Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-7782 | 1 Exponentcms | 1 Exponent Cms | 2017-03-31 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter. | |||||
| CVE-2016-7783 | 1 Exponentcms | 1 Exponent Cms | 2017-03-31 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. | |||||
| CVE-2016-7780 | 1 Exponentcms | 1 Exponent Cms | 2017-03-31 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. | |||||
| CVE-2015-1000003 | 1 Filedownload Project | 1 Filedownload | 2017-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| Blind SQL Injection in filedownload v1.4 wordpress plugin | |||||
| CVE-2017-6492 | 1 Admidio | 1 Admidio | 2017-03-25 | 9.0 HIGH | 7.2 HIGH |
| SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. The POST parameter dat_cat_id is concatenated into a SQL query without any input validation/sanitization. | |||||
| CVE-2017-3899 | 1 Mcafee | 1 Advanced Threat Defense | 2017-03-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| SQL injection vulnerability in Intel Security Advanced Threat Defense (ATD) Linux 3.6.0 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request parameter. | |||||
| CVE-2017-6550 | 1 Kinsey | 1 Infor-lawson | 2017-03-23 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute arbitrary SQL commands via the (1) TABLE parameter to esbus/servlet/GetSQLData or (2) QUERY parameter to KK_LS9ReportingPortal/GetData. | |||||
| CVE-2016-9728 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2017-03-08 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Qradar 7.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM Reference #: 1999543. | |||||
| CVE-2016-10204 | 1 Zoneminder | 1 Zoneminder | 2017-03-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php. | |||||
| CVE-2017-5218 | 1 Sagecrm | 1 Sagecrm | 2017-03-02 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The AP_DocumentUI.asp web resource includes Utilityfuncs.js when the file is opened or viewed. This file crafts a SQL statement to identify the database that is to be in use with the current user's session. The database variable can be populated from the URL, and when supplied non-expected characters, can be manipulated to obtain access to the underlying database. The /CRM/CustomPages/ACCPAC/AP_DocumentUI.asp?SID=<VALID-SID>&database=1';WAITFOR DELAY '0:0:5'-- URI is a Proof of Concept. | |||||
| CVE-2016-9994 | 1 Ibm | 1 Kenexa Lcms Premier | 2017-03-01 | 6.5 MEDIUM | 7.1 HIGH |
| IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1976805. | |||||
| CVE-2016-9993 | 1 Ibm | 1 Kenexa Lcms Premier | 2017-03-01 | 6.5 MEDIUM | 7.1 HIGH |
| IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067. | |||||
| CVE-2016-9992 | 1 Ibm | 1 Kenexa Lcms Premier | 2017-03-01 | 6.5 MEDIUM | 7.1 HIGH |
| IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067. | |||||
| CVE-2016-8341 | 1 Ecava | 1 Integraxor | 2017-03-01 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host's database could be subject to read, write, and delete commands. | |||||
| CVE-2016-3694 | 1 Modified | 1 Ecommerce Shopsoftware | 2017-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module is not installed, allow remote attackers to execute arbitrary SQL commands via the (1) orders_status or (2) customers_status parameter to api/easybill/easybillcsv.php. | |||||
| CVE-2017-6065 | 1 Metalgenix | 1 Genixcms | 2017-02-23 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticated users to execute arbitrary SQL commands via the order parameter. | |||||
| CVE-2016-5952 | 1 Ibm | 1 Kenexa Lcms Premier | 2017-02-08 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. | |||||
| CVE-2017-5879 | 1 Exponentcms | 1 Exponent Cms | 2017-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects source_selector.php and the following parameter: src. | |||||
| CVE-2016-8928 | 1 Ibm | 1 Kenexa Lms | 2017-02-07 | 6.5 MEDIUM | 7.6 HIGH |
| IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. | |||||
| CVE-2016-8929 | 1 Ibm | 1 Kenexa Lms | 2017-02-07 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. | |||||