US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter. | ||||
| CVE-2016-10379 | 1 Virtuemart | 1 Virtuemart | 2025-04-20 | N/A |
| The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL injection by remote authenticated administrators via the virtuemart_paymentmethod_id or virtuemart_shipmentmethod_id parameter to administrator/index.php. | ||||
| CVE-2017-15919 | 1 Accesspressthemes | 1 Ultimate-form-builder-lite | 2025-04-20 | N/A |
| The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php. | ||||
| CVE-2017-15982 | 1 Geniusocean | 1 News | 2025-04-20 | 9.8 Critical |
| Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. | ||||
| CVE-2016-10378 | 1 E107 | 1 E107 | 2025-04-20 | N/A |
| e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function. | ||||
| CVE-2017-9730 | 1 Dfsol | 1 Nuevomailer | 2025-04-20 | 9.8 Critical |
| SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the "r" parameter. | ||||
| CVE-2017-9759 | 1 Zenbership | 1 Zenbership | 2025-04-20 | N/A |
| SQL Injection exists in admin/index.php in Zenbership 1.0.8 via the filters array parameter, exploitable by a privileged account. | ||||
| CVE-2017-16851 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | N/A |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter. | ||||
| CVE-2015-3934 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | N/A |
| Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/app_article/controller/rating.php or (2) user parameter to user/login. | ||||
| CVE-2015-7517 | 1 Labwebdesigns | 1 Double Opt-in For Download | 2025-04-20 | N/A |
| Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin before 2.0.9 for WordPress allow remote attackers to execute arbitrary SQL commands via the ver parameter to (1) class-doifd-download.php or (2) class-doifd-landing-page.php in public/includes/. | ||||
| CVE-2015-7877 | 1 User Dashboard Project | 1 User Dashboard | 2025-04-20 | N/A |
| Multiple SQL injection vulnerabilities in the User Dashboard module 7.x before 7.x-1.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2016-4468 | 2 Cloudfoundry, Pivotal Software | 5 Cloud Foundry Uaa Bosh, Cloud Foundry, Cloud Foundry Elastic Runtime and 2 more | 2025-04-20 | N/A |
| SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2015-4592 | 1 Eclinicalworks | 1 Population Health | 2025-04-20 | N/A |
| eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input. | ||||
| CVE-2016-2555 | 1 Atutor | 1 Atutor | 2025-04-20 | N/A |
| SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php. | ||||
| CVE-2015-7346 | 1 Zcms Project | 1 Zcms | 2025-04-20 | N/A |
| SQL injection vulnerability in ZCMS 1.1. | ||||
| CVE-2015-6028 | 1 Castlerock | 1 Snmpc | 2025-04-20 | 8.8 High |
| Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter. | ||||
| CVE-2015-4669 | 1 Xceedium | 1 Xsuite | 2025-04-20 | N/A |
| The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system. | ||||
| CVE-2017-7581 | 1 News System Project | 1 News System | 2025-04-20 | N/A |
| SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed. | ||||