Total
14500 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-17642 | 1 Basic Job Site Script Project | 1 Basic Job Site Script | 2025-04-20 | N/A |
| Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job. | ||||
| CVE-2017-17643 | 1 Lynda Clone Project | 1 Lynda Clone | 2025-04-20 | 9.8 Critical |
| FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tutorial/. | ||||
| CVE-2017-17645 | 1 Phpautoclassifiedscript | 1 Bus Booking Script | 2025-04-20 | N/A |
| Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php. | ||||
| CVE-2017-17648 | 1 Entrepreneur Dating Script Project | 1 Entrepreneur Dating Script | 2025-04-20 | N/A |
| Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter. | ||||
| CVE-2017-17651 | 1 Paid To Read Script Project | 1 Paid To Read Script | 2025-04-20 | N/A |
| Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter. | ||||
| CVE-2017-17695 | 1 Techno - Portfolio Management Panel Project | 1 Techno - Portfolio Management Panel | 2025-04-20 | N/A |
| Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter. | ||||
| CVE-2017-17730 | 1 Dedecms | 1 Dedecms | 2025-04-20 | N/A |
| DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php. | ||||
| CVE-2017-17779 | 1 Paid To Read Script Project | 1 Paid To Read Script | 2025-04-20 | N/A |
| Paid To Read Script 2.0.5 has SQL injection via the referrals.php id parameter. | ||||
| CVE-2017-17870 | 1 Jbuildozer | 1 Jbuildozer | 2025-04-20 | N/A |
| The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the appid parameter in an entriessearch action. | ||||
| CVE-2017-17822 | 1 Piwigo | 1 Piwigo | 2025-04-20 | N/A |
| The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database. | ||||
| CVE-2017-17824 | 1 Piwigo | 1 Piwigo | 2025-04-20 | N/A |
| The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database. | ||||
| CVE-2017-17829 | 1 Doditsolutions | 1 Bus Booking Script | 2025-04-20 | N/A |
| Bus Booking Script has SQL Injection via the admin/view_seatseller.php sp_id parameter or the admin/view_member.php memid parameter. | ||||
| CVE-2017-16846 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | N/A |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter. | ||||
| CVE-2017-16847 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | N/A |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action. | ||||
| CVE-2017-16848 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | N/A |
| Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter. | ||||
| CVE-2017-16849 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | N/A |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter. | ||||
| CVE-2017-16850 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-04-20 | N/A |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action. | ||||
| CVE-2017-16896 | 1 Tt-rss | 1 Tiny Tiny Rss | 2025-04-20 | N/A |
| A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter. | ||||
| CVE-2017-16955 | 1 Inlinks Project | 1 Inlinks | 2025-04-20 | N/A |
| SQL injection vulnerability in the InLinks plugin through 1.1 for WordPress allows authenticated users to execute arbitrary SQL commands via the "keyword" parameter to /wp-admin/options-general.php?page=inlinks/inlinks.php. | ||||
| CVE-2017-16961 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | N/A |
| A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The attack uses an admin/trees/add/process request with a crafted _tags[] parameter that is mishandled in a later admin/ajax/dashboard/approve-change request. | ||||