Search Results (19026 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-17871 1 Jextn 1 Jextn Question And Answer 2025-04-20 N/A
The "JEXTN Question And Answer" extension 3.1.0 for Joomla! has SQL Injection via the an parameter in a view=tags action, or the ques-srch parameter.
CVE-2017-14507 1 Shindiristudio 1 Content Timeline 2025-04-20 N/A
Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) timeline parameter in content_timeline_class.php; or the id parameter to (2) pages/content_timeline_edit.php or (3) pages/content_timeline_index.php.
CVE-2015-4592 1 Eclinicalworks 1 Population Health 2025-04-20 N/A
eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input.
CVE-2017-14508 1 Sugarcrm 1 Sugarcrm 2025-04-20 N/A
An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). Several areas have been identified in the Documents and Emails module that could allow an authenticated user to perform SQL injection, as demonstrated by a backslash character at the end of a bean_id to modules/Emails/DetailView.php. An attacker could exploit these vulnerabilities by sending a crafted SQL request to the affected areas. An exploit could allow the attacker to modify the SQL database. Proper SQL escaping has been added to prevent such exploits.
CVE-2017-17613 1 Freelance Website Script Project 1 Freelance Website Script 2025-04-20 N/A
Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php pr_id parameter or the searchbycat_list.php catid parameter.
CVE-2017-17931 1 Resume Clone Script Project 1 Resume Clone Script 2025-04-20 N/A
PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter.
CVE-2017-15919 1 Accesspressthemes 1 Ultimate-form-builder-lite 2025-04-20 N/A
The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php.
CVE-2015-0782 1 Novell 1 Zenworks Configuration Management 2025-04-20 N/A
SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2017-2195 1 Multi Feed Reader Project 1 Multi Feed Reader 2025-04-20 N/A
SQL injection vulnerability in the Multi Feed Reader prior to version 2.2.4 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-0780 1 Novell 1 Zenworks Configuration Management 2025-04-20 N/A
SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2017-17695 1 Techno - Portfolio Management Panel Project 1 Techno - Portfolio Management Panel 2025-04-20 N/A
Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter.
CVE-2017-17823 1 Piwigo 1 Piwigo 2025-04-20 N/A
The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database.
CVE-2017-6088 1 Eyesofnetwork 1 Eyesofnetwork 2025-04-20 N/A
Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter to module/monitoring_ged/ged_functions.php or the (5) type parameter to monitoring_ged/ajax.php.
CVE-2017-7236 1 Netapp 1 Oncommand Unified Manager Core Package 2025-04-20 N/A
SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2017-7886 1 Dolibarr 1 Dolibarr Erp\/crm 2025-04-20 N/A
Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter.
CVE-2017-17619 1 Laundry Booking Script Project 1 Laundry Booking Script 2025-04-20 N/A
Laundry Booking Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17621 1 Multivendor Penny Auction Clone Script Project 1 Multivendor Penny Auction Clone Script 2025-04-20 N/A
Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI.
CVE-2017-8002 1 Emc 1 Data Protection Advisor 2025-04-20 N/A
EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker may potentially exploit these vulnerabilities to gain information about the application by causing execution of arbitrary SQL commands.
CVE-2017-17608 1 Kindergarten - Elementary School Listing Script Project 1 Kindergarten - Elementary School Listing Script 2025-04-20 N/A
Child Care Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-6550 1 Kinsey 1 Infor-lawson 2025-04-20 N/A
Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute arbitrary SQL commands via the (1) TABLE parameter to esbus/servlet/GetSQLData or (2) QUERY parameter to KK_LS9ReportingPortal/GetData.