CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-5697 Sql 2018-01-13 2018-01-13
0.0
None ??? ??? ??? ??? ??? ???
Icy Phoenix 2.2.0.105 allows SQL injection via an unapprove request to admin_kb_art.php or the order parameter to admin_jr_admin.php, related to functions_kb.php.
2 CVE-2018-5696 Sql 2018-01-13 2018-01-13
0.0
None ??? ??? ??? ??? ??? ???
The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL injection via the `advertiser_status` and `status_select` parameters to index.php.
3 CVE-2018-5695 Sql 2018-01-13 2018-01-13
0.0
None ??? ??? ??? ??? ??? ???
The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection via the order or sort parameter to the wpjb-job or wpjb-alerts module, with a request to wp-admin/admin.php.
4 CVE-2018-5374 Sql 2018-01-12 2018-01-12
0.0
None ??? ??? ??? ??? ??? ???
The Dbox 3D Slider Lite plugin through 1.2.2 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter).
5 CVE-2018-5373 Sql 2018-01-12 2018-01-12
0.0
None ??? ??? ??? ??? ??? ???
The Smooth Slider plugin through 2.8.6 for WordPress has SQL Injection via smooth-slider.php (trid parameter).
6 CVE-2018-5372 Sql 2018-01-12 2018-01-12
0.0
None ??? ??? ??? ??? ??? ???
The Testimonial Slider plugin through 1.2.4 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter).
7 CVE-2018-5315 Sql 2018-01-12 2018-01-13
0.0
None ??? ??? ??? ??? ??? ???
The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter to event.php.
8 CVE-2018-5211 Sql 2018-01-09 2018-01-09
0.0
None ??? ??? ??? ??? ??? ???
PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack on the page ajax.php with the parameter playlist.
9 CVE-2018-3811 89 Exec Code Sql 2018-01-01 2018-01-16
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. The saveGoogleAdWords() function in smartgooglecode.php did not use prepared statements and did not sanitize the $_POST["oId"] variable before passing it as input into the SQL query.
10 CVE-2017-1002028 89 Sql 2017-09-14 2017-09-20
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query.
11 CVE-2017-1002027 89 Sql 2017-09-14 2017-09-20
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rk_user_list.php.
12 CVE-2017-1002026 89 Sql 2017-09-14 2017-09-20
6.5
None Remote Low Single system Partial Partial Partial
Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement.
13 CVE-2017-1002025 89 Sql 2017-09-14 2017-09-21
6.5
None Remote Low Single system Partial Partial Partial
Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement.
14 CVE-2017-1002023 89 Sql 2017-09-14 2017-09-21
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php
15 CVE-2017-1002022 89 Sql 2017-09-14 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query.
16 CVE-2017-1002021 89 Sql 2017-09-14 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query.
17 CVE-2017-1002020 89 Sql 2017-09-14 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query.
18 CVE-2017-1002019 89 Sql 2017-09-14 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this allows for blind SQL injection via the event parameter.
19 CVE-2017-1002018 89 Sql 2017-09-14 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this allows for blind SQL injection via the event parameter.
20 CVE-2017-1002015 89 Sql 2017-09-14 2017-09-20
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter.
21 CVE-2017-1002014 89 Sql 2017-09-14 2017-09-20
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter.
22 CVE-2017-1002013 89 Sql 2017-09-14 2017-09-20
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php.
23 CVE-2017-1002010 89 Sql 2017-09-14 2017-09-21
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete_media function.
24 CVE-2017-1002009 89 Sql 2017-09-14 2017-09-21
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function.
25 CVE-2017-1000493 Sql 2018-01-02 2018-01-02
0.0
None ??? ??? ??? ??? ??? ???
Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrator account takeover
26 CVE-2017-1000444 89 Exec Code Sql 2018-01-02 2018-01-11
7.5
None Remote Low Not required Partial Partial Partial
Eleix Openhacker version 0.1.47 is vulnerable to an SQL injection in the account registration and login component resulting in information disclosure and remote code execution
27 CVE-2017-1000129 89 Sql 2017-11-17 2017-11-29
5.0
None Remote Low Not required Partial None None
Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure
28 CVE-2017-1000120 89 Exec Code Sql 2017-10-04 2017-10-13
6.5
None Remote Low Single system Partial Partial Partial
[ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter.
29 CVE-2017-1000067 89 Sql 2017-07-17 2017-07-21
6.5
None Remote Low Single system Partial Partial Partial
MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges.
30 CVE-2017-1000060 89 Sql 2017-07-17 2017-07-19
10.0
None Remote Low Not required Complete Complete Complete
EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root
31 CVE-2017-1000031 89 Exec Code Sql 2017-07-17 2017-07-19
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters.
32 CVE-2017-1000004 89 Exec Code Sql 2017-07-17 2017-08-04
7.5
None Remote Low Not required Partial Partial Partial
ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, Glossary, Social Group Member Search, Social Friend Search, Social Group Search, File Comment, Gradebook Test Title, User Group Membership, Inbox/Sent Items, Sent Messages, Links, Photo Album, Poll, Social Application, Social Profile, Test, Content Menu, Auto-Login, and Gradebook components resulting in information disclosure, database modification, or potential code execution.
33 CVE-2017-17983 89 Sql 2017-12-29 2018-01-09
6.5
None Remote Low Single system Partial Partial Partial
PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php mem_id parameter.
34 CVE-2017-17970 Exec Code Sql 2018-01-12 2018-01-13
0.0
None ??? ??? ??? ??? ??? ???
Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to login.php; the (2) season_id parameter to themes/flixer/ajax/load_season.php; the (3) movie_id parameter to themes/flixer/ajax/get_rating.php; the (4) rating or (5) movie_id parameter to themes/flixer/ajax/update_rating.php; or the (6) id parameter to themes/flixer/ajax/set_player_source.php.
35 CVE-2017-17959 Sql 2017-12-28 2017-12-28
0.0
None ??? ??? ??? ??? ??? ???
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter.
36 CVE-2017-17957 Sql 2017-12-28 2017-12-28
0.0
None ??? ??? ??? ??? ??? ???
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter.
37 CVE-2017-17951 Sql 2017-12-28 2017-12-28
0.0
None ??? ??? ??? ??? ??? ???
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter.
38 CVE-2017-17950 Sql 2017-12-28 2017-12-28
0.0
None ??? ??? ??? ??? ??? ???
Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid parameter.
39 CVE-2017-17941 89 Sql 2017-12-28 2018-01-09
6.5
None Remote Low Single system Partial Partial Partial
PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter.
40 CVE-2017-17931 89 Sql 2017-12-27 2018-01-10
7.5
None Remote Low Not required Partial Partial Partial
PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter.
41 CVE-2017-17928 89 Sql 2017-12-27 2018-01-10
7.5
None Remote Low Not required Partial Partial Partial
PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter.
42 CVE-2017-17920 89 Exec Code Sql 2017-12-29 2018-01-10
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.
43 CVE-2017-17919 89 Exec Code Sql 2017-12-29 2018-01-10
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.
44 CVE-2017-17917 89 Exec Code Sql 2017-12-29 2018-01-10
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.
45 CVE-2017-17916 89 Exec Code Sql 2017-12-29 2018-01-10
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.
46 CVE-2017-17906 89 Sql 2017-12-27 2018-01-09
7.5
None Remote Low Not required Partial Partial Partial
PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter.
47 CVE-2017-17900 89 Exec Code Sql 2017-12-27 2018-01-09
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter.
48 CVE-2017-17899 89 Exec Code Sql 2017-12-27 2018-01-09
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter.
49 CVE-2017-17897 89 Exec Code Sql 2017-12-27 2018-01-09
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
50 CVE-2017-17895 89 Sql 2017-12-27 2018-01-09
7.5
None Remote Low Not required Partial Partial Partial
Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.