Export limit exceeded: 347095 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18836 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-17916 | 1 Rubyonrails | 1 Rails | 2025-04-20 | 8.1 High |
| SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input | ||||
| CVE-2015-3933 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | N/A |
| Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php. | ||||
| CVE-2017-17917 | 1 Rubyonrails | 1 Rails | 2025-04-20 | 8.1 High |
| SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input | ||||
| CVE-2017-17919 | 1 Rubyonrails | 1 Ruby On Rails | 2025-04-20 | 8.1 High |
| SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input | ||||
| CVE-2017-17920 | 1 Rubyonrails | 1 Ruby On Rails | 2025-04-20 | N/A |
| SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input | ||||
| CVE-2017-17928 | 1 Ordermanagementscript | 1 Professional Service Script | 2025-04-20 | N/A |
| PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter. | ||||
| CVE-2017-14238 | 1 Dolibarr | 1 Dolibarr | 2025-04-20 | N/A |
| SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter. | ||||
| CVE-2017-14145 | 1 Helpdezk | 1 Helpdezk | 2025-04-20 | N/A |
| HelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\loginController.php via the admin/login/getWarningInfo/id/ PATH_INFO, related to the selectWarning function. | ||||
| CVE-2017-14125 | 1 Wpdevart | 1 Responsive Image Gallery Gallery Album | 2025-04-20 | N/A |
| SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php. | ||||
| CVE-2015-4592 | 1 Eclinicalworks | 1 Population Health | 2025-04-20 | N/A |
| eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input. | ||||
| CVE-2014-4914 | 2 Debian, Zend | 2 Debian Linux, Zend Framework | 2025-04-20 | N/A |
| The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors. | ||||
| CVE-2017-14078 | 1 Trendmicro | 1 Mobile Security | 2025-04-20 | N/A |
| SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | ||||
| CVE-2017-14069 | 1 Nexusphp | 1 Nexusphp | 2025-04-20 | N/A |
| SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php. | ||||
| CVE-2017-14076 | 1 Nexusphp | 1 Nexusphp | 2025-04-20 | N/A |
| SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action. | ||||
| CVE-2017-1356 | 1 Ibm | 1 Atlas Ediscovery Process Management | 2025-04-20 | N/A |
| IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126683. | ||||
| CVE-2017-1347 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | N/A |
| IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126462. | ||||
| CVE-2017-17931 | 1 Resume Clone Script Project | 1 Resume Clone Script | 2025-04-20 | N/A |
| PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter. | ||||
| CVE-2017-17941 | 1 Single Theater Booking Script Project | 1 Single Theater Booking Script | 2025-04-20 | N/A |
| PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter. | ||||
| CVE-2017-17950 | 1 Cells | 1 Blog | 2025-04-20 | N/A |
| Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid parameter. | ||||
| CVE-2017-17951 | 1 Php Multivendor Ecommerce Project | 1 Php Multivendor Ecommerce | 2025-04-20 | N/A |
| PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter. | ||||