Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-89
Total 14188 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-15980 1 Rowindex 1 Us Zip Codes Database Script 2017-11-17 7.5 HIGH 9.8 CRITICAL
US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter.
CVE-2017-15976 1 Zeescripts 1 Zeebuddy 2017-11-17 7.5 HIGH 9.8 CRITICAL
ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid parameter, a different vulnerability than CVE-2008-3604.
CVE-2017-15975 1 Vastal 1 Dating Zone 2017-11-17 7.5 HIGH 9.8 CRITICAL
Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461.
CVE-2017-15960 1 Yourarticlesdirectory 1 Article Directory Script 2017-11-17 7.5 HIGH 9.8 CRITICAL
Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php.
CVE-2017-15964 1 Nicephpscripts 1 Job Board Script 2017-11-17 7.5 HIGH 9.8 CRITICAL
Job Board Script Software allows SQL Injection via the PATH_INFO to a /job-details URI.
CVE-2017-15961 1 Iproject Management System Project 1 Iproject Management System 2017-11-17 7.5 HIGH 9.8 CRITICAL
iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php.
CVE-2017-15958 1 Domainzaar 1 D-park Pro 2017-11-17 7.5 HIGH 9.8 CRITICAL
D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the username to admin/loginform.php.
CVE-2017-15989 1 Online Exam Test Application Project 1 Online Exam Test Application 2017-11-17 7.5 HIGH 9.8 CRITICAL
Online Exam Test Application allows SQL Injection via the resources.php sort parameter in a category action.
CVE-2017-15978 1 Arox 1 School Erp Php Script 2017-11-17 7.5 HIGH 9.8 CRITICAL
AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter.
CVE-2017-15977 1 Protectedlinks 1 Expiring Download Links 2017-11-17 7.5 HIGH 9.8 CRITICAL
Protected Links - Expiring Download Links 1.0 allows SQL Injection via the username parameter.
CVE-2017-15992 1 Website Broker Script Project 1 Website Broker Script 2017-11-17 7.5 HIGH 9.8 CRITICAL
Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php.
CVE-2017-15993 1 Zomato Clone Script Project 1 Zomato Clone Script 2017-11-17 7.5 HIGH 9.8 CRITICAL
Zomato Clone Script allows SQL Injection via the restaurant-menu.php resid parameter.
CVE-2017-15967 1 Mailing-manager 1 Mailing List Manager Pro 2017-11-17 7.5 HIGH 9.8 CRITICAL
Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template.
CVE-2017-15966 1 Zh Yandexmap Project 1 Zh Yandexmap 2017-11-17 7.5 HIGH 9.8 CRITICAL
The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php.
CVE-2017-15965 1 Nswd 1 Ns Download Shop 2017-11-17 7.5 HIGH 9.8 CRITICAL
The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action.
CVE-2017-15968 1 Contractorscripts 1 Mybuildersite 2017-11-16 7.5 HIGH 9.8 CRITICAL
MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.php subcategory parameter.
CVE-2017-15969 1 Pilotgroup 1 Allsharevideo 2017-11-16 7.5 HIGH 9.8 CRITICAL
PG All Share Video 1.0 allows SQL Injection via the PATH_INFO to search/tag, friends/index, users/profile, or video_catalog/category.
CVE-2017-15970 1 Phpcityportal 1 Phpcityportal 2017-11-16 7.5 HIGH 9.8 CRITICAL
PHP CityPortal 2.0 allows SQL Injection via the nid parameter to index.php in a page=news action, or the cat parameter.
CVE-2008-3604 1 Zeescripts 1 Zeebuddy 2017-11-16 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
CVE-2017-15963 1 Itechscripts 1 Gigs Script 2017-11-16 7.5 HIGH 9.8 CRITICAL
iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.php sc parameter or the service-provider.php ser parameter.