Search Results (19026 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-6571 1 Mail-masta Project 1 Mail-masta 2025-04-20 N/A
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign.php with the GET Parameter: id.
CVE-2017-17637 1 Car Rental Script Project 1 Car Rental Script 2025-04-20 N/A
Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter.
CVE-2017-6754 1 Cisco 1 Smart Net Total Care Collector Appliance 2025-04-20 N/A
A vulnerability in the web-based management interface of the Cisco Smart Net Total Care (SNTC) Software Collector Appliance 3.11 could allow an authenticated, remote attacker to perform a read-only, blind SQL injection attack, which could allow the attacker to compromise the confidentiality of the system through SQL timing attacks. The vulnerability is due to insufficient input validation of certain user-supplied fields that are subsequently used by the affected software to build SQL queries. An attacker could exploit this vulnerability by submitting crafted URLs, which are designed to exploit the vulnerability, to the affected software. To execute an attack successfully, the attacker would need to submit a number of requests to the affected software. A successful exploit could allow the attacker to determine the presence of values in the SQL database of the affected software. Cisco Bug IDs: CSCvf07617.
CVE-2017-17634 1 Single Theater Booking Script Project 1 Single Theater Booking Script 2025-04-20 N/A
Single Theater Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.
CVE-2017-17618 1 Kickstarter Clone Script Project 1 Kickstarter Clone Script 2025-04-20 N/A
Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter.
CVE-2017-9730 1 Dfsol 1 Nuevomailer 2025-04-20 9.8 Critical
SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the "r" parameter.
CVE-2017-17617 1 Foodspotting Clone Script Project 1 Foodspotting Clone Script 2025-04-20 N/A
Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php q parameter.
CVE-2017-9759 1 Zenbership 1 Zenbership 2025-04-20 N/A
SQL Injection exists in admin/index.php in Zenbership 1.0.8 via the filters array parameter, exploitable by a privileged account.
CVE-2017-17616 1 Event Calendar Category Script Project 1 Event Calendar Category Script 2025-04-20 N/A
Event Search Script 1.0 has SQL Injection via the /event-list city parameter.
CVE-2017-17580 1 Linkedin Clone Project 1 Linkedin Clone 2025-04-20 9.8 Critical
FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter.
CVE-2017-17585 1 Monster Clone Project 1 Monster Clone 2025-04-20 9.8 Critical
FS Monster Clone 1.0 has SQL Injection via the Employer_Details.php id parameter.
CVE-2017-17584 1 Makemytrip Clone Project 1 Makemytrip Clone 2025-04-20 9.8 Critical
FS Makemytrip Clone 1.0 has SQL Injection via the show-flight-result.php fl_orig or fl_dest parameter.
CVE-2017-1000067 1 Modx 1 Revolution 2025-04-20 N/A
MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges.
CVE-2015-4073 1 Helpdesk Pro Project 1 Helpdesk Pro 2025-04-20 N/A
Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter.
CVE-2015-5052 1 Sefrengo 1 Sefrengo 2025-04-20 N/A
SQL injection vulnerability in Sefrengo before 1.6.5 beta2.
CVE-2017-17824 1 Piwigo 1 Piwigo 2025-04-20 N/A
The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database.
CVE-2017-8835 1 Peplink 12 1350hw2 Firmware, 2500 Firmware, 380hw6 Firmware and 9 more 2025-04-20 N/A
SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. An attack vector is the bauth cookie to cgi-bin/MANGA/admin.cgi. One impact is enumeration of user accounts by observing whether a session ID can be retrieved from the sessions database.
CVE-2017-17575 1 Groupon Clone Project 1 Groupon Clone 2025-04-20 9.8 Critical
FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter.
CVE-2017-11329 1 Glpi-project 1 Glpi 2025-04-20 N/A
GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php request with an entity_restrict parameter that is not a list of integers.
CVE-2017-9427 1 Bigtreecms 1 Bigtree Cms 2025-04-20 N/A
SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core\admin\modules\developer\modules\designer\form-create.php. The attacker creates a crafted table name at admin/developer/modules/designer/ and the injection is visible at admin/dashboard/vitals-statistics/integrity/check/?external=true.