CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2017(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-1002028 Sql 2017-09-14 2017-09-15
0.0
None ??? ??? ??? ??? ??? ???
Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query.
2 CVE-2017-1002022 89 Sql 2017-09-14 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query.
3 CVE-2017-1002021 89 Sql 2017-09-14 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query.
4 CVE-2017-1002020 89 Sql 2017-09-14 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query.
5 CVE-2017-1002019 89 Sql 2017-09-14 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this allows for blind SQL injection via the event parameter.
6 CVE-2017-1002018 89 Sql 2017-09-14 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this allows for blind SQL injection via the event parameter.
7 CVE-2017-1002015 Sql 2017-09-14 2017-09-14
0.0
None ??? ??? ??? ??? ??? ???
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter.
8 CVE-2017-1002014 Sql 2017-09-14 2017-09-14
0.0
None ??? ??? ??? ??? ??? ???
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter.
9 CVE-2017-1002013 Sql 2017-09-14 2017-09-14
0.0
None ??? ??? ??? ??? ??? ???
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php.
10 CVE-2017-1002010 Sql 2017-09-14 2017-09-14
0.0
None ??? ??? ??? ??? ??? ???
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete_media function.
11 CVE-2017-1002009 Sql 2017-09-14 2017-09-14
0.0
None ??? ??? ??? ??? ??? ???
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function.
12 CVE-2017-1000067 89 Sql 2017-07-17 2017-07-21
6.5
None Remote Low Single system Partial Partial Partial
MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges.
13 CVE-2017-1000060 89 Sql 2017-07-17 2017-07-19
10.0
None Remote Low Not required Complete Complete Complete
EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root
14 CVE-2017-1000031 89 Exec Code Sql 2017-07-17 2017-07-19
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters.
15 CVE-2017-1000004 89 Exec Code Sql 2017-07-17 2017-08-04
7.5
None Remote Low Not required Partial Partial Partial
ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, Glossary, Social Group Member Search, Social Friend Search, Social Group Search, File Comment, Gradebook Test Title, User Group Membership, Inbox/Sent Items, Sent Messages, Links, Photo Album, Poll, Social Application, Social Profile, Test, Content Menu, Auto-Login, and Gradebook components resulting in information disclosure, database modification, or potential code execution.
16 CVE-2017-14601 Sql 2017-09-19 2017-09-19
0.0
None ??? ??? ??? ??? ??? ???
Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure.
17 CVE-2017-14600 Sql 2017-09-19 2017-09-19
0.0
None ??? ??? ??? ??? ??? ???
Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure.
18 CVE-2017-14512 Sql 2017-09-17 2017-09-17
0.0
None ??? ??? ??? ??? ??? ???
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981.
19 CVE-2017-14508 Sql 2017-09-17 2017-09-17
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). Several areas have been identified in the Documents and Emails module that could allow an authenticated user to perform SQL injection, as demonstrated by a backslash character at the end of a bean_id to modules/Emails/DetailView.php. An attacker could exploit these vulnerabilities by sending a crafted SQL request to the affected areas. An exploit could allow the attacker to modify the SQL database. Proper SQL escaping has been added to prevent such exploits.
20 CVE-2017-14403 89 Sql 2017-09-12 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php.
21 CVE-2017-14402 89 Sql 2017-09-12 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT CREATION" section, related to lack of input validation in include/function.php.
22 CVE-2017-14401 89 Sql 2017-09-12 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT UPDATE" section.
23 CVE-2017-14396 Sql 2017-09-12 2017-09-12
0.0
None ??? ??? ??? ??? ??? ???
In osTicket 1.10, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php.
24 CVE-2017-14345 Sql 2017-09-12 2017-09-12
0.0
None ??? ??? ??? ??? ??? ???
SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php.
25 CVE-2017-14252 89 Sql 2017-09-11 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the group_id cookie to side.php.
26 CVE-2017-14247 89 Sql 2017-09-11 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue to CVE-2017-1000060.
27 CVE-2017-14242 89 Exec Code Sql 2017-09-11 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter.
28 CVE-2017-14238 89 Exec Code Sql 2017-09-11 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter.
29 CVE-2017-14145 89 Sql 2017-09-05 2017-09-06
7.5
None Remote Low Not required Partial Partial Partial
HelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\loginController.php via the admin/login/getWarningInfo/id/ PATH_INFO, related to the selectWarning function.
30 CVE-2017-14076 89 Sql 2017-08-31 2017-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action.
31 CVE-2017-14069 89 Sql 2017-08-31 2017-09-06
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php.
32 CVE-2017-13669 89 Sql 2017-08-24 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered parameter to staffbox.php.
33 CVE-2017-13137 89 Sql 2017-08-23 2017-08-26
7.5
None Remote Low Not required Partial Partial Partial
The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php.
34 CVE-2017-12981 89 Sql 2017-08-21 2017-08-25
7.5
None Remote Low Not required Partial Partial Partial
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action.
35 CVE-2017-12977 89 Sql 2017-08-20 2017-09-05
6.5
None Remote Low Single system Partial Partial Partial
The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It is exploitable by administrators via the tag_id parameter.
36 CVE-2017-12949 89 Sql CSRF 2017-08-18 2017-08-24
6.5
None Remote Low Single system Partial Partial Partial
lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF.
37 CVE-2017-12947 89 Sql 2017-08-18 2017-08-22
6.5
None Remote Low Single system Partial Partial Partial
classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in an untrash action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators.
38 CVE-2017-12946 89 Sql 2017-08-18 2017-08-22
6.5
None Remote Low Single system Partial Partial Partial
classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators.
39 CVE-2017-12910 89 Exec Code Sql 2017-08-17 2017-08-20
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter.
40 CVE-2017-12909 89 Exec Code Sql 2017-08-17 2017-08-20
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter.
41 CVE-2017-12908 89 Exec Code Sql 2017-08-17 2017-08-20
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter.
42 CVE-2017-12776 89 Exec Code Sql 2017-08-18 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter.
43 CVE-2017-12774 89 Sql 2017-08-09 2017-08-24
7.5
None Remote Low Not required Partial Partial Partial
finecms in 1.9.5\controllers\member\ContentController.php allows remote attackers to operate website database
44 CVE-2017-12731 89 Sql 2017-09-08 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
A SQL Injection issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. The application is vulnerable to injection of malicious SQL queries via the input from the client.
45 CVE-2017-12710 89 Sql +Info 2017-08-30 2017-09-05
5.0
None Remote Low Not required Partial None None
A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information.
46 CVE-2017-12679 89 Sql 2017-08-24 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php.
47 CVE-2017-12650 89 Sql 2017-08-07 2017-08-15
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header.
48 CVE-2017-12585 89 Sql 2017-08-05 2017-08-14
6.5
None Remote Low Single system Partial Partial Partial
SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. It can be exploited by remote authenticated librarian users.
49 CVE-2017-12567 89 Sql 2017-08-07 2017-08-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through 7.2.101, and K1000 as a Service 7.0 through 7.2.
50 CVE-2017-12227 89 Sql Bypass 2017-09-07 2017-09-14
5.5
None Remote Low Single system Partial Partial None
A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker could exploit this vulnerability by sending crafted URLs that include SQL statements. An exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data. Cisco Bug IDs: CSCvb58973.
Total number of vulnerabilities : 261   Page : 1 (This Page)2 3 4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.