Search Results (19026 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-8621 1 Store Locator Project 1 Store Locator 2025-04-20 N/A
SQL injection vulnerability in the Store Locator plugin 2.3 through 3.11 for WordPress allows remote attackers to execute arbitrary SQL commands via the sl_custom_field parameter to sl-xml.php.
CVE-2017-6195 1 Ipswitch 2 Moveit Dmz, Moveit Transfer 2017 2025-04-20 N/A
Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017 9.0.0.201, MOVEit DMZ 8.3.0.30, and MOVEit DMZ 8.2.0.20.
CVE-2016-10509 1 Opencart 1 Opencart 2025-04-20 N/A
SQL injection vulnerability in the updateAmazonOrderTracking function in upload/admin/model/openbay/amazon.php in OpenCart before version 2.3.0.0 allows remote authenticated administrators to execute arbitrary SQL commands via a carrier (aka courier_id) parameter to openbay.php.
CVE-2016-2034 1 Arubanetworks 1 Clearpass 2025-04-20 N/A
SQL injection vulnerability in ClearPass Policy Manager 6.5.x through 6.5.6 and 6.6.0.
CVE-2016-7400 1 Exponentcms 1 Exponent Cms 2025-04-20 N/A
Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id parameter in a showComments expComment controller action.
CVE-2016-7788 1 Exponentcms 1 Exponent Cms 2025-04-20 N/A
SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2016-8025 1 Mcafee 1 Virusscan Enterprise 2025-04-20 N/A
SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter.
CVE-2016-8341 1 Ecava 1 Integraxor 2025-04-20 N/A
An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host's database could be subject to read, write, and delete commands.
CVE-2017-13068 1 Qnap 1 Qts Helpdesk 2025-04-20 N/A
QNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information. A remote attacker does not require any privileges to successfully execute this attack.
CVE-2017-1347 1 Ibm 1 Sterling B2b Integrator 2025-04-20 N/A
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126462.
CVE-2017-1356 1 Ibm 1 Atlas Ediscovery Process Management 2025-04-20 N/A
IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126683.
CVE-2017-13669 1 Nexusphp 1 Nexusphp 2025-04-20 N/A
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered parameter to staffbox.php.
CVE-2017-17624 1 Php Multivendor Ecommerce Project 1 Php Multivendor Ecommerce 2025-04-20 N/A
PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1 parameter.
CVE-2017-17573 1 Fortunescripts 1 Ebay Clone 2025-04-20 N/A
FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, or the search.php category_id or sub_category_id parameter.
CVE-2017-17581 1 Quibids Clone Project 1 Quibids Clone 2025-04-20 9.8 Critical
FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter.
CVE-2017-17587 1 Indiamart Clone Project 1 Indiamart Clone 2025-04-20 9.8 Critical
FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token parameter, buyleads-details.php id parameter, or company/index.php c parameter.
CVE-2017-17608 1 Kindergarten - Elementary School Listing Script Project 1 Kindergarten - Elementary School Listing Script 2025-04-20 N/A
Child Care Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17721 1 Zuuse 1 Beims Contractorweb .net 2025-04-20 N/A
CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter.
CVE-2017-17823 1 Piwigo 1 Piwigo 2025-04-20 N/A
The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database.
CVE-2017-17871 1 Jextn 1 Jextn Question And Answer 2025-04-20 N/A
The "JEXTN Question And Answer" extension 3.1.0 for Joomla! has SQL Injection via the an parameter in a view=tags action, or the ques-srch parameter.