Total
11922 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2277 | 1 Portail Web Php | 1 Portail Web Php | 2017-07-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mod_search/index.php in PortailPHP 0.99 allows remote attackers to execute arbitrary SQL commands via the (1) $rech, (2) $BD_Tab_docs, (3) $BD_Tab_file, (4) $BD_Tab_liens, (5) $BD_Tab_faq, or (6) $chemin variables. | |||||
| CVE-2002-2252 | 1 Atthat.com | 1 Thatware | 2017-07-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in auth.inc.php in Thatware 0.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via a base64-encoded user parameter. | |||||
| CVE-2017-11324 | 1 Tilde Cms Project | 1 Tilde Cms | 2017-07-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Tilde CMS 1.0.1. Due to missing escaping of the backtick character, a SELECT query in class.SystemAction.php is vulnerable to SQL Injection. The vulnerability can be triggered via a POST request to /actionphp/action.input.php with the id parameter. | |||||
| CVE-2017-2241 | 2 Apple, Hammock | 2 Mac Os X, Assetview | 2017-07-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via "File Transfer Web Service". | |||||
| CVE-2016-9481 | 1 Exponentcms | 1 Exponent Cms | 2017-07-28 | 7.5 HIGH | 9.8 CRITICAL |
| In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter '$this->params['content_id']' used directly in SQL. Impact is a SQL injection. | |||||
| CVE-2016-9288 | 1 Exponentcms | 1 Exponent Cms | 2017-07-28 | 7.5 HIGH | 9.8 CRITICAL |
| In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injection. The payload can be used like this: /navigation/DragnDropReRank/target/1. | |||||
| CVE-2016-9283 | 1 Exponentcms | 1 Exponent Cms | 2017-07-28 | 5.0 MEDIUM | 7.5 HIGH |
| SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a "sef URL" issue. | |||||
| CVE-2016-9282 | 1 Exponentcms | 1 Exponent Cms | 2017-07-28 | 5.0 MEDIUM | 7.5 HIGH |
| SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_string parameter. | |||||
| CVE-2016-7784 | 1 Exponentcms | 1 Exponent Cms | 2017-07-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter. | |||||
| CVE-2017-11583 | 1 Finecms | 1 Finecms | 2017-07-27 | 7.5 HIGH | 9.8 CRITICAL |
| dayrui FineCms 5.0.9 has SQL Injection via the catid parameter in an action=related request to libraries/Template.php. | |||||
| CVE-2017-11582 | 1 Finecms | 1 Finecms | 2017-07-27 | 7.5 HIGH | 9.8 CRITICAL |
| dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an action=related or action=tags request to libraries/Template.php. | |||||
| CVE-2017-11584 | 1 Finecms | 1 Finecms | 2017-07-27 | 7.5 HIGH | 9.8 CRITICAL |
| dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an action=module, action=member, action=form, or action=related request to libraries/Template.php. | |||||
| CVE-2017-11174 | 1 Xoops | 1 Xoops | 2017-07-27 | 7.5 HIGH | 9.8 CRITICAL |
| In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses. | |||||
| CVE-2017-11329 | 1 Glpi-project | 1 Glpi | 2017-07-26 | 7.5 HIGH | 9.8 CRITICAL |
| GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php request with an entity_restrict parameter that is not a list of integers. | |||||
| CVE-2017-3835 | 1 Cisco | 1 Identity Services Engine Software | 2017-07-25 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. More Information: CSCvb15627. Known Affected Releases: 1.4(0.908). | |||||
| CVE-2017-11471 | 1 Idera | 1 Uptime Infrastructure Monitor | 2017-07-24 | 7.5 HIGH | 9.8 CRITICAL |
| IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter. | |||||
| CVE-2017-11470 | 1 Idera | 1 Uptime Infrastructure Monitor | 2017-07-24 | 7.5 HIGH | 9.8 CRITICAL |
| IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php via the element parameter. | |||||
| CVE-2017-1000067 | 1 Modx | 1 Revolution | 2017-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges. | |||||
| CVE-2017-11474 | 1 Glpi-project | 1 Glpi | 2017-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computer_softwareversion.class.php, exploitable via ajax/common.tabs.php. | |||||
| CVE-2017-11354 | 1 Fiyo | 1 Fiyo Cms | 2017-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| Fiyo CMS v2.0.7 has an SQL injection vulnerability in dapur/apps/app_article/sys_article.php via the name parameter in editing or adding a tag name. | |||||