Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sql injection vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-9730
SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and previous versions allows remote malicious users to execute arbitrary SQL commands via the "r" parameter.
Dfsol Nuevomailer
1 EDB exploit
9.8
CVSSv3
CVE-2017-15977
Protected Links - Expiring Download Links 1.0 allows SQL Injection via the username parameter.
Protectedlinks Expiring Download Links 1.0
1 EDB exploit
NA
CVE-2015-1517
SQL injection vulnerability in Piwigo prior to 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh photo set" action in the batch_manager page to admin.php.
Piwigo Piwigo
1 EDB exploit
9.8
CVSSv3
CVE-2019-16692
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used.
Phpipam Phpipam
1 EDB exploit
1 Github repository
9.8
CVSSv3
CVE-2017-7997
Multiple SQL injection vulnerabilities in Gespage prior to 7.4.9 allow remote malicious users to execute arbitrary SQL commands via the (1) show_prn parameter to webapp/users/prnow.jsp or show_month parameter to (2) webapp/users/blhistory.jsp or (3) webapp/users/prhistory.jsp.
Gespage Gespage
1 EDB exploit
NA
CVE-2010-4006
Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x prior to 5.0.81, 5.1.x prior to 5.1.51, and 6.0.x prior to 6.0.1 allow remote malicious users to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.
Wsnlinks Wsn Links 5.0.80
Wsnlinks Wsn Links 5.0.0
Wsnlinks Wsn Links 5.0.17
Wsnlinks Wsn Links 5.0.18
Wsnlinks Wsn Links 5.0.23
Wsnlinks Wsn Links 5.0.24
Wsnlinks Wsn Links 5.0.30
Wsnlinks Wsn Links 5.0.31
Wsnlinks Wsn Links 5.0.32
Wsnlinks Wsn Links 5.0.39
Wsnlinks Wsn Links 5.0.4
Wsnlinks Wsn Links 5.0.46
Wsnlinks Wsn Links 5.0.47
Wsnlinks Wsn Links 5.0.53
Wsnlinks Wsn Links 5.0.54
Wsnlinks Wsn Links 5.0.55
Wsnlinks Wsn Links 5.0.61
Wsnlinks Wsn Links 5.0.62
Wsnlinks Wsn Links 5.0.69
Wsnlinks Wsn Links 5.0.7
Wsnlinks Wsn Links 5.0.77
Wsnlinks Wsn Links 5.0.78
1 EDB exploit
NA
CVE-2013-2559
SQL injection vulnerability in Symphony CMS prior to 2.3.2 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter to system/authors/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated malicious users to execute arbitrary SQ...
Getsymphony Symphony 2.0.4
Getsymphony Symphony 2.0.5
Getsymphony Symphony 2.0.6
Getsymphony Symphony 2.0.7
Getsymphony Symphony 2.0
Getsymphony Symphony 2.0.3
Getsymphony Symphony
Getsymphony Symphony 2.3
Getsymphony Symphony 2.1.0
Getsymphony Symphony 2.1.1
1 EDB exploit
7.5
CVSSv3
CVE-2016-7508
Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authenticated remote malicious user to execute arbitrary SQL commands by using a certain character when the database is configured to use Big5 Asian encoding.
Glpi-project Glpi 0.90.4
1 EDB exploit
NA
CVE-2005-1417
Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and other versions allow remote malicious users to execute arbitrary SQL commands via (1) article_popular.asp, (2) arguments to dl_popular.asp, (3) arguments to links_popular.asp, (4) arguments to pic_popular.asp, ...
Maxwebportal Maxwebportal 1.3.5
Maxwebportal Maxwebportal 2.0
Maxwebportal Maxwebportal 1.3.1
Maxwebportal Maxwebportal 1.3.3
Maxwebportal Maxwebportal 1.3.0
Maxwebportal Maxwebportal 1.3.2
5 EDB exploits
NA
CVE-2007-1550
Multiple SQL injection vulnerabilities in phpx 3.5.15 allow remote malicious users to execute arbitrary SQL commands via the (1) image_id or (2) cat_id parameter to (a) gallery.php; the (3) news_id parameter to (b) news.php or (c) print.php; (4) the news_cat_id parameter to news....
Phpx Phpx
5 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »