Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1002019 | 1 Eventr Project | 1 Eventr | 2017-09-18 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this allows for blind SQL injection via the event parameter. | |||||
| CVE-2017-1002018 | 1 Eventr Project | 1 Eventr | 2017-09-18 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this allows for blind SQL injection via the event parameter. | |||||
| CVE-2017-9834 | 1 Calendarscripts | 1 Watupro | 2017-09-18 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the watupro_questions parameter in a watupro_submit action to wp-admin/admin-ajax.php. | |||||
| CVE-2017-14242 | 1 Dolibarr | 1 Dolibarr | 2017-09-18 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter. | |||||
| CVE-2017-14238 | 1 Dolibarr | 1 Dolibarr | 2017-09-18 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter. | |||||
| CVE-2015-9226 | 1 Alegrocart | 1 Alegrocart | 2017-09-18 | 6.5 MEDIUM | 7.2 HIGH |
| Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_admin_download.php or remote authenticated users with a valid Paypal transaction token to execute arbitrary SQL commands via the ref parameter in the (3) orderUpdate function in upload/catalog/extension/payment/paypal.php. | |||||
| CVE-2015-6009 | 1 Refbase | 1 Refbase | 2017-09-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary SQL commands via (1) the where parameter to rss.php or (2) the sqlQuery parameter to search.php, a different issue than CVE-2015-7382. | |||||
| CVE-2015-7858 | 1 Joomla | 1 Joomla\! | 2017-09-13 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297. | |||||
| CVE-2015-7857 | 1 Joomla | 1 Joomla\! | 2017-09-13 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php. | |||||
| CVE-2015-7297 | 1 Joomla | 1 Joomla\! | 2017-09-13 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858. | |||||
| CVE-2015-5052 | 1 Sefrengo | 1 Sefrengo | 2017-09-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Sefrengo before 1.6.5 beta2. | |||||
| CVE-2015-4627 | 1 Pragyan Cms Project | 1 Pragyan Cms | 2017-09-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Pragyan CMS 3.0. | |||||
| CVE-2015-3314 | 1 Tune Library Project | 1 Tune Library | 2017-09-11 | 6.8 MEDIUM | 8.1 HIGH |
| SQL injection vulnerability in WordPress Tune Library plugin before 1.5.5. | |||||
| CVE-2015-3313 | 1 Community Events Project | 1 Community Events | 2017-09-11 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in WordPress Community Events plugin before 1.4. | |||||
| CVE-2016-1914 | 1 Blackberry | 1 Blackberry Enterprise Service | 2017-09-10 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to execute arbitrary SQL commands via the imageName parameter to (1) mydevice/client/image, (2) admin/client/image, (3) myapps/client/image, (4) ssam/client/image, or (5) all/client/image. | |||||
| CVE-2014-8586 | 1 Cp Multi View Event Calendar Project | 1 Cp Multi View Event Calendar | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter. | |||||
| CVE-2014-9005 | 1 Vld Interactive | 1 Vldpersonals | 2017-09-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in vldPersonals before 2.7.1 allow remote attackers to execute arbitrary SQL commands via the (1) country, (2) gender1, or ((3) gender2 parameter in a search action to index.php. | |||||
| CVE-2014-8995 | 1 Maarch | 1 Letterbox | 2017-09-08 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie. | |||||
| CVE-2014-10020 | 1 Tecorange | 1 Simple E-document | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in Simple e-document 1.31 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2014-5262 | 1 Cacti | 1 Cacti | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||