Search Results (19026 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-15975 1 Vastal 1 Dating Zone 2025-04-20 N/A
Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461.
CVE-2017-15973 1 Sokial 1 Sokial 2025-04-20 N/A
Sokial Social Network Script 1.0 allows SQL Injection via the id parameter to admin/members_view.php.
CVE-2017-15972 1 Softdatepro 1 Dating Software 2025-04-20 N/A
SoftDatepro Dating Social Network 1.3 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15971.
CVE-2017-15967 1 Mailing-manager 1 Mailing List Manager Pro 2025-04-20 N/A
Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template.
CVE-2017-2120 1 Wbce 1 Wbce Cms 2025-04-20 N/A
SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.
CVE-2017-14842 1 Dasinfomedia 1 Smsmaster Multipurpose Sms Gateway 2025-04-20 N/A
Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter.
CVE-2017-15966 1 Zh Yandexmap Project 1 Zh Yandexmap 2025-04-20 N/A
The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php.
CVE-2014-4914 2 Debian, Zend 2 Debian Linux, Zend Framework 2025-04-20 N/A
The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.
CVE-2017-15965 1 Nswd 1 Ns Download Shop 2025-04-20 N/A
The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action.
CVE-2017-9848 1 Easysitecms 1 Easysite 2025-04-20 N/A
SQL injection vulnerability in C_InfoService.asmx in WebServices in Easysite 7.0 could allow remote attackers to execute arbitrary SQL commands via an XML document containing a crafted ArticleIDs element within a GetArticleHitsArray element.
CVE-2017-15964 1 Nicephpscripts 1 Job Board Script 2025-04-20 N/A
Job Board Script Software allows SQL Injection via the PATH_INFO to a /job-details URI.
CVE-2017-15958 1 Domainzaar 1 D-park Pro 2025-04-20 N/A
D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the username to admin/loginform.php.
CVE-2015-5376 1 Gsi-office 1 Winpat Portal 2025-04-20 N/A
SQL injection vulnerability in the login form in GSI WiNPAT Portal 3.2.0.1001 through 3.6.1.0 allows remote attackers to execute arbitrary SQL commands via the username field.
CVE-2017-14403 1 Eyesofnetwork 1 Eyesofnetwork 2025-04-20 N/A
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php.
CVE-2017-14402 1 Eyesofnetwork 1 Eyesofnetwork 2025-04-20 N/A
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT CREATION" section, related to lack of input validation in include/function.php.
CVE-2017-14345 1 Blog Project 1 Blog 2025-04-20 N/A
SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php.
CVE-2017-11736 1 Bigtreecms 1 Bigtree Cms 2025-04-20 N/A
SQL injection vulnerability in core\admin\auto-modules\forms\process.php in BigTree 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via the tags array parameter.
CVE-2017-15933 1 Eyesofnetwork 1 Eyesofnetwork 2025-04-20 N/A
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php.
CVE-2017-15959 1 Adultscriptpro 1 Adultscriptpro 2025-04-20 N/A
Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576.
CVE-2017-15960 1 Yourarticlesdirectory 1 Article Directory Script 2025-04-20 N/A
Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php.