Critical
CVE-2017-17892
Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter.
Tag: SQL Injection
All CVEs associated with "SQL Injection". Page 118/175 • 20883 CVEs.
Subscribe CVEs: RSS for “SQL Injection” · RSS (High+Critical only)
About “SQL Injection”
A curated feed of “SQL Injection”-related CVEs appears below. We currently track 20883 CVEs for this tag (all time). In the last 365 days, 4069 were published. Average CVSS is 7.7 (all time; 7.3 over 365d), and 76% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE-20 - Improper Input Validation.
In our taxonomy this topic maps to a HIGH impact class. Common exploitation patterns for this weakness can lead to high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2017-12-27
Critical
CVE-2017-17875
The JEXTN FAQ Pro extension 4.0.0 for Joomla! has SQL Injection via the id parameter in a view=category action.
Critical
CVE-2017-17873
Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI.
Critical
CVE-2017-17872
The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection via the id parameter in a view=category action.
Critical
CVE-2017-17871
The "JEXTN Question And Answer" extension 3.1.0 for Joomla! has SQL Injection via the an parameter in a view=tags action, or the ques-srch parameter.
Critical
CVE-2017-17870
The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the appid parameter in an entriessearch action.
2017-12-21
Medium
CVE-2017-0304
A SQL injection vulnerability exists in the BIG-IP AFM management UI on versions 12.0.0, 12.1.0, 12.1.1, 12.1.2 and 13.0.0 that may allow a copy of the firewall rules to be tampered with and impact t…
High
CVE-2017-17829
Bus Booking Script has SQL Injection via the admin/view_seatseller.php sp_id parameter or the admin/view_member.php memid parameter.
Medium
CVE-2017-17824
The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the…
Medium
CVE-2017-17823
The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a conne…
Medium
CVE-2017-17822
The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MyS…
2017-12-20
Critical
CVE-2012-2576
SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote at…
Medium
CVE-2017-16735
A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log.
Medium
CVE-2017-16733
A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information…
High
CVE-2017-1757
IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in…
Critical
CVE-2017-17779
Paid To Read Script 2.0.5 has SQL injection via the referrals.php id parameter.
2017-12-19
Critical
CVE-2017-15875
SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter.
2017-12-18
Critical
CVE-2017-17721
CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorde…
Critical
CVE-2017-17651
Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter.
Critical
CVE-2017-17645
Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php.
Critical
CVE-2017-17643
FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tutorial/.
Critical
CVE-2017-17731
DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.
Critical
CVE-2017-17730
DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php.
2017-12-16
Critical
CVE-2017-17713
Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter,…
2017-12-15
High
CVE-2017-17695
Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter.
2017-12-13
Critical
CVE-2017-17648
Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter.
Critical
CVE-2017-17642
Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job.
Critical
CVE-2017-17641
Resume Clone Script 2.0.5 has SQL Injection via the preview.php id parameter.
Critical
CVE-2017-17640
Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter.
Critical
CVE-2017-17639
Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter.
Critical
CVE-2017-17638
Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php state_id parameter.
Critical
CVE-2017-17637
Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter.
Critical
CVE-2017-17636
MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter.
Critical
CVE-2017-17635
MLM Forex Market Plan Script 2.0.4 has SQL Injection via the news_detail.php newid parameter or the event_detail.php eventid parameter.
Critical
CVE-2017-17634
Single Theater Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.
Critical
CVE-2017-17633
Multiplex Movie Theater Booking Script 3.1.5 has SQL Injection via the trailer-detail.php moid parameter, show-time.php moid parameter, or event-detail.php eid parameter.
Critical
CVE-2017-17632
Responsive Events And Movie Ticket Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.
Critical
CVE-2017-17631
Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the success-story.php succid parameter.
Critical
CVE-2017-17630
Yoga Class Script 1.0 has SQL Injection via the /list city parameter.
Critical
CVE-2017-17629
Secure E-commerce Script 2.0.1 has SQL Injection via the category.php searchmain or searchcat parameter, or the single_detail.php sid parameter.
Critical
CVE-2017-17628
Responsive Realestate Script 3.2 has SQL Injection via the property-list tbud parameter.
Critical
CVE-2017-17627
Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter.
Critical
CVE-2017-17626
Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter.
Critical
CVE-2017-17625
Professional Service Script 1.0 has SQL Injection via the service-list city parameter.
Critical
CVE-2017-17624
PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1 parameter.
Critical
CVE-2017-17623
Opensource Classified Ads Script 3.2 has SQL Injection via the advance_result.php keyword parameter.
Critical
CVE-2017-17622
Online Exam Test Application Script 1.6 has SQL Injection via the exams.php sort parameter.
Critical
CVE-2017-17621
Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI.
Critical
CVE-2017-17620
Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city parameter.
Critical
CVE-2017-17619
Laundry Booking Script 1.0 has SQL Injection via the /list city parameter.
Critical
CVE-2017-17618
Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter.
Critical
CVE-2017-17617
Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php q parameter.
Critical
CVE-2017-17616
Event Search Script 1.0 has SQL Injection via the /event-list city parameter.
High
CVE-2017-17615
Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter.
Critical
CVE-2017-17614
Food Order Script 1.0 has SQL Injection via the /list city parameter.
Critical
CVE-2017-17613
Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php pr_id parameter or the searchbycat_list.php catid parameter.
Critical
CVE-2017-17612
Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter.
Critical
CVE-2017-17611
Doctor Search Script 1.0 has SQL Injection via the /list city parameter.
Critical
CVE-2017-17610
E-commerce MLM Software 1.0 has SQL Injection via the service_detail.php pid parameter, event_detail.php eventid parameter, or news_detail.php newid parameter.
Critical
CVE-2017-17609
Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter.
Critical
CVE-2017-17608
Child Care Script 1.0 has SQL Injection via the /list city parameter.
Critical
CVE-2017-17607
CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail.
Critical
CVE-2017-17606
Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter.
Critical
CVE-2017-17605
Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter.
Critical
CVE-2017-17604
Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the booker_details.php sourcebus parameter.
Critical
CVE-2017-17603
Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter.
Critical
CVE-2017-17602
Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter.
Critical
CVE-2017-17601
Cab Booking Script 1.0 has SQL Injection via the /service-list city parameter.
Critical
CVE-2017-17600
Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter.
Critical
CVE-2017-17599
Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter.
Critical
CVE-2017-17598
Affiliate MLM Script 1.0 has SQL Injection via the product-category.php key parameter.
Critical
CVE-2017-17597
Nearbuy Clone Script 3.2 has SQL Injection via the category_list.php search parameter.
Critical
CVE-2017-17596
Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter.
Critical
CVE-2017-17595
Beauty Parlour Booking Script 1.0 has SQL Injection via the /list gender or city parameter.
Critical
CVE-2017-17594
DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter.
Critical
CVE-2017-17592
Website Auction Marketplace 2.0.5 has SQL Injection via the search.php cat_id parameter.
Critical
CVE-2017-17591
Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter.
Critical
CVE-2017-17590
FS Stackoverflow Clone 1.0 has SQL Injection via the /question keywords parameter.
Critical
CVE-2017-17589
FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter.
Critical
CVE-2017-17588
FS IMDB Clone 1.0 has SQL Injection via the movie.php f parameter, tvshow.php s parameter, or show_misc_video.php id parameter.
Critical
CVE-2017-17587
FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token parameter, buyleads-details.php id parameter, or company/index.php c parameter.
Critical
CVE-2017-17586
FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter or the message.php pid parameter.
Critical
CVE-2017-17585
FS Monster Clone 1.0 has SQL Injection via the Employer_Details.php id parameter.
Critical
CVE-2017-17584
FS Makemytrip Clone 1.0 has SQL Injection via the show-flight-result.php fl_orig or fl_dest parameter.
Critical
CVE-2017-17583
FS Shutterstock Clone 1.0 has SQL Injection via the /Category keywords parameter.
Critical
CVE-2017-17582
FS Grubhub Clone 1.0 has SQL Injection via the /food keywords parameter.
Critical
CVE-2017-17581
FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter.
Critical
CVE-2017-17580
FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter.
Critical
CVE-2017-17579
FS Freelancer Clone 1.0 has SQL Injection via the profile.php u parameter.
Critical
CVE-2017-17578
FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter.
Critical
CVE-2017-17577
FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter.
Critical
CVE-2017-17576
FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter.
Critical
CVE-2017-17575
FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter.
Critical
CVE-2017-17574
FS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or jobFrequency parameter.
Critical
CVE-2017-17573
FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, or the search.php category_id or sub_category_id parameter.
Critical
CVE-2017-17572
FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari.
Critical
CVE-2017-17571
FS Foodpanda Clone 1.0 has SQL Injection via the /food keywords parameter.
Critical
CVE-2017-17570
FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php fl_orig or fl_dest parameter.
High
CVE-2017-17567
Scubez Posty Readymade Classifieds has SQL Injection via the admin/user_activate_submit.php ID parameter.
2017-12-11
High
CVE-2017-1606
IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allo…
2017-12-07
High
CVE-2017-1356
IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or del…
2017-12-04
High
CVE-2017-17103
Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via $_POST[name] or $_POST[email]. This vulnerability can lead to escalation from normal user privileges to administrator privileges.
High
CVE-2017-17102
Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST['link'].
2017-12-01
Medium
CVE-2017-16893
The application Piwigo is affected by an SQL injection vulnerability in version 2.9.2 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context…
Critical
CVE-2017-10899
SQL injection vulnerability in the A-Reserve and A-Reserve for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors.
Critical
CVE-2017-10898
SQL injection vulnerability in the A-Member and A-Member for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors.
2017-11-30
Medium
CVE-2017-12364
A SQL Injection vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthorized Structured Query Language (SQL) queries. The…
2017-11-27
Medium
CVE-2017-16961
A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application…
High
CVE-2017-16955
SQL injection vulnerability in the InLinks plugin through 1.1 for WordPress allows authenticated users to execute arbitrary SQL commands via the "keyword" parameter to /wp-admin/options-general.php?p…
2017-11-22
High
CVE-2017-8198
FusionSphere V100R006C00SPC102(NFV) has an SQL injection vulnerability. An authenticated, remote attacker could craft interface messages carrying malicious SQL statements and send them to a target de…
2017-11-21
Critical
CVE-2015-3934
Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/app_article/controller/rating.php or (2) user pa…
2017-11-20
Critical
CVE-2017-16896
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter.
2017-11-17
High
CVE-2017-1000129
Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure
2017-11-16
Critical
CVE-2017-16851
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter.
Critical
CVE-2017-16850
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action.
Critical
CVE-2017-16849
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter.
Critical
CVE-2017-16848
Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter.
Critical
CVE-2017-16847
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action.
Critical
CVE-2017-16846
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter.
Medium
CVE-2017-12302
A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL…