Search Results (19026 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-9402 1 Mybb 2 Merge System, Mybb 2025-04-20 N/A
SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-2555 1 Atutor 1 Atutor 2025-04-20 N/A
SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php.
CVE-2016-6233 2 Fedoraproject, Zend 2 Fedora, Zend Framework 2025-04-20 N/A
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression.
CVE-2017-6089 1 Phpcollab 1 Phpcollab 2025-04-20 N/A
SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) project or id parameters to topics/deletetopics.php; the (2) id parameter to bookmarks/deletebookmarks.php; or the (3) id parameter to calendar/deletecalendar.php.
CVE-2016-5742 1 Sixapart 2 Movable Type, Movable Type Open Source 2025-04-20 N/A
SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2017-13137 1 Formcrafts 1 Formcraft 2025-04-20 9.8 Critical
The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php.
CVE-2017-11184 1 Glpi-project 1 Glpi 2025-04-20 N/A
SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter.
CVE-2017-9418 1 Goldplugins 1 Testimonials Plugin Easy Testimonials 2025-04-20 N/A
SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php.
CVE-2017-9435 1 Dolibarr 1 Dolibarr 2025-04-20 N/A
Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters).
CVE-2016-3694 1 Modified 1 Ecommerce Shopsoftware 2025-04-20 N/A
Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module is not installed, allow remote attackers to execute arbitrary SQL commands via the (1) orders_status or (2) customers_status parameter to api/easybill/easybillcsv.php.
CVE-2017-14356 1 Hp 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express 2025-04-20 N/A
An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection.
CVE-2017-1002009 1 Ontraport 1 Membership Simplified 2025-04-20 N/A
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function.
CVE-2017-1311 1 Ibm 1 Insights Foundation For Energy 2025-04-20 N/A
IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 125719.
CVE-2017-1002012 1 Anblik 1 Image-gallery-with-slideshow 2025-04-20 N/A
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, In image-gallery-with-slideshow/admin_setting.php the following snippet of code does not sanitize input via the gid variable before passing it into an SQL statement.
CVE-2017-1002014 1 Anblik 1 Image-gallery-with-slideshow 2025-04-20 N/A
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter.
CVE-2017-15974 1 Datacomponents 1 Tpanel 2025-04-20 N/A
tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php.
CVE-2017-17950 1 Cells 1 Blog 2025-04-20 N/A
Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid parameter.
CVE-2017-17897 1 Dolibarr 1 Dolibarr Erp\/crm 2025-04-20 N/A
SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2016-10379 1 Virtuemart 1 Virtuemart 2025-04-20 N/A
The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL injection by remote authenticated administrators via the virtuemart_paymentmethod_id or virtuemart_shipmentmethod_id parameter to administrator/index.php.
CVE-2017-17591 1 Realestate Crowdfunding Script Project 1 Realestate Crowdfunding Script 2025-04-20 N/A
Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter.