Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15959 | 1 Adultscriptpro | 1 Adultscriptpro | 2017-11-16 | 7.5 HIGH | 9.8 CRITICAL |
| Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576. | |||||
| CVE-2017-15974 | 1 Datacomponents | 1 Tpanel | 2017-11-16 | 7.5 HIGH | 9.8 CRITICAL |
| tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php. | |||||
| CVE-2017-15973 | 1 Sokial | 1 Sokial | 2017-11-16 | 7.5 HIGH | 9.8 CRITICAL |
| Sokial Social Network Script 1.0 allows SQL Injection via the id parameter to admin/members_view.php. | |||||
| CVE-2017-15972 | 1 Softdatepro | 1 Dating Software | 2017-11-16 | 7.5 HIGH | 9.8 CRITICAL |
| SoftDatepro Dating Social Network 1.3 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15971. | |||||
| CVE-2013-0140 | 1 Mcafee | 1 Epolicy Orchestrator | 2017-11-16 | 7.9 HIGH | N/A |
| SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a crafted request over the Agent-Server communication channel. | |||||
| CVE-2012-4570 | 1 Letodms Project | 1 Letodms | 2017-11-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in LetoDMS (formerly MyDMS) before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-2023 | 1 Tapatalk | 1 Tapatalk | 2017-11-15 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API request to (1) unsubscribe_forum.php or (2) unsubscribe_topic.php in mobiquo/functions/. | |||||
| CVE-2017-15907 | 1 Phpcollab | 1 Phpcollab | 2017-11-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in phpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to newsdesk/newsdesk.php. | |||||
| CVE-2017-15919 | 1 Accesspressthemes | 1 Ultimate-form-builder-lite | 2017-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php. | |||||
| CVE-2017-15949 | 1 Angry-frog | 1 Xavier | 2017-11-14 | 6.5 MEDIUM | 7.2 HIGH |
| Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the log_id parameter to admin/editgroup.php. | |||||
| CVE-2017-15081 | 1 Phpsugar | 1 Php Melody | 2017-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php. | |||||
| CVE-2017-12710 | 1 Advantech | 1 Webaccess | 2017-11-10 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information. | |||||
| CVE-2017-14723 | 1 Wordpress | 1 Wordpress | 2017-11-10 | 7.5 HIGH | 9.8 CRITICAL |
| Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks. | |||||
| CVE-2017-15578 | 1 Phpsugar | 1 Php Melody | 2017-11-08 | 6.0 MEDIUM | 8.8 HIGH |
| In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php. | |||||
| CVE-2017-15579 | 1 Phpsugar | 1 Php Melody | 2017-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php. | |||||
| CVE-2017-15539 | 1 Zorovavi\/blog Project | 1 Zorovavi\/blog | 2017-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php. | |||||
| CVE-2014-9095 | 1 Raritan | 1 Power Iq | 2017-11-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records. | |||||
| CVE-2017-6050 | 1 Ecava | 1 Integraxor | 2017-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. The application fails to properly validate user input, which may allow for an unauthenticated attacker to remotely execute arbitrary code in the form of SQL queries. | |||||
| CVE-2015-4342 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2017-11-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id. | |||||
| CVE-2017-2133 | 1 Panasonic | 2 Kx-hjb1000, Kx-hjb1000 Firmware | 2017-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||||