Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2017-15985 |
|
Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter.
Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter.
|
| CVE-2017-15987 |
|
SQL Injection in sqli (CVE-2017-15987)
SQL injection in sqli (CVE-2017-15987). Successful exploitation can lead to full system takeover.
|
| CVE-2017-15988 |
|
SQL Injection in sqli (CVE-2017-15988)
SQL injection in sqli (CVE-2017-15988). Successful exploitation can lead to full system takeover.
|
| CVE-2017-15989 |
|
SQL Injection in sqli (CVE-2017-15989)
SQL injection in sqli (CVE-2017-15989). Successful exploitation can lead to full system takeover.
|
| CVE-2017-15990 |
|
Unrestricted File Upload in savsofteproducts (CVE-2017-15990)
vulnerability in savsofteproducts (CVE-2017-15990). Successful exploitation can lead to full system takeover.
|
| CVE-2017-15991 |
|
SQL Injection in sqli (CVE-2017-15991)
SQL injection in sqli (CVE-2017-15991). Successful exploitation can lead to full system takeover.
|
| CVE-2017-15992 |
|
Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php.
Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php.
|
| CVE-2017-15993 |
|
Zomato Clone Script allows SQL Injection via the restaurant-menu.php resid parameter.
Zomato Clone Script allows SQL Injection via the restaurant-menu.php resid parameter.
|
| CVE-2017-16230 |
|
Cross-Site Scripting (XSS) in typecho (CVE-2017-16230)
cross-site scripting in typecho (CVE-2017-16230). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-7411 |
|
Code Injection in enalean (CVE-2017-7411)
code injection in enalean (CVE-2017-7411). Successful exploitation can lead to full system takeover.
|
| CVE-2017-16000 |
|
SQL Injection in sqli (CVE-2017-16000)
SQL injection in sqli (CVE-2017-16000). Successful exploitation can lead to full system takeover.
|
| CVE-2017-15975 |
|
SQL Injection in sqli (CVE-2017-15975)
SQL injection in sqli (CVE-2017-15975). Successful exploitation can lead to full system takeover.
|
| CVE-2017-15976 |
|
SQL Injection in sqli (CVE-2017-15976)
SQL injection in sqli (CVE-2017-15976). Successful exploitation can lead to full system takeover.
|
| CVE-2017-15956 |
|
Vulnerability in converto-video-downloader-converter-project (CVE-2017-15956)
vulnerability in converto-video-downloader-converter-project (CVE-2017-15956). Confidential information can be exposed externally.
|
| CVE-2017-15957 |
|
Unrestricted File Upload in ingenious-school-management-system-project (CVE-2017-15957)
vulnerability in ingenious-school-management-system-project (CVE-2017-15957). Successful exploitation can lead to full system takeover.
|
| CVE-2017-15958 |
|
D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the username to admin/loginform.php.
D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the username to admin/loginform.php.
|
| CVE-2017-15960 |
|
SQL Injection in sqli (CVE-2017-15960)
SQL injection in sqli (CVE-2017-15960). Successful exploitation can lead to full system takeover.
|
| CVE-2017-15961 |
|
iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php.
iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php.
|
| CVE-2017-15963 |
|
SQL Injection in sqli (CVE-2017-15963)
SQL injection in sqli (CVE-2017-15963). Successful exploitation can lead to full system takeover.
|
| CVE-2017-15966 |
|
SQL Injection in sqli (CVE-2017-15966)
SQL injection in sqli (CVE-2017-15966). Successful exploitation can lead to full system takeover.
|
| CVE-2017-15968 |
|
MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.php subcategory parameter.
MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.php subcategory parameter.
|
| CVE-2017-15970 |
|
SQL Injection in sqli (CVE-2017-15970)
SQL injection in sqli (CVE-2017-15970). Successful exploitation can lead to full system takeover.
|
| CVE-2017-15971 |
|
SQL Injection in sqli (CVE-2017-15971)
SQL injection in sqli (CVE-2017-15971). Successful exploitation can lead to full system takeover.
|
| CVE-2017-15972 |
|
SQL Injection in sqli (CVE-2017-15972)
SQL injection in sqli (CVE-2017-15972). Successful exploitation can lead to full system takeover.
|
| CVE-2017-15973 |
|
SQL Injection in sqli (CVE-2017-15973)
SQL injection in sqli (CVE-2017-15973). Successful exploitation can lead to full system takeover.
