The valueAsString parameter inside the JSON payload contained by the ucLogin_txtLoginId_ClientStat POST parameter of the Sungard eTRAKiT3 software version 3.2.1.17 is not properly validated. An unauthenticated remote attacker may be able t…

CVE-2016-8640CRITICALCVSS 9.1EG 9.1

2018-08-01

A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL (at least) it is po…

CVE-2016-8897CRITICALCVSS 9.8EG 9.8

2019-05-23

Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php.

CVE-2016-8898CRITICALCVSS 9.8EG 9.8

2019-05-24

Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php.

CVE-2016-9048HIGHCVSS 7.4EG 7.4

2018-09-10

Multiple exploitable SQL Injection vulnerabilities exists in ProcessMaker Enterprise Core 3.0.1.7-community. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injecti…

CVE-2016-9488CRITICALCVSS 9.8EG 9.8

2018-06-05

ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injecti…

CVE-2017-0914HIGHCVSS 7.5EG 7.5

2018-03-21

Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclosure of all data in a GitLab instance's database.

CVE-2017-1000444CRITICALCVSS 9.8EG 9.8

2018-01-02

Eleix Openhacker version 0.1.47 is vulnerable to an SQL injection in the account registration and login component resulting in information disclosure and remote code execution

CVE-2017-1000474CRITICALCVSS 9.8EG 9.8

2018-01-24

Soyket Chowdhury Vehicle Sales Management System version 2017-07-30 is vulnerable to multiple SQL Injecting in login/vehicle.php, login/profile.php, login/Actions.php, login/manage_employee.php, and login/sell.php scripts resulting in the …

CVE-2017-10936HIGHCVSS 7.5EG 7.5

2018-07-25

SQL injection vulnerability in all versions prior to V4.01.01 of the ZTE ZXCDN-SNS product allows remote attackers to execute arbitrary SQL commands via the aoData parameter, resulting in the disclosure of database information.

CVE-2017-10937HIGHCVSS 7.5EG 7.5

2018-07-25

SQL injection vulnerability in all versions prior to V2.01.05.09 of the ZTE ZXIPTV-UCM product allows remote attackers to execute arbitrary SQL commands via the opertype parameter, resulting in the disclosure of database information.

CVE-2017-11088CRITICALCVSS 9.8EG 9.8

2018-07-06

Improper Input Validation in Linux io-prefetch in Snapdragon Mobile and Snapdragon Wear, A SQL injection vulnerability exists in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 835,…

CVE-2017-11509HIGHCVSS 8.8EG 8.8

2018-03-28

An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement.

CVE-2017-11559HIGHCVSS 7.5EG 7.5

2019-05-23

An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiKey' parameter of "/api/json/admin/getmailserversettings" and "/api/json/dashboard/gotoverviewlist" is vulnerable to a Blind SQL Injection attack.

CVE-2017-11738HIGHCVSS 8.1EG 8.1

2019-05-23

In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack.

CVE-2017-12729CRITICALCVSS 9.8EG 9.8

2018-01-18

A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer through 1.6. An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability has been identified. Attackers can exploit this vulnerabili…

CVE-2017-12757CRITICALCVSS 9.8EG 9.8

2019-05-09

Certain Ambit Technologies Pvt. Ltd products are affected by: SQL Injection. This affects iTech B2B Script 4.42i and Tech Business Networking Script 8.26i and Tech Caregiver Script 2.71i and Tech Classifieds Script 7.41i and Tech Dating Sc…

CVE-2017-12758CRITICALCVSS 9.8EG 9.8

2019-05-09

https://www.joomlaextensions.co.in/ Joomla! Component Appointment 1.1 is affected by: SQL Injection. The impact is: Code execution (remote). The component is: com_appointment component.

CVE-2017-12759CRITICALCVSS 9.8EG 9.8

2019-05-09

Ynet Interactive - http://demo.ynetinteractive.com/soa/ SOA School Management 3.0 is affected by: SQL Injection. The impact is: Code execution (remote).

CVE-2017-12760HIGHCVSS 8.8EG 8.8

2019-05-09

Ynet Interactive - http://demo.ynetinteractive.com/mobiketa/ Mobiketa 4.0 is affected by: SQL Injection. The impact is: Code execution (remote).

CVE-2017-12761HIGHCVSS 7.5EG 7.5

2019-05-09

http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by: SQL Injection. The impact is: Arbitrary File Download (remote). The component is: $file = $_GET['id'] in download.php. The attack vector is: http://speicher.example.co…

CVE-2017-14807HIGHCVSS 8.1EG 8.1

2020-01-27

An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing f…

CVE-2017-14851CRITICALCVSS 9.8EG 9.8

2019-06-03

A SQL injection vulnerability exists in all Orpak SiteOmat versions prior to 2017-09-25. The vulnerability is in the login page, where the authentication validation process contains an insecure SELECT query. The attack allows for authentic…

CVE-2017-14960HIGHCVSS 7.5EG 7.5

2018-01-04

xDashboard in OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 has SQL Injection.

CVE-2017-15329HIGHCVSS 8.8EG 8.8

2018-02-15

Huawei UMA V200R001C00 has a SQL injection vulnerability in the operation and maintenance module. An attacker logs in to the system as a common user and sends crafted HTTP requests that contain malicious SQL statements to the affected syst…

CVE-2017-15367CRITICALCVSS 9.8EG 9.8

2018-03-07

Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an attacker to access the Bacula database and, depending on configuration, escalate privileges on the server.

CVE-2017-15546MEDIUMCVSS 4.3EG 4.3

2018-01-25

The Security Console in EMC RSA Authentication Manager 8.2 SP1 P6 and earlier is affected by a blind SQL injection vulnerability. Authenticated malicious users could potentially exploit this vulnerability to read any unencrypted data from …

CVE-2017-16558CRITICALCVSS 9.8EG 9.8

2019-04-25

Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.

CVE-2017-1670CRITICALCVSS 9.8EG 9.8

2018-01-09

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end dat…

CVE-2017-16716CRITICALCVSS 9.8EG 9.8

2018-01-05

A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands.

CVE-2017-1722MEDIUMCVSS 6.3EG 6.3

2018-04-26

IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-F…

CVE-2017-17412CRITICALCVSS 9.8EG 9.8

2018-02-08