Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8930 | 1 Ibm | 1 Kenexa Lms | 2017-02-07 | 6.5 MEDIUM | 7.6 HIGH |
| IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. | |||||
| CVE-2016-9416 | 1 Mybb | 2 Merge System, Mybb | 2017-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the users data handler in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-9402 | 1 Mybb | 2 Merge System, Mybb | 2017-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-8974 | 1 Mybb | 2 Merge System, Mybb | 2017-02-05 | 7.5 HIGH | 10.0 CRITICAL |
| SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-5598 | 1 Eclinicalworks | 1 Patient Portal | 2017-02-01 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in eClinicalWorks healow@work 8.0 build 8. This is a blind SQL injection within the EmployeePortalServlet, which can be exploited by un-authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects the EmployeePortalServlet page and the following parameter: employer. | |||||
| CVE-2017-5517 | 1 Metalgenix | 1 Genixcms | 2017-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter. | |||||
| CVE-2017-5519 | 1 Metalgenix | 1 Genixcms | 2017-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2017-5347 | 1 Metalgenix | 1 Genixcms | 2017-01-27 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in inc/mod/newsletter/options.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the recipient parameter to gxadmin/index.php. | |||||
| CVE-2017-5345 | 1 Metalgenix | 1 Genixcms | 2017-01-27 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in inc/lib/Control/Ajax/tags-ajax.control.php in GeniXCMS 0.0.8 allows remote authenticated editors to execute arbitrary SQL commands via the term parameter to the default URI. | |||||
| CVE-2016-0769 | 1 Elfden | 1 Eshop Plugin | 2017-01-26 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple SQL injection vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow (1) remote administrators to execute arbitrary SQL commands via the delid parameter or remote authenticated users to execute arbitrary SQL commands via the (2) view, (3) mark, or (4) change parameter. | |||||
| CVE-2017-5575 | 1 Metalgenix | 1 Genixcms | 2017-01-26 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the modules parameter. | |||||
| CVE-2017-5574 | 1 Metalgenix | 1 Genixcms | 2017-01-26 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows unauthenticated users to execute arbitrary SQL commands via the activation parameter. | |||||
| CVE-2017-5569 | 1 Eclinicalworks | 1 Patient Portal | 2017-01-26 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP POST request, and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile(). | |||||
| CVE-2017-5570 | 1 Eclinicalworks | 1 Patient Portal | 2017-01-26 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the messageJson.jsp, which can only be exploited by authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile(). | |||||
| CVE-2016-10114 | 1 Awebsupport | 1 Aweb Cart Watching System For Virtuemart | 2017-01-11 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the "aWeb Cart Watching System for Virtuemart" extension before 2.6.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via vectors involving categorysearch and smartSearch. | |||||
| CVE-2015-0699 | 1 Cisco | 1 Unified Communications Domain Manager | 2017-01-06 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut21563. | |||||
| CVE-2016-1000117 | 1 Huge-it | 1 Slideshow | 2017-01-06 | 6.5 MEDIUM | 7.2 HIGH |
| XSS & SQLi in HugeIT slideshow v1.0.4 | |||||
| CVE-2015-3980 | 1 Sap | 1 Customer Relationship Management | 2017-01-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534. | |||||
| CVE-2014-9089 | 2 Debian, Mantisbt | 2 Debian Linux, Mantisbt | 2017-01-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php. | |||||
| CVE-2015-1889 | 1 Ibm | 1 Infosphere Biginsights | 2017-01-03 | 6.5 MEDIUM | N/A |
| The Big SQL component in IBM InfoSphere BigInsights 3.0 through 3.0.0.2 allows remote authenticated users to bypass intended HDFS data-access restrictions via (1) a crafted CREATE HADOOP TABLE statement referencing the data of an arbitrary user or (2) an import of a certain Hive table definition with the HCAT_SYNC_OBJECTS procedure. | |||||