Total
11641 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-4337 | 1 Ktools | 1 Photostore | 2017-04-19 | N/A |
| SQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore before 4.7.5 allows remote attackers to execute arbitrary SQL commands via the email parameter in a recover_login action. | ||||
| CVE-2017-7581 | 1 News System Project | 1 News System | 2017-04-13 | N/A |
| SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed. | ||||
| CVE-2016-10096 | 1 Genixcms | 1 Genixcms | 2017-04-11 | N/A |
| SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter. | ||||
| CVE-2016-9087 | 1 Exponentcms | 1 Exponent Cms | 2017-04-04 | N/A |
| SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter. | ||||
| CVE-2016-9020 | 1 Exponentcms | 1 Exponent Cms | 2017-04-04 | N/A |
| SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. | ||||
| CVE-2017-7290 | 1 Xoops | 1 Xoops | 2017-04-03 | N/A |
| SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An example attack uses "into outfile" to create a backdoor program. | ||||
| CVE-2016-9019 | 1 Exponentcms | 1 Exponent Cms | 2017-04-01 | N/A |
| SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter. | ||||
| CVE-2016-7789 | 1 Exponentcms | 1 Exponent Cms | 2017-04-01 | N/A |
| SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the apikey parameter. | ||||
| CVE-2016-7788 | 1 Exponentcms | 1 Exponent Cms | 2017-04-01 | N/A |
| SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2016-7783 | 1 Exponentcms | 1 Exponent Cms | 2017-03-31 | N/A |
| SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. | ||||
| CVE-2016-7782 | 1 Exponentcms | 1 Exponent Cms | 2017-03-31 | N/A |
| SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter. | ||||
| CVE-2016-7781 | 1 Exponentcms | 1 Exponent Cms | 2017-03-31 | N/A |
| SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the author parameter. | ||||
| CVE-2016-7780 | 1 Exponentcms | 1 Exponent Cms | 2017-03-31 | N/A |
| SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. | ||||
| CVE-2015-1000003 | 1 Filedownload Project | 1 Filedownload | 2017-03-29 | N/A |
| Blind SQL Injection in filedownload v1.4 wordpress plugin | ||||
| CVE-2010-1925 | 1 Rifat Kurban | 1 Tekno.portal | 2017-03-27 | N/A |
| SQL injection vulnerability in makale.php in tekno.Portal 0.1b allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-2817. | ||||
| CVE-2017-6492 | 1 Admidio | 1 Admidio | 2017-03-25 | N/A |
| SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. The POST parameter dat_cat_id is concatenated into a SQL query without any input validation/sanitization. | ||||
| CVE-2017-3899 | 1 Mcafee | 1 Advanced Threat Defense | 2017-03-23 | N/A |
| SQL injection vulnerability in Intel Security Advanced Threat Defense (ATD) Linux 3.6.0 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request parameter. | ||||
| CVE-2017-6550 | 1 Kinsey | 1 Infor-lawson | 2017-03-23 | N/A |
| Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute arbitrary SQL commands via the (1) TABLE parameter to esbus/servlet/GetSQLData or (2) QUERY parameter to KK_LS9ReportingPortal/GetData. | ||||
| CVE-2016-9728 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2017-03-08 | N/A |
| IBM Qradar 7.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM Reference #: 1999543. | ||||
| CVE-2016-10204 | 1 Zoneminder | 1 Zoneminder | 2017-03-07 | N/A |
| SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php. | ||||