Export limit exceeded: 19582 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19582 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-11161 | 1 Synology | 1 Photo Station | 2025-04-20 | N/A |
| Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php. | ||||
| CVE-2017-6050 | 1 Ecava | 1 Integraxor | 2025-04-20 | N/A |
| A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. The application fails to properly validate user input, which may allow for an unauthenticated attacker to remotely execute arbitrary code in the form of SQL queries. | ||||
| CVE-2017-1175 | 1 Ibm | 1 Maximo Asset Management | 2025-04-20 | N/A |
| IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123297. | ||||
| CVE-2017-1002028 | 1 Angrybyte | 1 Gallery-transformation | 2025-04-20 | N/A |
| Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query. | ||||
| CVE-2017-1002027 | 1 Rayanehdownload | 1 Rk-responsive-contact-form | 2025-04-20 | N/A |
| Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rk_user_list.php. | ||||
| CVE-2017-17928 | 1 Ordermanagementscript | 1 Professional Service Script | 2025-04-20 | N/A |
| PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter. | ||||
| CVE-2017-16543 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | N/A |
| Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter. | ||||
| CVE-2017-16542 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | N/A |
| Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request. | ||||
| CVE-2017-1174 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | N/A |
| IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123296. | ||||
| CVE-2017-1002023 | 1 Daisythemes | 1 Easy Team Manager | 2025-04-20 | N/A |
| Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php | ||||
| CVE-2014-8621 | 1 Store Locator Project | 1 Store Locator | 2025-04-20 | N/A |
| SQL injection vulnerability in the Store Locator plugin 2.3 through 3.11 for WordPress allows remote attackers to execute arbitrary SQL commands via the sl_custom_field parameter to sl-xml.php. | ||||
| CVE-2017-1002022 | 1 Surveys Project | 1 Surveys | 2025-04-20 | N/A |
| Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query. | ||||
| CVE-2017-1002021 | 1 Surveys Project | 1 Surveys | 2025-04-20 | N/A |
| Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query. | ||||
| CVE-2017-17919 | 1 Rubyonrails | 1 Ruby On Rails | 2025-04-20 | 8.1 High |
| SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input | ||||
| CVE-2017-14848 | 1 Dasinfomedia | 1 Wphrm Human Resource Management System | 2025-04-20 | 8.8 High |
| WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter. | ||||
| CVE-2017-17597 | 1 Nearbuy Clone Script Project | 1 Nearbuy Clone Script | 2025-04-20 | N/A |
| Nearbuy Clone Script 3.2 has SQL Injection via the category_list.php search parameter. | ||||
| CVE-2017-17598 | 1 Affiliate Mlm Script Project | 1 Affiliate Mlm Script | 2025-04-20 | N/A |
| Affiliate MLM Script 1.0 has SQL Injection via the product-category.php key parameter. | ||||
| CVE-2017-12199 | 1 Etoilewebdesign | 1 Ultimate Product Catalog | 2025-04-20 | N/A |
| The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogue_update_order list-item, video_update_order video-item, image_update_order list-item, tag_group_update_order list_item, category_products_update_order category-product-item, custom_fields_update_order field-item, categories_update_order category-item, subcategories_update_order subcategory-item, and tags_update_order tag-list-item. | ||||
| CVE-2017-12276 | 1 Cisco | 1 Prime Collaboration Provisioning | 2025-04-20 | N/A |
| A vulnerability in the web framework code for the SQL database interface of the Cisco Prime Collaboration Provisioning application could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. The attacker could read or write information from the SQL database. The vulnerability is due to a lack of proper validation on user-supplied input within SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application. An exploit could allow the attacker to determine the presence of certain values and write malicious input in the SQL database. The attacker would need to have valid user credentials. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases prior to 12.3. Cisco Bug IDs: CSCvf47935. | ||||
| CVE-2017-6698 | 1 Cisco | 1 Prime Infrastructure | 2025-04-20 | N/A |
| A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc23892 CSCvc35270 CSCvc35626 CSCvc35630 CSCvc49568. Known Affected Releases: 3.1(1) 2.0(4.0.45B). | ||||