ReportizFlow
Filtered by vendor
Subscriptions
Total
18779 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-17950 | 1 Cells | 1 Blog | 2025-04-20 | N/A |
| Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid parameter. | ||||
| CVE-2017-17951 | 1 Php Multivendor Ecommerce Project | 1 Php Multivendor Ecommerce | 2025-04-20 | N/A |
| PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter. | ||||
| CVE-2017-12977 | 1 10web | 1 Photo Gallery | 2025-04-20 | N/A |
| The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It is exploitable by administrators via the tag_id parameter. | ||||
| CVE-2017-17959 | 1 Php Multivendor Ecommerce Project | 1 Php Multivendor Ecommerce | 2025-04-20 | N/A |
| PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter. | ||||
| CVE-2017-17575 | 1 Groupon Clone Project | 1 Groupon Clone | 2025-04-20 | 9.8 Critical |
| FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter. | ||||
| CVE-2017-17577 | 1 Trademe Clone Project | 1 Trademe Clone | 2025-04-20 | 9.8 Critical |
| FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter. | ||||
| CVE-2017-9427 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | N/A |
| SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core\admin\modules\developer\modules\designer\form-create.php. The attacker creates a crafted table name at admin/developer/modules/designer/ and the injection is visible at admin/dashboard/vitals-statistics/integrity/check/?external=true. | ||||
| CVE-2017-9429 | 1 Event List Project | 1 Event List | 2025-04-20 | N/A |
| SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the id parameter to wp-admin/admin.php. | ||||
| CVE-2017-6698 | 1 Cisco | 1 Prime Infrastructure | 2025-04-20 | N/A |
| A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc23892 CSCvc35270 CSCvc35626 CSCvc35630 CSCvc49568. Known Affected Releases: 3.1(1) 2.0(4.0.45B). | ||||
| CVE-2017-12908 | 1 Nexusphp Project | 1 Nexusphp | 2025-04-20 | N/A |
| SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter. | ||||
| CVE-2017-5570 | 1 Eclinicalworks | 1 Patient Portal | 2025-04-20 | N/A |
| An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the messageJson.jsp, which can only be exploited by authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile(). | ||||
| CVE-2017-7878 | 1 Flatcore | 1 Flatcore-cms | 2025-04-20 | N/A |
| SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database. | ||||
| CVE-2017-7879 | 1 Flatcore | 1 Flatcore-cms | 2025-04-20 | N/A |
| SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database. | ||||
| CVE-2017-9449 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | N/A |
| SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. The attacker creates a crafted table name at admin/developer/modules/views/create/ and the injection is visible at admin/ajax/auto-modules/views/searchable-page/ or admin/modules_name. | ||||
| CVE-2017-12650 | 1 Loginizer | 1 Loginizer | 2025-04-20 | N/A |
| SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header. | ||||
| CVE-2017-17579 | 1 Freelancer Clone Project | 1 Freelancer Clone | 2025-04-20 | 9.8 Critical |
| FS Freelancer Clone 1.0 has SQL Injection via the profile.php u parameter. | ||||
| CVE-2017-9463 | 1 Piwigo | 1 Piwigo | 2025-04-20 | N/A |
| The application Piwigo is affected by a SQL injection vulnerability in version 2.9.0 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The user_list_backend.php component is affected: values of the iDisplayStart & iDisplayLength parameters are not sanitized; these are used to construct a SQL query and retrieve a list of registered users into the application. | ||||
| CVE-2017-17581 | 1 Quibids Clone Project | 1 Quibids Clone | 2025-04-20 | 9.8 Critical |
| FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter. | ||||
| CVE-2017-17583 | 1 Shutterstock Clone Project | 1 Shutterstock Clone | 2025-04-20 | 9.8 Critical |
| FS Shutterstock Clone 1.0 has SQL Injection via the /Category keywords parameter. | ||||
| CVE-2017-17585 | 1 Monster Clone Project | 1 Monster Clone | 2025-04-20 | 9.8 Critical |
| FS Monster Clone 1.0 has SQL Injection via the Employer_Details.php id parameter. | ||||