Search Results (19026 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-4592 1 Eclinicalworks 1 Population Health 2025-04-20 N/A
eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input.
CVE-2017-6088 1 Eyesofnetwork 1 Eyesofnetwork 2025-04-20 N/A
Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter to module/monitoring_ged/ged_functions.php or the (5) type parameter to monitoring_ged/ajax.php.
CVE-2017-12930 1 Tecnovision 1 Dlx Spot Player4 2025-04-20 N/A
SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version >1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password.
CVE-2017-12946 1 Easymodal Project 1 Easy Modal 2025-04-20 N/A
classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators.
CVE-2017-12981 1 Nexusphp 1 Nexusphp 2025-04-20 N/A
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action.
CVE-2017-13068 1 Qnap 1 Qts Helpdesk 2025-04-20 N/A
QNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information. A remote attacker does not require any privileges to successfully execute this attack.
CVE-2017-1606 1 Ibm 1 Financial Transaction Manager 2025-04-20 N/A
IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 132926.
CVE-2017-16851 1 Zohocorp 1 Manageengine Applications Manager 2025-04-20 N/A
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter.
CVE-2017-16893 1 Piwigo 1 Piwigo 2025-04-20 N/A
The application Piwigo is affected by an SQL injection vulnerability in version 2.9.2 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. tags.php is affected: values of the edit_list parameters are not sanitized; these are used to construct an SQL query and retrieve a list of registered users into the application.
CVE-2017-17624 1 Php Multivendor Ecommerce Project 1 Php Multivendor Ecommerce 2025-04-20 N/A
PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1 parameter.
CVE-2017-5570 1 Eclinicalworks 1 Patient Portal 2025-04-20 N/A
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the messageJson.jsp, which can only be exploited by authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile().
CVE-2017-5598 1 Eclinicalworks 1 Patient Portal 2025-04-20 N/A
An issue was discovered in eClinicalWorks healow@work 8.0 build 8. This is a blind SQL injection within the EmployeePortalServlet, which can be exploited by un-authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects the EmployeePortalServlet page and the following parameter: employer.
CVE-2017-17573 1 Fortunescripts 1 Ebay Clone 2025-04-20 N/A
FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, or the search.php category_id or sub_category_id parameter.
CVE-2017-17581 1 Quibids Clone Project 1 Quibids Clone 2025-04-20 9.8 Critical
FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter.
CVE-2017-17587 1 Indiamart Clone Project 1 Indiamart Clone 2025-04-20 9.8 Critical
FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token parameter, buyleads-details.php id parameter, or company/index.php c parameter.
CVE-2017-17608 1 Kindergarten - Elementary School Listing Script Project 1 Kindergarten - Elementary School Listing Script 2025-04-20 N/A
Child Care Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17721 1 Zuuse 1 Beims Contractorweb .net 2025-04-20 N/A
CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter.
CVE-2017-17823 1 Piwigo 1 Piwigo 2025-04-20 N/A
The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database.
CVE-2017-17871 1 Jextn 1 Jextn Question And Answer 2025-04-20 N/A
The "JEXTN Question And Answer" extension 3.1.0 for Joomla! has SQL Injection via the an parameter in a view=tags action, or the ques-srch parameter.
CVE-2017-17931 1 Resume Clone Script Project 1 Resume Clone Script 2025-04-20 N/A
PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter.