Search Results (19026 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-15985 1 Readymadeb2bscript 1 Basic B2b Script 2025-04-20 N/A
Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter.
CVE-2017-15984 1 Bekirk 1 Creative Management System Lite 2025-04-20 N/A
Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php.
CVE-2017-15983 1 Geniusocean 1 Mymagazine Magazine \& Blog Cms 2025-04-20 N/A
MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
CVE-2017-7973 1 Schneider-electric 1 U.motion Builder 2025-04-20 N/A
A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database.
CVE-2017-15982 1 Geniusocean 1 News 2025-04-20 9.8 Critical
Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
CVE-2017-15977 1 Protectedlinks 1 Expiring Download Links 2025-04-20 N/A
Protected Links - Expiring Download Links 1.0 allows SQL Injection via the username parameter.
CVE-2017-15976 1 Zeescripts 1 Zeebuddy 2025-04-20 N/A
ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid parameter, a different vulnerability than CVE-2008-3604.
CVE-2017-7991 1 Exponentcms 1 Exponent Cms 2025-04-20 N/A
Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.
CVE-2017-15975 1 Vastal 1 Dating Zone 2025-04-20 N/A
Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461.
CVE-2017-15973 1 Sokial 1 Sokial 2025-04-20 N/A
Sokial Social Network Script 1.0 allows SQL Injection via the id parameter to admin/members_view.php.
CVE-2017-15972 1 Softdatepro 1 Dating Software 2025-04-20 N/A
SoftDatepro Dating Social Network 1.3 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15971.
CVE-2017-15967 1 Mailing-manager 1 Mailing List Manager Pro 2025-04-20 N/A
Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template.
CVE-2017-15966 1 Zh Yandexmap Project 1 Zh Yandexmap 2025-04-20 N/A
The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php.
CVE-2017-8789 1 Accellion 1 File Transfer Appliance 2025-04-20 N/A
An issue was discovered on Accellion FTA devices before FTA_9_12_180. A report_error.php?year='payload SQL injection vector exists.
CVE-2017-15965 1 Nswd 1 Ns Download Shop 2025-04-20 N/A
The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action.
CVE-2017-17906 1 Car Rental Script Project 1 Car Rental Script 2025-04-20 N/A
PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter.
CVE-2017-17899 1 Dolibarr 1 Dolibarr Erp\/crm 2025-04-20 N/A
SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter.
CVE-2017-15964 1 Nicephpscripts 1 Job Board Script 2025-04-20 N/A
Job Board Script Software allows SQL Injection via the PATH_INFO to a /job-details URI.
CVE-2017-15958 1 Domainzaar 1 D-park Pro 2025-04-20 N/A
D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the username to admin/loginform.php.
CVE-2017-15969 1 Pilotgroup 1 Allsharevideo 2025-04-20 N/A
PG All Share Video 1.0 allows SQL Injection via the PATH_INFO to search/tag, friends/index, users/profile, or video_catalog/category.