Total
14501 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-16955 | 1 Inlinks Project | 1 Inlinks | 2025-04-20 | N/A |
| SQL injection vulnerability in the InLinks plugin through 1.1 for WordPress allows authenticated users to execute arbitrary SQL commands via the "keyword" parameter to /wp-admin/options-general.php?page=inlinks/inlinks.php. | ||||
| CVE-2017-16961 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | N/A |
| A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The attack uses an admin/trees/add/process request with a crafted _tags[] parameter that is mishandled in a later admin/ajax/dashboard/approve-change request. | ||||
| CVE-2017-17102 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | N/A |
| Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST['link']. | ||||
| CVE-2017-17103 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | N/A |
| Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via $_POST[name] or $_POST[email]. This vulnerability can lead to escalation from normal user privileges to administrator privileges. | ||||
| CVE-2017-17110 | 1 Techno - Portfolio Management Panel Project | 1 Techno - Portfolio Management Panel | 2025-04-20 | N/A |
| Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request. | ||||
| CVE-2017-17111 | 1 Scubez | 1 Posty Readymade Classifieds | 2025-04-20 | N/A |
| Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request. | ||||
| CVE-2017-17572 | 1 Amazon Clone Project | 1 Amazon Clone | 2025-04-20 | 9.8 Critical |
| FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari. | ||||
| CVE-2017-15907 | 1 Phpcollab | 1 Phpcollab | 2025-04-20 | N/A |
| SQL injection vulnerability in phpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to newsdesk/newsdesk.php. | ||||
| CVE-2017-15919 | 1 Accesspressthemes | 1 Ultimate-form-builder-lite | 2025-04-20 | N/A |
| The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php. | ||||
| CVE-2017-15933 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | N/A |
| SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php. | ||||
| CVE-2017-15946 | 1 Selfget | 1 Tag Meta | 2025-04-20 | N/A |
| In the com_tag component 1.7.6 for Joomla!, a SQL injection vulnerability is located in the `tag` parameter to index.php. The request method to execute is GET. | ||||
| CVE-2017-15949 | 1 Angry-frog | 1 Xavier | 2025-04-20 | N/A |
| Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the log_id parameter to admin/editgroup.php. | ||||
| CVE-2017-15960 | 1 Yourarticlesdirectory | 1 Article Directory Script | 2025-04-20 | N/A |
| Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php. | ||||
| CVE-2017-15961 | 1 Iproject Management System Project | 1 Iproject Management System | 2025-04-20 | N/A |
| iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php. | ||||
| CVE-2017-15963 | 1 Itechscripts | 1 Gigs Script | 2025-04-20 | N/A |
| iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.php sc parameter or the service-provider.php ser parameter. | ||||
| CVE-2017-15964 | 1 Nicephpscripts | 1 Job Board Script | 2025-04-20 | N/A |
| Job Board Script Software allows SQL Injection via the PATH_INFO to a /job-details URI. | ||||
| CVE-2017-15965 | 1 Nswd | 1 Ns Download Shop | 2025-04-20 | N/A |
| The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action. | ||||
| CVE-2017-15966 | 1 Zh Yandexmap Project | 1 Zh Yandexmap | 2025-04-20 | N/A |
| The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php. | ||||
| CVE-2017-15968 | 1 Contractorscripts | 1 Mybuildersite | 2025-04-20 | N/A |
| MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.php subcategory parameter. | ||||
| CVE-2017-15969 | 1 Pilotgroup | 1 Allsharevideo | 2025-04-20 | N/A |
| PG All Share Video 1.0 allows SQL Injection via the PATH_INFO to search/tag, friends/index, users/profile, or video_catalog/category. | ||||