|
| CVE-2017-15974 |
|
tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php.
tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php.
|
| CVE-2017-15946 |
|
SQL Injection in sqli (CVE-2017-15946)
SQL injection in sqli (CVE-2017-15946). Successful exploitation can lead to full system takeover. Exploitable via ``tag``.
|
| CVE-2017-15949 |
|
SQL Injection in sqli (CVE-2017-15949)
SQL injection in sqli (CVE-2017-15949). Successful exploitation can lead to full system takeover.
|
| CVE-2017-15935 |
|
Code Injection in artica (CVE-2017-15935)
code injection in artica (CVE-2017-15935). Successful exploitation can lead to full system takeover.
|
| CVE-2017-15933 |
|
SQL Injection in sqli (CVE-2017-15933)
SQL injection in sqli (CVE-2017-15933). Successful exploitation can lead to full system takeover.
|
| CVE-2012-4378 |
|
Cross-Site Scripting (XSS) in mediawiki (CVE-2012-4378)
cross-site scripting in mediawiki (CVE-2012-4378). Risk of unauthorized operations or information disclosure.
|
| CVE-2014-2023 |
|
SQL Injection in sqli (CVE-2014-2023)
SQL injection in sqli (CVE-2014-2023). Successful exploitation can lead to full system takeover.
|
| CVE-2017-15919 |
|
SQL Injection in wordpress (CVE-2017-15919)
SQL injection in wordpress (CVE-2017-15919). Successful exploitation can lead to full system takeover.
|
| CVE-2017-15907 |
|
SQL Injection in sqli (CVE-2017-15907)
SQL injection in sqli (CVE-2017-15907). Successful exploitation can lead to full system takeover.
|
| CVE-2017-15880 |
|
SQL Injection in sqli (CVE-2017-15880)
SQL injection in sqli (CVE-2017-15880). Successful exploitation can lead to full system takeover.
|
| CVE-2017-15872 |
|
Cross-Site Scripting (XSS) in phpwcms (CVE-2017-15872)
cross-site scripting in phpwcms (CVE-2017-15872). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-15867 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2017-15867)
cross-site scripting in wordpress (CVE-2017-15867). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-15863 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2017-15863)
cross-site scripting in wordpress (CVE-2017-15863). Risk of unauthorized operations or information disclosure.
|
| CVE-2014-1203 |
|
Command Injection in eyou (CVE-2014-1203)
command injection in eyou (CVE-2014-1203). Successful exploitation can lead to full system takeover.
|
| CVE-2017-15081 |
|
In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php.
In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php.
|
| CVE-2011-4333 |
|
Cross-Site Scripting (XSS) in scilico (CVE-2011-4333)
cross-site scripting in scilico (CVE-2011-4333). Risk of unauthorized operations or information disclosure.
|
| CVE-2011-4334 |
|
Unrestricted File Upload in labwiki-project (CVE-2011-4334)
vulnerability in labwiki-project (CVE-2011-4334). Successful exploitation can lead to full system takeover.
|
| CVE-2012-4567 |
|
Cross-Site Scripting (XSS) in letodms-project (CVE-2012-4567)
cross-site scripting in letodms-project (CVE-2012-4567). Risk of unauthorized operations or information disclosure.
|
| CVE-2012-4569 |
|
Cross-Site Scripting (XSS) in letodms-project (CVE-2012-4569)
cross-site scripting in letodms-project (CVE-2012-4569). Risk of unauthorized operations or information disclosure.
|
| CVE-2012-4570 |
|
SQL Injection in sqli (CVE-2012-4570)
SQL injection in sqli (CVE-2012-4570). Successful exploitation can lead to full system takeover.
|
| CVE-2015-5532 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2015-5532)
cross-site scripting in wordpress (CVE-2015-5532). Risk of unauthorized operations or information disclosure.
|
| CVE-2015-5533 |
|
SQL Injection in wordpress (CVE-2015-5533)
SQL injection in wordpress (CVE-2015-5533). Successful exploitation can lead to full system takeover.
|
| CVE-2017-15808 |
|
In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.
In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.
|
| CVE-2017-15809 |
|
In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag.
In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag.
|
| CVE-2017-15810 |
|
Cross-Site Scripting (XSS) in csharp (CVE-2017-15810)
cross-site scripting in csharp (CVE-2017-15810). Risk of unauthorized operations or information disclosure.
|