Export limit exceeded: 18268 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18268 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-5570 | 1 Eclinicalworks | 1 Patient Portal | 2025-04-20 | N/A |
| An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the messageJson.jsp, which can only be exploited by authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile(). | ||||
| CVE-2017-9436 | 1 Teampass | 1 Teampass | 2025-04-20 | N/A |
| TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php. | ||||
| CVE-2017-8835 | 1 Peplink | 12 1350hw2 Firmware, 2500 Firmware, 380hw6 Firmware and 9 more | 2025-04-20 | N/A |
| SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. An attack vector is the bauth cookie to cgi-bin/MANGA/admin.cgi. One impact is enumeration of user accounts by observing whether a session ID can be retrieved from the sessions database. | ||||
| CVE-2017-2195 | 1 Multi Feed Reader Project | 1 Multi Feed Reader | 2025-04-20 | N/A |
| SQL injection vulnerability in the Multi Feed Reader prior to version 2.2.4 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2017-2241 | 2 Apple, Hammock | 2 Mac Os X, Assetview | 2025-04-20 | N/A |
| SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via "File Transfer Web Service". | ||||
| CVE-2017-9759 | 1 Zenbership | 1 Zenbership | 2025-04-20 | N/A |
| SQL Injection exists in admin/index.php in Zenbership 1.0.8 via the filters array parameter, exploitable by a privileged account. | ||||
| CVE-2017-9834 | 1 Calendarscripts | 1 Watupro | 2025-04-20 | N/A |
| SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the watupro_questions parameter in a watupro_submit action to wp-admin/admin-ajax.php. | ||||
| CVE-2017-9848 | 1 Easysitecms | 1 Easysite | 2025-04-20 | N/A |
| SQL injection vulnerability in C_InfoService.asmx in WebServices in Easysite 7.0 could allow remote attackers to execute arbitrary SQL commands via an XML document containing a crafted ArticleIDs element within a GetArticleHitsArray element. | ||||
| CVE-2017-7991 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | N/A |
| Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php. | ||||
| CVE-2017-7717 | 1 Sap | 1 Netweaver Application Server Java | 2025-04-20 | 8.8 High |
| SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504. | ||||
| CVE-2017-5519 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | N/A |
| SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2017-7681 | 1 Apache | 1 Openmeetings | 2025-04-20 | N/A |
| Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end. | ||||
| CVE-2017-5527 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2025-04-20 | N/A |
| TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks. | ||||
| CVE-2017-5574 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | N/A |
| SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows unauthenticated users to execute arbitrary SQL commands via the activation parameter. | ||||
| CVE-2017-5598 | 1 Eclinicalworks | 1 Patient Portal | 2025-04-20 | N/A |
| An issue was discovered in eClinicalWorks healow@work 8.0 build 8. This is a blind SQL injection within the EmployeePortalServlet, which can be exploited by un-authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects the EmployeePortalServlet page and the following parameter: employer. | ||||
| CVE-2017-7878 | 1 Flatcore | 1 Flatcore-cms | 2025-04-20 | N/A |
| SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database. | ||||
| CVE-2017-6013 | 1 Intelliants | 1 Subrion Cms | 2025-04-20 | N/A |
| Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter. | ||||
| CVE-2017-6698 | 1 Cisco | 1 Prime Infrastructure | 2025-04-20 | N/A |
| A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc23892 CSCvc35270 CSCvc35626 CSCvc35630 CSCvc49568. Known Affected Releases: 3.1(1) 2.0(4.0.45B). | ||||
| CVE-2017-6065 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | N/A |
| SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticated users to execute arbitrary SQL commands via the order parameter. | ||||
| CVE-2017-6578 | 1 Mail-masta Project | 1 Mail-masta | 2025-04-20 | N/A |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: subscriber_email. | ||||