Total
15164 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-0914 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclosure of all data in a GitLab instance's database. | ||||
| CVE-2016-9488 | 1 Manageengine | 1 Applications Manager | 2024-11-21 | N/A |
| ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users' password hashes, which are MD5 hashes without salt, and, depending on the database type and its configuration, could also execute operating system commands using SQL queries. | ||||
| CVE-2016-9048 | 1 Processmaker | 1 Processmaker | 2024-11-21 | 7.4 High |
| Multiple exploitable SQL Injection vulnerabilities exists in ProcessMaker Enterprise Core 3.0.1.7-community. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain setups access the underlying operating system. | ||||
| CVE-2016-8898 | 1 Exponentcms | 1 Exponent Cms | 2024-11-21 | N/A |
| Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php. | ||||
| CVE-2016-8897 | 1 Exponentcms | 1 Exponent Cms | 2024-11-21 | N/A |
| Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php. | ||||
| CVE-2016-8640 | 1 Pycsw | 1 Pycsw | 2024-11-21 | N/A |
| A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL (at least) it is possible to perform updates/inserts/deletes and database modifications to any table the database user has access to. | ||||
| CVE-2016-6566 | 1 Sungardas | 1 Etrakit3 | 2024-11-21 | N/A |
| The valueAsString parameter inside the JSON payload contained by the ucLogin_txtLoginId_ClientStat POST parameter of the Sungard eTRAKiT3 software version 3.2.1.17 is not properly validated. An unauthenticated remote attacker may be able to modify the POST request and insert a SQL query which may then be executed by the backend server. eTRAKiT 3.2.1.17 was tested, but other versions may also be vulnerable. | ||||
| CVE-2016-20018 | 1 Knexjs | 1 Knex | 2024-11-21 | 7.5 High |
| Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query. | ||||
| CVE-2016-15034 | 1 Anakeen | 1 Dynacase Webdesk | 2024-11-21 | 5.5 Medium |
| A vulnerability was found in Dynacase Webdesk and classified as critical. Affected by this issue is the function freedomrss_search of the file freedomrss_search.php. The manipulation leads to sql injection. Upgrading to version 3.2-20180305 is able to address this issue. The patch is identified as 750a9b35af182950c952faf6ddfdcc50a2b25f8b. It is recommended to upgrade the affected component. VDB-233366 is the identifier assigned to this vulnerability. | ||||
| CVE-2016-15031 | 1 Php-login Project | 1 Php-login | 2024-11-21 | 7.3 High |
| A vulnerability was found in PHP-Login 1.0. It has been declared as critical. This vulnerability affects the function checkLogin of the file login/scripts/class.loginscript.php of the component POST Parameter Handler. The manipulation of the argument myusername leads to sql injection. The attack can be initiated remotely. Upgrading to version 2.0 is able to address this issue. The patch is identified as 0083ec652786ddbb81335ea20da590df40035679. It is recommended to upgrade the affected component. VDB-228022 is the identifier assigned to this vulnerability. | ||||
| CVE-2016-15020 | 1 Liftkit Database Library Project | 1 Liftkit Database Library | 2024-11-21 | 5.5 Medium |
| A vulnerability was found in liftkit database up to 2.13.1. It has been classified as critical. This affects the function processOrderBy of the file src/Query/Query.php. The manipulation leads to sql injection. Upgrading to version 2.13.2 is able to address this issue. The patch is named 42ec8f2b22e0b0b98fb5b4444ed451c1b21d125a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218391. | ||||
| CVE-2016-15018 | 1 Krail-jpa Project | 1 Krail-jpa | 2024-11-21 | 5.5 Medium |
| A vulnerability was found in krail-jpa up to 0.9.1. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. Upgrading to version 0.9.2 is able to address this issue. The identifier of the patch is c1e848665492e21ef6cc9be443205e36b9a1f6be. It is recommended to upgrade the affected component. The identifier VDB-218373 was assigned to this vulnerability. | ||||
| CVE-2016-15016 | 1 Joomla Mod Einsatz Stats Project | 1 Joomla Mod Einsatz Stats | 2024-11-21 | 5.5 Medium |
| A vulnerability was found in mrtnmtth joomla_mod_einsatz_stats up to 0.2. It has been classified as critical. This affects the function getStatsByType of the file helper.php. The manipulation of the argument year leads to sql injection. Upgrading to version 0.3 is able to address this issue. The identifier of the patch is 27c1b443cff45c81d9d7d926a74c76f8b6ffc6cb. It is recommended to upgrade the affected component. The identifier VDB-217653 was assigned to this vulnerability. | ||||
| CVE-2016-11024 | 1 Odata4j Project | 1 Odata4j | 2024-11-21 | 9.8 Critical |
| odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: this product is apparently discontinued. | ||||
| CVE-2016-11023 | 1 Odata4j Project | 1 Odata4j | 2024-11-21 | 9.8 Critical |
| odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE: this product is apparently discontinued. | ||||
| CVE-2016-11018 | 1 Huge-it | 1 Image Gallery | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php. The affected function is huge_it_image_gallery_ajax_callback(). | ||||
| CVE-2016-11000 | 1 Smackcoders | 1 Ultimate Exporter | 2024-11-21 | 9.8 Critical |
| The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter. | ||||
| CVE-2016-10951 | 1 Firestormplugins | 1 Fs-shopping-cart | 2024-11-21 | 7.2 High |
| The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter. | ||||
| CVE-2016-10950 | 1 Sirv | 1 Sirv | 2024-11-21 | 8.8 High |
| The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter. | ||||
| CVE-2016-10949 | 1 Relevanssi | 1 Relevanssi | 2024-11-21 | 8.8 High |
| The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization. | ||||