Lucene search
+L

1838 matches found

NVD
NVD
added yesterday6 views

CVE-2026-38158

A SQL injection vulnerability in the /ureport/datasource/previewData component of ureport v2.2.9 allows attackers to access sensitive database information via crafted SQL statements...

9.8CVSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/10 6:53 p.m.36 views

CVE-2026-11321 GLPI DataInjection Plugin Authenticated SQL Injection via CSV Import

The DataInjection plugin for GLPI 2.15.6 GLPI 11 builds concatenates user-supplied CSV field values directly into SQL queries during CSV import, without parameterization or escaping, resulting in authenticated SQL injection. An authenticated user with access to the Data injection feature can embe...

7.1CVSS0.00314EPSS
Exploits0References4
CVE
CVE
added 2026/06/19 5:38 p.m.16 views

CVE-2019-25759

The CVE-2019-25759 entry describes an SQL injection in Joomla! component vbizz 1.0.7 where an authenticated attacker can craft the payid parameter to execute arbitrary SQL via POST to the employee management interface, potentially exposing database version and names. The provided sources confirm ...

7.1CVSS6.3AI score0.00221EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 5:31 p.m.19 views

CVE-2019-25757 Joomla vWishlist 1.0.1 SQL Injection via vproductid Parameter

Joomla vWishlist 1.0.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vproductid and userid parameters. Attackers can send POST requests to the component with crafted SQL payloads in these...

7.1CVSS0.00221EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 5:28 p.m.8 views

EUVD-2019-20192

Joomla! Component vAccount 2.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vid parameter. Attackers can send GET requests to the vaccount-dashboard/expense endpoint with crafted SQL payloa...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References4
CVE
CVE
added 2026/06/19 5:28 p.m.13 views

CVE-2019-25756

CVE-2019-25756 affects Joomla! Component vAccount 2.0.2. The vulnerability is an SQL injection in the vaccount-dashboard/expense endpoint, where an unauthenticated attacker can inject payloads via the vid parameter to perform arbitrary SQL queries and exfiltrate sensitive data such as database ve...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 5:16 p.m.12 views

CVE-2017-20271

Joomla StreetGuessr Game 1.1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET requests to index.php with the option=comstreetguess&view=maps parameters a...

8.8CVSS0.00237EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 5:8 p.m.17 views

CVE-2019-25750 Joomla J-MultipleHotelReservation 6.0.7 SQL Injection

Joomla Component J-MultipleHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hotelid parameter. Attackers can send POST requests to the search-hotels endpoint with crafted S...

8.8CVSS0.00366EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:58 p.m.8 views

CVE-2017-20282

Joomla! Component jCart for OpenCart 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the productid parameter. Attackers can send GET requests to index.php with the option=comjcart&route=product/product...

8.8CVSS6AI score0.00267EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/19 4:54 p.m.33 views

CVE-2017-20281 Joomla! Component Extra Search 2.2.8 SQL Injection

Joomla! Component Extra Search 2.2.8 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the establename parameter. Attackers can send GET requests to index.php with the option=comextrasearch parameter and...

8.8CVSS0.00267EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/19 4:51 p.m.33 views

CVE-2017-20280 Joomla Component Myportfolio 3.0.2 SQL Injection via pid Parameter

Joomla Component Myportfolio 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the pid parameter. Attackers can send GET requests to index.php with malicious pid values in the task=project&view=grid...

8.8CVSS0.00237EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:41 p.m.10 views

CVE-2017-20277

Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the searchauthor parameter on the search results page. Attackers can inject SQL code through POST requests to the search endpoint to extract database information using boolean-based blind SQL injection techniques...

8.8CVSS6AI score0.00253EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:31 p.m.7 views

CVE-2017-20274

Joomla LMS King Professional 3.2.4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cpid parameter. Attackers can send GET requests to index.php with the option=comlmsking, view=lmsking,...

8.8CVSS6AI score0.00237EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/19 4:21 p.m.33 views

CVE-2017-20271 Joomla StreetGuessr Game 1.1.8 SQL Injection via catid

Joomla StreetGuessr Game 1.1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET requests to index.php with the option=comstreetguess&view=maps parameters a...

8.8CVSS0.00237EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 4:16 p.m.16 views

CVE-2017-20262

Joomla! Component Ajax Quiz 1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cid parameter. Attackers can send GET requests to index.php with the option=comajaxquiz and view=ajaxquiz paramete...

8.8CVSS0.00334EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 4:7 p.m.7 views

EUVD-2017-18994

Joomla! Component Calendar Planner 1.0.1 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the categoryid parameter. Attackers can send GET requests to the events view with malicious SQL code in the categoryid parameter to extract sensiti...

8.8CVSS6AI score0.00334EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 3:51 p.m.38 views

CVE-2017-20262 Joomla! Component Ajax Quiz 1.8 SQL Injection

Joomla! Component Ajax Quiz 1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cid parameter. Attackers can send GET requests to index.php with the option=comajaxquiz and view=ajaxquiz paramete...

8.8CVSS0.00334EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 3:51 p.m.7 views

EUVD-2017-18989

Joomla! Component Ajax Quiz 1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cid parameter. Attackers can send GET requests to index.php with the option=comajaxquiz and view=ajaxquiz paramete...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4
CVE
CVE
added 2026/06/19 3:37 p.m.19 views

CVE-2017-20258

CVE-2017-20258 concerns the Joomla! extension RPC Responsive Portfolio 1.6.1 . The vulnerability is an SQL injection in the affected component, exploitable by unauthenticated attackers via a crafted HTTP GET request to index.php with the query string option=com_pofos&view=pofo&id=[SQL]. The under...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/19 3:30 p.m.6 views

CVE-2017-20256

Joomla Survey Force Deluxe 3.2.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the invite parameter. Attackers can send GET requests to the component with crafted SQL payloads in the invite...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder