Total
11922 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17920 | 1 Rubyonrails | 1 Ruby On Rails | 2024-05-17 | 6.8 MEDIUM | 8.1 HIGH |
| SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input | |||||
| CVE-2017-17916 | 1 Rubyonrails | 1 Rails | 2024-05-17 | 6.8 MEDIUM | 8.1 HIGH |
| SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input | |||||
| CVE-2016-15034 | 1 Anakeen | 1 Dynacase Webdesk | 2024-05-17 | 5.2 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in Dynacase Webdesk and classified as critical. Affected by this issue is the function freedomrss_search of the file freedomrss_search.php. The manipulation leads to sql injection. Upgrading to version 3.2-20180305 is able to address this issue. The patch is identified as 750a9b35af182950c952faf6ddfdcc50a2b25f8b. It is recommended to upgrade the affected component. VDB-233366 is the identifier assigned to this vulnerability. | |||||
| CVE-2016-15031 | 1 Php-login Project | 1 Php-login | 2024-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in PHP-Login 1.0. It has been declared as critical. This vulnerability affects the function checkLogin of the file login/scripts/class.loginscript.php of the component POST Parameter Handler. The manipulation of the argument myusername leads to sql injection. The attack can be initiated remotely. Upgrading to version 2.0 is able to address this issue. The patch is identified as 0083ec652786ddbb81335ea20da590df40035679. It is recommended to upgrade the affected component. VDB-228022 is the identifier assigned to this vulnerability. | |||||
| CVE-2016-15021 | 1 Columbia | 1 Als Data Browser | 2024-05-17 | 5.2 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in nickzren alsdb. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. Upgrading to version v2 is able to address this issue. The identifier of the patch is cbc79a68145e845f951113d184b4de207c341599. It is recommended to upgrade the affected component. The identifier VDB-218429 was assigned to this vulnerability. | |||||
| CVE-2016-15020 | 1 Liftkit Database Library Project | 1 Liftkit Database Library | 2024-05-17 | 5.2 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in liftkit database up to 2.13.1. It has been classified as critical. This affects the function processOrderBy of the file src/Query/Query.php. The manipulation leads to sql injection. Upgrading to version 2.13.2 is able to address this issue. The patch is named 42ec8f2b22e0b0b98fb5b4444ed451c1b21d125a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218391. | |||||
| CVE-2016-15018 | 1 Krail-jpa Project | 1 Krail-jpa | 2024-05-17 | 5.2 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in krail-jpa up to 0.9.1. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. Upgrading to version 0.9.2 is able to address this issue. The identifier of the patch is c1e848665492e21ef6cc9be443205e36b9a1f6be. It is recommended to upgrade the affected component. The identifier VDB-218373 was assigned to this vulnerability. | |||||
| CVE-2016-15016 | 1 Joomla Mod Einsatz Stats Project | 1 Joomla Mod Einsatz Stats | 2024-05-17 | 5.2 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in mrtnmtth joomla_mod_einsatz_stats up to 0.2. It has been classified as critical. This affects the function getStatsByType of the file helper.php. The manipulation of the argument year leads to sql injection. Upgrading to version 0.3 is able to address this issue. The identifier of the patch is 27c1b443cff45c81d9d7d926a74c76f8b6ffc6cb. It is recommended to upgrade the affected component. The identifier VDB-217653 was assigned to this vulnerability. | |||||
| CVE-2016-15013 | 1 Forumhulp | 1 Search Results | 2024-05-17 | 5.2 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in ForumHulp searchresults. It has been rated as critical. Affected by this issue is the function list_keywords of the file event/listener.php. The manipulation of the argument word leads to sql injection. The name of the patch is dd8a312bb285ad9735a8e1da58e9e955837b7322. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217628. | |||||
| CVE-2016-15012 | 1 Salesforce | 1 Mobile Software Development Kit | 2024-05-17 | 5.2 MEDIUM | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in forcedotcom SalesforceMobileSDK-Windows up to 4.x. It has been rated as critical. This issue affects the function ComputeCountSql of the file SalesforceSDK/SmartStore/Store/QuerySpec.cs. The manipulation leads to sql injection. Upgrading to version 5.0.0 is able to address this issue. The patch is named 83b3e91e0c1e84873a6d3ca3c5887eb5b4f5a3d8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217619. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2015-10126 | 1 Steven Ellis | 1 Easy2map Photos | 2024-05-17 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as critical was found in Easy2Map Photos Plugin 1.0.1 on WordPress. This vulnerability affects unknown code. The manipulation leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.1.0 is able to address this issue. The patch is identified as 503d9ee2482d27c065f78d9546f076a406189908. It is recommended to upgrade the affected component. VDB-241318 is the identifier assigned to this vulnerability. | |||||
| CVE-2015-10124 | 1 Smartfan | 1 Most Popular Posts Widget | 2024-05-17 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in Most Popular Posts Widget Plugin up to 0.8 on WordPress. It has been classified as critical. Affected is the function add_views/show_views of the file functions.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 0.9 is able to address this issue. The patch is identified as a99667d11ac8d320006909387b100e9a8b5c12e1. It is recommended to upgrade the affected component. VDB-241026 is the identifier assigned to this vulnerability. | |||||
| CVE-2015-10122 | 1 Wp Donate Project | 1 Wp Donate | 2024-05-17 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in wp-donate Plugin up to 1.4 on WordPress. It has been classified as critical. This affects an unknown part of the file includes/donate-display.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. Upgrading to version 1.5 is able to address this issue. The identifier of the patch is 019114cb788d954c5d1b36d6c62418619e93a757. It is recommended to upgrade the affected component. The identifier VDB-234249 was assigned to this vulnerability. | |||||
| CVE-2015-10111 | 1 Kibokolabs | 1 Watu Quiz | 2024-05-17 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in Watu Quiz Plugin up to 2.6.7 on WordPress. It has been rated as critical. This issue affects the function watu_exams of the file controllers/exam.php of the component Exam Handler. The manipulation of the argument quiz leads to sql injection. The attack may be initiated remotely. Upgrading to version 2.6.8 is able to address this issue. The patch is named bf42e7cfd819a3e76cf3e1465697e89f4830590c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230651. | |||||
| CVE-2015-10106 | 1 Mh Httpbl Project | 1 Mh Httpbl | 2024-05-17 | 6.5 MEDIUM | 8.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in mback2k mh_httpbl Extension up to 1.1.7 on TYPO3. This vulnerability affects the function moduleContent of the file mod1/index.php. The manipulation leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.1.8 is able to address this issue. The patch is identified as 429f50f4e4795b20dae06735b41fb94f010722bf. It is recommended to upgrade the affected component. VDB-230086 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2015-10100 | 1 Qurl | 1 Dynamic Widgets | 2024-05-17 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in Dynamic Widgets Plugin up to 1.5.10 on WordPress. This issue affects some unknown processing of the file classes/dynwid_class.php. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.5.11 is able to address this issue. The identifier of the patch is d0a19c6efcdc86d7093b369bc9e29a0629e57795. It is recommended to upgrade the affected component. The identifier VDB-225353 was assigned to this vulnerability. | |||||
| CVE-2015-10099 | 1 Codepeople | 1 Cp Appointment Calendar | 2024-05-17 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in CP Appointment Calendar Plugin up to 1.1.5 on WordPress. This affects the function dex_process_ready_to_go_appointment of the file dex_appointments.php. The manipulation of the argument itemnumber leads to sql injection. It is possible to initiate the attack remotely. The patch is named e29a9cdbcb0f37d887dd302a05b9e8bf213da01d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-225351. | |||||
| CVE-2015-10097 | 1 Grinnellplans | 1 Grinnellplans | 2024-05-17 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in grinnellplans-php up to 3.0. It has been declared as critical. Affected by this vulnerability is the function interface_disp_page/interface_disp_page of the file read.php. The manipulation leads to sql injection. The attack can be launched remotely. The identifier of the patch is 57e4409e19203a94495140ff1b5a697734d17cfb. It is recommended to apply a patch to fix this issue. The identifier VDB-223801 was assigned to this vulnerability. | |||||
| CVE-2015-10091 | 1 Bywatersolutions | 1 Bywater-koha-xslt | 2024-05-17 | 5.8 MEDIUM | 7.2 HIGH |
| A vulnerability has been found in ByWater Solutions bywater-koha-xslt and classified as critical. This vulnerability affects the function StringSearch of the file admin/systempreferences.pl. The manipulation of the argument name leads to sql injection. The attack can be initiated remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 9513b93c828dfbc4413f9e0df63647401aaf4e58. It is recommended to apply a patch to fix this issue. VDB-222322 is the identifier assigned to this vulnerability. | |||||
| CVE-2015-10086 | 1 Server-php Project | 1 Server-php | 2024-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in OpenCycleCompass server-php. Affected is an unknown function of the file api1/login.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is fa0d9bcf81c711a88172ad0d37a842f029ac3782. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221808. | |||||