CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2017(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-14076 89 Sql 2017-08-31 2017-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action.
2 CVE-2017-14069 89 Sql 2017-08-31 2017-09-06
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php.
3 CVE-2017-13669 89 Sql 2017-08-24 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered parameter to staffbox.php.
4 CVE-2017-13137 89 Sql 2017-08-23 2017-08-26
7.5
None Remote Low Not required Partial Partial Partial
The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php.
5 CVE-2017-12981 89 Sql 2017-08-21 2017-08-25
7.5
None Remote Low Not required Partial Partial Partial
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action.
6 CVE-2017-12977 89 Sql 2017-08-20 2019-07-08
6.5
None Remote Low Single system Partial Partial Partial
The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It is exploitable by administrators via the tag_id parameter.
7 CVE-2017-12949 89 Sql CSRF 2017-08-18 2017-08-24
6.5
None Remote Low Single system Partial Partial Partial
lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF.
8 CVE-2017-12947 89 Sql 2017-08-18 2017-08-22
6.5
None Remote Low Single system Partial Partial Partial
classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in an untrash action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators.
9 CVE-2017-12946 89 Sql 2017-08-18 2017-08-22
6.5
None Remote Low Single system Partial Partial Partial
classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators.
10 CVE-2017-12910 89 Exec Code Sql 2017-08-17 2017-08-20
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter.
11 CVE-2017-12909 89 Exec Code Sql 2017-08-17 2017-08-20
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter.
12 CVE-2017-12908 89 Exec Code Sql 2017-08-17 2017-08-20
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter.
13 CVE-2017-12776 89 Exec Code Sql 2017-08-18 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter.
14 CVE-2017-12774 89 Sql 2017-08-09 2017-08-24
7.5
None Remote Low Not required Partial Partial Partial
finecms in 1.9.5\controllers\member\ContentController.php allows remote attackers to operate website database
15 CVE-2017-12710 89 Sql +Info 2017-08-30 2017-11-09
5.0
None Remote Low Not required Partial None None
A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information.
16 CVE-2017-12679 89 Sql 2017-08-24 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php.
17 CVE-2017-12650 89 Sql 2017-08-07 2017-08-15
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header.
18 CVE-2017-12585 89 Sql 2017-08-05 2017-08-14
6.5
None Remote Low Single system Partial Partial Partial
SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. It can be exploited by remote authenticated librarian users.
19 CVE-2017-12567 89 Sql 2017-08-07 2017-08-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through 7.2.101, and K1000 as a Service 7.0 through 7.2.
20 CVE-2017-12199 89 Sql 2017-08-02 2017-08-03
7.5
None Remote Low Not required Partial Partial Partial
The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogue_update_order list-item, video_update_order video-item, image_update_order list-item, tag_group_update_order list_item, category_products_update_order category-product-item, custom_fields_update_order field-item, categories_update_order category-item, subcategories_update_order subcategory-item, and tags_update_order tag-list-item.
21 CVE-2017-11494 89 Exec Code Sql 2017-08-02 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a login action.
22 CVE-2017-11388 89 Exec Code Sql 2017-08-02 2017-08-05
6.5
None Remote Low Single system Partial Partial Partial
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUtility.NET.dll doesn't properly validate user provided strings before constructing SQL queries. Formerly ZDI-CAN-4639 and ZDI-CAN-4638.
23 CVE-2017-11386 89 Exec Code Sql 2017-08-02 2017-08-05
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x4707 due to lack of proper user input validation in cmdHandlerNewReportScheduler.dll. Formerly ZDI-CAN-4549.
24 CVE-2017-11385 89 Exec Code Sql 2017-08-02 2017-08-05
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. Formerly ZDI-CAN-4545.
25 CVE-2017-11384 89 Exec Code Sql 2017-08-02 2017-08-07
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll. Formerly ZDI-CAN-4561.
26 CVE-2017-11383 89 Exec Code Sql 2017-08-02 2017-08-07
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Formerly ZDI-CAN-4560.
27 CVE-2017-10842 89 Exec Code Sql 2017-08-28 2017-08-30
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
28 CVE-2017-10839 89 Exec Code Sql 2017-08-28 2017-09-01
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the SEO Panel prior to version 3.11.0 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
29 CVE-2017-10816 89 Exec Code Sql 2017-08-04 2017-08-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to execute arbitrary SQL commands via Relay Service Server.
30 CVE-2017-6757 89 Sql Bypass 2017-08-07 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
A vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5), 11.0(1.10000.10), and 11.5(1.10000.6) could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker could exploit this vulnerability by sending crafted URLs that include SQL statements. An exploit could allow the attacker to modify or delete entries in some database tables, affecting the integrity of the data. Cisco Bug IDs: CSCve13786.
31 CVE-2017-6754 89 Sql 2017-08-07 2019-10-09
4.0
None Remote Low Single system Partial None None
A vulnerability in the web-based management interface of the Cisco Smart Net Total Care (SNTC) Software Collector Appliance 3.11 could allow an authenticated, remote attacker to perform a read-only, blind SQL injection attack, which could allow the attacker to compromise the confidentiality of the system through SQL timing attacks. The vulnerability is due to insufficient input validation of certain user-supplied fields that are subsequently used by the affected software to build SQL queries. An attacker could exploit this vulnerability by submitting crafted URLs, which are designed to exploit the vulnerability, to the affected software. To execute an attack successfully, the attacker would need to submit a number of requests to the affected software. A successful exploit could allow the attacker to determine the presence of values in the SQL database of the affected software. Cisco Bug IDs: CSCvf07617.
32 CVE-2017-1174 89 Sql 2017-08-10 2017-08-20
6.5
None Remote Low Single system Partial Partial Partial
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123296.
33 CVE-2016-10509 89 Exec Code Sql 2017-08-31 2017-09-06
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the updateAmazonOrderTracking function in upload/admin/model/openbay/amazon.php in OpenCart before version 2.3.0.0 allows remote authenticated administrators to execute arbitrary SQL commands via a carrier (aka courier_id) parameter to openbay.php.
34 CVE-2015-8355 89 Exec Code Sql 2017-08-24 2018-10-09
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) "by" parameter to admin/orion.extfeedbackform_efbf_forms.php.
35 CVE-2015-8334 89 Exec Code Sql 2017-08-29 2017-09-07
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the Operation and Maintenance Unit (OMU) in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request.
36 CVE-2015-7517 89 Exec Code Sql 2017-08-29 2017-09-07
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin before 2.0.9 for WordPress allow remote attackers to execute arbitrary SQL commands via the ver parameter to (1) class-doifd-download.php or (2) class-doifd-landing-page.php in public/includes/.
37 CVE-2015-3616 89 Exec Code Sql 2017-08-11 2017-08-25
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters.
38 CVE-2015-0782 89 Exec Code Sql 2017-08-09 2017-08-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
39 CVE-2015-0780 89 Exec Code Sql 2017-08-09 2017-08-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
40 CVE-2014-9558 89 Sql 2017-08-28 2017-08-31
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in SmartCMS v.2.
Total number of vulnerabilities : 40   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.