Search Results (19026 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-17875 1 Jextn 1 Jextn Faq Pro 2025-04-20 N/A
The JEXTN FAQ Pro extension 4.0.0 for Joomla! has SQL Injection via the id parameter in a view=category action.
CVE-2017-17731 1 Dedecms 1 Dedecms 2025-04-20 N/A
DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.
CVE-2015-4592 1 Eclinicalworks 1 Population Health 2025-04-20 N/A
eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input.
CVE-2017-14843 1 Dasinfomedia 1 School Management System 2025-04-20 N/A
Mojoomla School Management System for WordPress allows SQL Injection via the id parameter.
CVE-2017-17621 1 Multivendor Penny Auction Clone Script Project 1 Multivendor Penny Auction Clone Script 2025-04-20 N/A
Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI.
CVE-2017-9443 1 Bigtreecms 1 Bigtree Cms 2025-04-20 8.8 High
BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and core\admin\modules\developer\packages\install\process.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files.
CVE-2017-15907 1 Phpcollab 1 Phpcollab 2025-04-20 N/A
SQL injection vulnerability in phpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to newsdesk/newsdesk.php.
CVE-2017-15919 1 Accesspressthemes 1 Ultimate-form-builder-lite 2025-04-20 N/A
The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php.
CVE-2017-14507 1 Shindiristudio 1 Content Timeline 2025-04-20 N/A
Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) timeline parameter in content_timeline_class.php; or the id parameter to (2) pages/content_timeline_edit.php or (3) pages/content_timeline_index.php.
CVE-2016-10378 1 E107 1 E107 2025-04-20 N/A
e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function.
CVE-2017-17619 1 Laundry Booking Script Project 1 Laundry Booking Script 2025-04-20 N/A
Laundry Booking Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17613 1 Freelance Website Script Project 1 Freelance Website Script 2025-04-20 N/A
Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php pr_id parameter or the searchbycat_list.php catid parameter.
CVE-2017-17713 1 Boxug 1 Trape 2025-04-20 N/A
Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter.
CVE-2017-14703 1 Cashbackcomparisonscript 1 Cash Back Comparison 2025-04-20 N/A
SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to search/.
CVE-2017-1002021 1 Surveys Project 1 Surveys 2025-04-20 N/A
Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query.
CVE-2017-6088 1 Eyesofnetwork 1 Eyesofnetwork 2025-04-20 N/A
Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter to module/monitoring_ged/ged_functions.php or the (5) type parameter to monitoring_ged/ajax.php.
CVE-2017-5570 1 Eclinicalworks 1 Patient Portal 2025-04-20 N/A
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the messageJson.jsp, which can only be exploited by authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile().
CVE-2017-5598 1 Eclinicalworks 1 Patient Portal 2025-04-20 N/A
An issue was discovered in eClinicalWorks healow@work 8.0 build 8. This is a blind SQL injection within the EmployeePortalServlet, which can be exploited by un-authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects the EmployeePortalServlet page and the following parameter: employer.
CVE-2015-3313 1 Community Events Project 1 Community Events 2025-04-20 N/A
SQL injection vulnerability in WordPress Community Events plugin before 1.4.
CVE-2017-5154 1 Advantech 1 Webaccess 2025-04-20 N/A
An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files.