# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
24151 |
CVE-2017-17653 |
89 |
|
Exec Code Sql |
2018-02-08 |
2019-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupOptionSet Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4286. |
24152 |
CVE-2017-17652 |
89 |
|
Exec Code Sql |
2018-02-08 |
2019-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup Count method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4238. |
24153 |
CVE-2017-17651 |
89 |
|
Sql |
2017-12-18 |
2018-01-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter. |
24154 |
CVE-2017-17649 |
94 |
|
|
2017-12-18 |
2018-01-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter. |
24155 |
CVE-2017-17648 |
89 |
|
Sql |
2017-12-13 |
2017-12-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter. |
24156 |
CVE-2017-17645 |
89 |
|
Sql |
2017-12-18 |
2018-01-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php. |
24157 |
CVE-2017-17643 |
89 |
|
Sql |
2017-12-18 |
2018-01-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tutorial/. |
24158 |
CVE-2017-17642 |
89 |
|
Sql |
2017-12-13 |
2017-12-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job. |
24159 |
CVE-2017-17641 |
89 |
|
Sql |
2017-12-13 |
2017-12-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Resume Clone Script 2.0.5 has SQL Injection via the preview.php id parameter. |
24160 |
CVE-2017-17640 |
89 |
|
Sql |
2017-12-13 |
2017-12-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter. |
24161 |
CVE-2017-17639 |
89 |
|
Sql |
2017-12-13 |
2017-12-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter. |
24162 |
CVE-2017-17638 |
89 |
|
Sql |
2017-12-13 |
2017-12-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php state_id parameter. |
24163 |
CVE-2017-17637 |
89 |
|
Sql |
2017-12-13 |
2017-12-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter. |
24164 |
CVE-2017-17636 |
89 |
|
Sql |
2017-12-13 |
2017-12-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter. |
24165 |
CVE-2017-17635 |
89 |
|
Sql |
2017-12-13 |
2017-12-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
MLM Forex Market Plan Script 2.0.4 has SQL Injection via the news_detail.php newid parameter or the event_detail.php eventid parameter. |
24166 |
CVE-2017-17634 |
89 |
|
Sql |
2017-12-13 |
2017-12-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Single Theater Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter. |
24167 |
CVE-2017-17633 |
89 |
|
Sql |
2017-12-13 |
2017-12-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiplex Movie Theater Booking Script 3.1.5 has SQL Injection via the trailer-detail.php moid parameter, show-time.php moid parameter, or event-detail.php eid parameter. |
24168 |
CVE-2017-17632 |
89 |
|
Sql |
2017-12-13 |
2017-12-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Responsive Events And Movie Ticket Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter. |
24169 |
CVE-2017-17631 |
89 |
|
Sql |
2017-12-13 |
2017-12-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the success-story.php succid parameter. |
24170 |
CVE-2017-17630 |
89 |
|
Sql |
2017-12-13 |
2017-12-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Yoga Class Script 1.0 has SQL Injection via the /list city parameter. |
24171 |
CVE-2017-17629 |
89 |
|
Sql |
2017-12-13 |
2017-12-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Secure E-commerce Script 2.0.1 has SQL Injection via the category.php searchmain or searchcat parameter, or the single_detail.php sid parameter. |
24172 |
CVE-2017-17628 |
89 |
|
Sql |
2017-12-13 |
2017-12-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Responsive Realestate Script 3.2 has SQL Injection via the property-list tbud parameter. |
24173 |
CVE-2017-17627 |
89 |
|
Sql |
2017-12-13 |
2017-12-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter. |
24174 |
CVE-2017-17626 |
89 |
|
Sql |
2017-12-13 |
2017-12-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter. |
24175 |
CVE-2017-17625 |
89 |
|
Sql |
2017-12-13 |
2017-12-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Professional Service Script 1.0 has SQL Injection via the service-list city parameter. |
24176 |
CVE-2017-17624 |
89 |
|
Sql |
2017-12-13 |
2018-01-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1 parameter. |
24177 |
CVE-2017-17623 |
89 |
|
Sql |
2017-12-13 |
2017-12-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Opensource Classified Ads Script 3.2 has SQL Injection via the advance_result.php keyword parameter. |
24178 |
CVE-2017-17622 |
89 |
|
Sql |
2017-12-13 |
2017-12-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Online Exam Test Application Script 1.6 has SQL Injection via the exams.php sort parameter. |
24179 |
CVE-2017-17621 |
89 |
|
Sql |
2017-12-13 |
2017-12-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI. |
24180 |
CVE-2017-17620 |
89 |
|
Sql |
2017-12-13 |
2017-12-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city parameter. |
24181 |
CVE-2017-17619 |
89 |
|
Sql |
2017-12-13 |
2017-12-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Laundry Booking Script 1.0 has SQL Injection via the /list city parameter. |
24182 |
CVE-2017-17618 |
89 |
|
Sql |
2017-12-13 |
2017-12-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter. |
24183 |
CVE-2017-17617 |
89 |
|
Sql |
2017-12-13 |
2017-12-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php q parameter. |
24184 |
CVE-2017-17616 |
89 |
|
Sql |
2017-12-13 |
2017-12-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Event Search Script 1.0 has SQL Injection via the /event-list city parameter. |
24185 |
CVE-2017-17615 |
89 |
|
Sql |
2017-12-13 |
2017-12-26 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter. |
24186 |
CVE-2017-17614 |
89 |
|
Sql |
2017-12-13 |
2017-12-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Food Order Script 1.0 has SQL Injection via the /list city parameter. |
24187 |
CVE-2017-17613 |
89 |
|
Sql |
2017-12-13 |
2017-12-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php pr_id parameter or the searchbycat_list.php catid parameter. |
24188 |
CVE-2017-17612 |
89 |
|
Sql |
2017-12-13 |
2019-04-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter. |
24189 |
CVE-2017-17611 |
89 |
|
Sql |
2017-12-13 |
2017-12-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Doctor Search Script 1.0 has SQL Injection via the /list city parameter. |
24190 |
CVE-2017-17610 |
89 |
|
Sql |
2017-12-13 |
2017-12-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
E-commerce MLM Software 1.0 has SQL Injection via the service_detail.php pid parameter, event_detail.php eventid parameter, or news_detail.php newid parameter. |
24191 |
CVE-2017-17609 |
89 |
|
Sql |
2017-12-13 |
2017-12-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter. |
24192 |
CVE-2017-17608 |
89 |
|
Sql |
2017-12-13 |
2017-12-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Child Care Script 1.0 has SQL Injection via the /list city parameter. |
24193 |
CVE-2017-17607 |
89 |
|
Sql |
2017-12-13 |
2017-12-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail. |
24194 |
CVE-2017-17606 |
89 |
|
Sql |
2017-12-13 |
2017-12-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter. |
24195 |
CVE-2017-17605 |
89 |
|
Sql |
2017-12-13 |
2017-12-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter. |
24196 |
CVE-2017-17604 |
89 |
|
Sql |
2017-12-13 |
2017-12-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the booker_details.php sourcebus parameter. |
24197 |
CVE-2017-17603 |
89 |
|
Sql |
2017-12-13 |
2017-12-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter. |
24198 |
CVE-2017-17602 |
89 |
|
Sql |
2017-12-13 |
2017-12-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter. |
24199 |
CVE-2017-17601 |
89 |
|
Sql |
2017-12-13 |
2017-12-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Cab Booking Script 1.0 has SQL Injection via the /service-list city parameter. |
24200 |
CVE-2017-17600 |
89 |
|
Sql |
2017-12-13 |
2017-12-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter. |