Export limit exceeded: 18892 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18892 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-14508 | 1 Sugarcrm | 1 Sugarcrm | 2025-04-20 | N/A |
| An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). Several areas have been identified in the Documents and Emails module that could allow an authenticated user to perform SQL injection, as demonstrated by a backslash character at the end of a bean_id to modules/Emails/DetailView.php. An attacker could exploit these vulnerabilities by sending a crafted SQL request to the affected areas. An exploit could allow the attacker to modify the SQL database. Proper SQL escaping has been added to prevent such exploits. | ||||
| CVE-2017-14512 | 1 Nexusphp Project | 1 Nexusphp | 2025-04-20 | N/A |
| NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981. | ||||
| CVE-2017-14600 | 1 Pragyan Cms Project | 1 Pragyan Cms | 2025-04-20 | N/A |
| Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure. | ||||
| CVE-2017-14601 | 1 Pragyan Cms Project | 1 Pragyan Cms | 2025-04-20 | N/A |
| Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure. | ||||
| CVE-2017-2641 | 1 Moodle | 1 Moodle | 2025-04-20 | N/A |
| In Moodle 2.x and 3.x, SQL injection can occur via user preferences. | ||||
| CVE-2017-14652 | 1 Tapatalk | 1 Tapatalk | 2025-04-20 | N/A |
| SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tapatalk plugin before 4.5.8 for MyBB allows an unauthenticated remote attacker to inject arbitrary SQL commands via an XML-RPC encoded document sent as part of the user registration process. | ||||
| CVE-2015-4669 | 1 Xceedium | 1 Xsuite | 2025-04-20 | N/A |
| The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system. | ||||
| CVE-2016-8027 | 1 Mcafee | 1 Epolicy Orchestrator | 2025-04-20 | N/A |
| SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post. | ||||
| CVE-2015-4627 | 1 Pragyan Cms Project | 1 Pragyan Cms | 2025-04-20 | N/A |
| SQL injection vulnerability in Pragyan CMS 3.0. | ||||
| CVE-2017-14703 | 1 Cashbackcomparisonscript | 1 Cash Back Comparison | 2025-04-20 | N/A |
| SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to search/. | ||||
| CVE-2017-14723 | 1 Wordpress | 1 Wordpress | 2025-04-20 | N/A |
| Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks. | ||||
| CVE-2017-14738 | 1 Filerun | 1 Filerun | 2025-04-20 | N/A |
| FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function). | ||||
| CVE-2017-14743 | 1 Faleemi | 2 Fsc-880, Fsc-880 Firmware | 2025-04-20 | N/A |
| Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/device_service, as demonstrated by reading the admin password. | ||||
| CVE-2017-14757 | 1 Opentext | 1 Document Sciences Xpression | 2025-04-20 | N/A |
| OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/downloadSupportFile.action, parameter: jobRunId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first. | ||||
| CVE-2017-14758 | 1 Opentext | 1 Document Sciences Xpression | 2025-04-20 | N/A |
| OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.jsp, parameter: documentId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first. | ||||
| CVE-2017-14760 | 1 Eventespresso | 1 Event Espresso Lite | 2025-04-20 | N/A |
| SQL Injection exists in /includes/event-management/index.php in the event-espresso-free (aka Event Espresso Lite) plugin v3.1.37.12.L for WordPress via the recurrence_id parameter to /wp-admin/admin.php. | ||||
| CVE-2017-14842 | 1 Dasinfomedia | 1 Smsmaster Multipurpose Sms Gateway | 2025-04-20 | N/A |
| Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter. | ||||
| CVE-2017-14843 | 1 Dasinfomedia | 1 School Management System | 2025-04-20 | N/A |
| Mojoomla School Management System for WordPress allows SQL Injection via the id parameter. | ||||
| CVE-2017-14844 | 1 Dasinfomedia | 1 Wpgym Gym Management System | 2025-04-20 | N/A |
| Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter. | ||||
| CVE-2017-14845 | 1 Dasinfomedia | 1 Wpchurch Church Management System | 2025-04-20 | N/A |
| Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter. | ||||