Security Vulnerabilities, CVEs, Published In August 2017 (Sql injection) CVSS score >= 4
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action.
Max CVSS
9.8
EPSS Score
0.15%
Published
2017-08-31
Updated
2017-09-05
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php.
Max CVSS
9.8
EPSS Score
0.19%
Published
2017-08-31
Updated
2017-09-07
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered parameter to staffbox.php.
Max CVSS
9.8
EPSS Score
0.21%
Published
2017-08-24
Updated
2017-08-28
The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php.
Max CVSS
9.8
EPSS Score
0.27%
Published
2017-08-23
Updated
2021-09-10
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action.
Max CVSS
9.8
EPSS Score
0.21%
Published
2017-08-21
Updated
2017-08-25
The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It is exploitable by administrators via the tag_id parameter.
Max CVSS
7.2
EPSS Score
0.09%
Published
2017-08-21
Updated
2019-07-08
lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF.
Max CVSS
8.8
EPSS Score
0.08%
Published
2017-08-18
Updated
2017-08-24
classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in an untrash action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators.
Max CVSS
7.2
EPSS Score
0.09%
Published
2017-08-18
Updated
2017-08-22
classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators.
Max CVSS
7.2
EPSS Score
0.09%
Published
2017-08-18
Updated
2017-08-22
SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter.
Max CVSS
9.8
EPSS Score
0.18%
Published
2017-08-17
Updated
2017-08-20
SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter.
Max CVSS
9.8
EPSS Score
0.18%
Published
2017-08-17
Updated
2017-08-20
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter.
Max CVSS
9.8
EPSS Score
0.18%
Published
2017-08-17
Updated
2017-08-20
SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter.
Max CVSS
9.8
EPSS Score
0.17%
Published
2017-08-18
Updated
2017-09-19
finecms in 1.9.5\controllers\member\ContentController.php allows remote attackers to operate website database
Max CVSS
9.8
EPSS Score
0.49%
Published
2017-08-09
Updated
2017-08-24
A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information.
Max CVSS
7.5
EPSS Score
3.65%
Published
2017-08-30
Updated
2017-11-10
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php.
Max CVSS
9.8
EPSS Score
0.21%
Published
2017-08-24
Updated
2017-08-28
SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header.
Max CVSS
9.8
EPSS Score
0.16%
Published
2017-08-07
Updated
2017-08-15
SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. It can be exploited by remote authenticated librarian users.
Max CVSS
8.8
EPSS Score
0.09%
Published
2017-08-06
Updated
2017-08-14
SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through 7.2.101, and K1000 as a Service 7.0 through 7.2.
Max CVSS
9.8
EPSS Score
0.14%
Published
2017-08-07
Updated
2017-08-15
The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogue_update_order list-item, video_update_order video-item, image_update_order list-item, tag_group_update_order list_item, category_products_update_order category-product-item, custom_fields_update_order field-item, categories_update_order category-item, subcategories_update_order subcategory-item, and tags_update_order tag-list-item.
Max CVSS
9.8
EPSS Score
0.21%
Published
2017-08-02
Updated
2017-08-03
SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a login action.
Max CVSS
9.8
EPSS Score
0.28%
Published
2017-08-02
Updated
2018-10-09
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUtility.NET.dll doesn't properly validate user provided strings before constructing SQL queries. Formerly ZDI-CAN-4639 and ZDI-CAN-4638.
Max CVSS
8.8
EPSS Score
1.43%
Published
2017-08-02
Updated
2017-08-06
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x4707 due to lack of proper user input validation in cmdHandlerNewReportScheduler.dll. Formerly ZDI-CAN-4549.
Max CVSS
9.8
EPSS Score
12.52%
Published
2017-08-02
Updated
2017-08-06
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. Formerly ZDI-CAN-4545.
Max CVSS
9.8
EPSS Score
12.52%
Published
2017-08-02
Updated
2017-08-06
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll. Formerly ZDI-CAN-4561.
Max CVSS
9.8
EPSS Score
12.52%
Published
2017-08-02
Updated
2017-08-08