Search Results (19026 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-17638 1 Groupon Clone Script Project 1 Groupon Clone Script 2025-04-20 N/A
Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php state_id parameter.
CVE-2017-5611 3 Debian, Oracle, Wordpress 3 Debian Linux, Data Integrator, Wordpress 2025-04-20 9.8 Critical
SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name.
CVE-2017-17636 1 Mlm Forced Matrix Project 1 Mlm Forced Matrix 2025-04-20 N/A
MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter.
CVE-2017-17632 1 Responsive Events And Movie Ticket Booking Script Project 1 Responsive Events And Movie Ticket Booking Script 2025-04-20 N/A
Responsive Events And Movie Ticket Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.
CVE-2016-4338 1 Zabbix 1 Zabbix 2025-04-20 N/A
The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size parameter.
CVE-2017-3886 1 Cisco 1 Unified Communications Manager 2025-04-20 N/A
A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The attacker must be authenticated as an administrative user to execute SQL database queries. More Information: CSCvc74291. Known Affected Releases: 1.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 12.0(0.98000.619) 12.0(0.98000.485) 12.0(0.98000.212) 11.5(1.13035.1) 11.0(1.23900.5) 11.0(1.23900.2) 11.0(1.23067.1) 10.5(2.15900.2).
CVE-2017-17631 1 Multireligion Responsive Matrimonial Project 1 Multireligion Responsive Matrimonial 2025-04-20 N/A
Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the success-story.php succid parameter.
CVE-2017-17630 1 Yoga Class Script Project 1 Yoga Class Script 2025-04-20 N/A
Yoga Class Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-8377 1 Genixcms 1 Genixcms 2025-04-20 N/A
GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid parameter.
CVE-2017-9603 1 Intensewp 1 Wp Jobs 2025-04-20 N/A
SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress allows authenticated users to execute arbitrary SQL commands via the jobid parameter to wp-admin/edit.php.
CVE-2017-17628 1 Responsive Realestate Script Project 1 Responsive Realestate Script 2025-04-20 N/A
Responsive Realestate Script 3.2 has SQL Injection via the property-list tbud parameter.
CVE-2017-6668 1 Cisco 1 Unified Communications Domain Manager 2025-04-20 N/A
Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc52784 CSCvc97648. Known Affected Releases: 8.1(7)ER1.
CVE-2017-6013 1 Intelliants 1 Subrion Cms 2025-04-20 N/A
Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter.
CVE-2017-17626 1 Readymade Php Classified Script Project 1 Readymade Php Classified Script 2025-04-20 N/A
Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter.
CVE-2016-4861 2 Fedoraproject, Zend 2 Fedora, Zend Framework 2025-04-20 N/A
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.
CVE-2017-16896 1 Tt-rss 1 Tiny Tiny Rss 2025-04-20 N/A
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter.
CVE-2017-16850 1 Zohocorp 1 Manageengine Applications Manager 2025-04-20 N/A
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action.
CVE-2017-1269 1 Ibm 1 Security Guardium 2025-04-20 N/A
IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-force ID: 124744
CVE-2017-16849 1 Zohocorp 1 Manageengine Applications Manager 2025-04-20 N/A
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter.
CVE-2012-2576 1 Solarwinds 3 Backup Profiler, Storage Manager, Storage Profiler 2025-04-20 N/A
SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field.