CVE-2017-9848 CVSS:0.0
SQL injection vulnerability in C_InfoService.asmx in WebServices in Easysite 7.0 could allow remote attackers to execute arbitrary SQL commands via an XML document containing a crafted ArticleIDs element within a GetArticleHitsArray element. (Last Update:2017-06-24) (Publish Update:2017-06-24)
CVE-2017-9759 CVSS:6.5
SQL Injection exists in admin/index.php in Zenbership 1.0.8 via the filters array parameter, exploitable by a privileged account. (Last Update:2017-06-22) (Publish Update:2017-06-19)
CVE-2017-9730 CVSS:7.5
SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the "r" parameter. (Last Update:2017-06-23) (Publish Update:2017-06-19)
CVE-2017-9603 CVSS:6.5
SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress allows authenticated users to execute arbitrary SQL commands via the jobid parameter to wp-admin/edit.php. (Last Update:2017-06-20) (Publish Update:2017-06-13)
CVE-2017-9463 CVSS:4.0
The application Piwigo is affected by a SQL injection vulnerability in version 2.9.0 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The user_list_backend.php component is affected: values of the iDisplayStart & iDisplayLength parameters are not sanitized; these are used to construct a SQL query and retrieve a list of registered users into the application. (Last Update:2017-06-19) (Publish Update:2017-06-14)
CVE-2017-9449 CVSS:6.5
SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. The attacker creates a crafted table name at admin/developer/modules/views/create/ and the injection is visible at admin/ajax/auto-modules/views/searchable-page/ or admin/modules_name. (Last Update:2017-06-12) (Publish Update:2017-06-06)
CVE-2017-9443 CVSS:6.5
** DISPUTED ** BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and core\admin\modules\developer\packages\install\process.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files." (Last Update:2017-06-09) (Publish Update:2017-06-05)
CVE-2017-9437 CVSS:6.5
Openbravo Business Suite 3.0 is affected by SQL injection. This vulnerability could allow remote authenticated attackers to inject arbitrary SQL code. (Last Update:2017-06-13) (Publish Update:2017-06-05)
CVE-2017-9436 CVSS:7.5
TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php. (Last Update:2017-06-13) (Publish Update:2017-06-05)
CVE-2017-9435 CVSS:7.5
Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters). (Last Update:2017-06-08) (Publish Update:2017-06-05)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com