ReportizFlow
Filtered by vendor
Subscriptions
Total
18782 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-17621 | 1 Multivendor Penny Auction Clone Script Project | 1 Multivendor Penny Auction Clone Script | 2025-04-20 | N/A |
| Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI. | ||||
| CVE-2017-17111 | 1 Scubez | 1 Posty Readymade Classifieds | 2025-04-20 | N/A |
| Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request. | ||||
| CVE-2015-7670 | 1 Support Ticket System Project | 1 Support Ticket System | 2025-04-20 | N/A |
| Multiple SQL injection vulnerabilities in includes/update.php in the Support Ticket System plugin before 1.2.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) id parameter. | ||||
| CVE-2017-1002023 | 1 Daisythemes | 1 Easy Team Manager | 2025-04-20 | N/A |
| Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php | ||||
| CVE-2017-7886 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-04-20 | N/A |
| Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter. | ||||
| CVE-2017-17572 | 1 Amazon Clone Project | 1 Amazon Clone | 2025-04-20 | 9.8 Critical |
| FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari. | ||||
| CVE-2017-17620 | 1 Lawyer Search Script Project | 1 Lawyer Search Script | 2025-04-20 | N/A |
| Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city parameter. | ||||
| CVE-2017-1000060 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | 9.8 Critical |
| EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root | ||||
| CVE-2017-5569 | 1 Eclinicalworks | 1 Patient Portal | 2025-04-20 | N/A |
| An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP POST request, and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile(). | ||||
| CVE-2017-15974 | 1 Datacomponents | 1 Tpanel | 2025-04-20 | N/A |
| tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php. | ||||
| CVE-2017-14760 | 1 Eventespresso | 1 Event Espresso Lite | 2025-04-20 | N/A |
| SQL Injection exists in /includes/event-management/index.php in the event-espresso-free (aka Event Espresso Lite) plugin v3.1.37.12.L for WordPress via the recurrence_id parameter to /wp-admin/admin.php. | ||||
| CVE-2017-14846 | 1 Dasinfomedia | 1 Hospital Management System | 2025-04-20 | N/A |
| Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter. | ||||
| CVE-2016-4338 | 1 Zabbix | 1 Zabbix | 2025-04-20 | N/A |
| The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size parameter. | ||||
| CVE-2017-1000031 | 1 Cacti | 1 Cacti | 2025-04-20 | N/A |
| SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters. | ||||
| CVE-2017-2120 | 1 Wbce | 1 Wbce Cms | 2025-04-20 | N/A |
| SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2017-15378 | 1 Softwarepublico | 1 E-sic | 2025-04-20 | N/A |
| SQL Injection exists in the E-Sic 1.0 password reset parameter (aka the cpfcnpj parameter to the /reset URI). | ||||
| CVE-2017-5609 | 1 S9y | 1 Serendipity | 2025-04-20 | N/A |
| SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter. | ||||
| CVE-2016-1218 | 1 Cybozu | 1 Garoon | 2025-04-20 | N/A |
| SQL injection vulnerability in Cybozu Garoon before 4.2.2. | ||||
| CVE-2017-15967 | 1 Mailing-manager | 1 Mailing List Manager Pro | 2025-04-20 | N/A |
| Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template. | ||||
| CVE-2017-5347 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | N/A |
| SQL injection vulnerability in inc/mod/newsletter/options.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the recipient parameter to gxadmin/index.php. | ||||