CVE-2017-1000067 CVSS:6.5
MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges. (Last Update:2017-07-21) (Publish Update:2017-07-17)
CVE-2017-1000060 CVSS:10.0
EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root (Last Update:2017-07-19) (Publish Update:2017-07-17)
CVE-2017-1000031 CVSS:6.5
SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters. (Last Update:2017-07-19) (Publish Update:2017-07-17)
CVE-2017-1000004 CVSS:7.5
ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, Glossary, Social Group Member Search, Social Friend Search, Social Group Search, File Comment, Gradebook Test Title, User Group Membership, Inbox/Sent Items, Sent Messages, Links, Photo Album, Poll, Social Application, Social Profile, Test, Content Menu, Auto-Login, and Gradebook components resulting in information disclosure, database modification, or potential code execution. (Last Update:2017-08-04) (Publish Update:2017-07-17)
CVE-2017-12949 CVSS:0.0
lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF. (Last Update:2017-08-18) (Publish Update:2017-08-18)
CVE-2017-12947 CVSS:0.0
classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in an untrash action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators. (Last Update:2017-08-18) (Publish Update:2017-08-18)
CVE-2017-12946 CVSS:0.0
classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators. (Last Update:2017-08-18) (Publish Update:2017-08-18)
CVE-2017-12910 CVSS:7.5
SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter. (Last Update:2017-08-20) (Publish Update:2017-08-17)
CVE-2017-12909 CVSS:7.5
SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter. (Last Update:2017-08-20) (Publish Update:2017-08-17)
CVE-2017-12908 CVSS:7.5
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter. (Last Update:2017-08-20) (Publish Update:2017-08-17)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com