Total
11922 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9360 | 1 Websitebaker | 1 Websitebaker | 2017-06-06 | 7.5 HIGH | 9.8 CRITICAL |
| WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php. | |||||
| CVE-2017-9427 | 1 Bigtreecms | 1 Bigtree Cms | 2017-06-06 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core\admin\modules\developer\modules\designer\form-create.php. The attacker creates a crafted table name at admin/developer/modules/designer/ and the injection is visible at admin/dashboard/vitals-statistics/integrity/check/?external=true. | |||||
| CVE-2017-7236 | 1 Netapp | 1 Oncommand Unified Manager Core Package | 2017-06-02 | 5.0 MEDIUM | 7.5 HIGH |
| SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-4905 | 1 Wp-olivecart | 2 Olivecart, Olivecartpro | 2017-05-30 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows attackers with administrator rights to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-6195 | 1 Ipswitch | 2 Moveit Dmz, Moveit Transfer 2017 | 2017-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017 9.0.0.201, MOVEit DMZ 8.3.0.30, and MOVEit DMZ 8.2.0.20. | |||||
| CVE-2017-5527 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2017-05-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks. | |||||
| CVE-2016-4893 | 1 Setucocms Project | 1 Setucocms | 2017-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the SetsucoCMS all versions allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-8796 | 1 Accellion | 1 File Transfer Appliance | 2017-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because mysql_real_escape_string is misused, seos/courier/communication_p2p.php allows SQL injection with the app_id parameter. | |||||
| CVE-2017-8789 | 1 Accellion | 1 File Transfer Appliance | 2017-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. A report_error.php?year='payload SQL injection vector exists. | |||||
| CVE-2017-6557 | 1 Xirrus | 1 Arrayos | 2017-05-17 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in ArrayOS before AG 9.4.0.135, when the portal bookmark function is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-8377 | 1 Genixcms | 1 Genixcms | 2017-05-10 | 6.5 MEDIUM | 8.8 HIGH |
| GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid parameter. | |||||
| CVE-2017-2120 | 1 Wbce | 1 Wbce Cms | 2017-05-03 | 6.0 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-1218 | 1 Cybozu | 1 Garoon | 2017-04-25 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in Cybozu Garoon before 4.2.2. | |||||
| CVE-2016-2566 | 1 Samsung | 2 Galaxy S6, Galaxy S6 Firmware | 2017-04-21 | 7.5 HIGH | 9.8 CRITICAL |
| Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices has SQL injection, aka SVE-2015-5081. | |||||
| CVE-2017-7879 | 1 Flatcore | 1 Flatcore-cms | 2017-04-21 | 5.0 MEDIUM | 7.5 HIGH |
| SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database. | |||||
| CVE-2017-7878 | 1 Flatcore | 1 Flatcore-cms | 2017-04-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database. | |||||
| CVE-2017-7628 | 1 Smart Related Articles Project | 1 Smart Related Articles | 2017-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability). | |||||
| CVE-2017-7719 | 1 Web-dorado | 1 Spider Event Calendar | 2017-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for WordPress is exploitable with the order_by parameter to calendar_functions.php or widget_Theme_functions.php, related to front_end/frontend_functions.php. | |||||
| CVE-2015-7564 | 1 Teampass | 1 Teampass | 2017-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php. | |||||
| CVE-2016-4337 | 1 Ktools | 1 Photostore | 2017-04-19 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore before 4.7.5 allows remote attackers to execute arbitrary SQL commands via the email parameter in a recover_login action. | |||||