Lucene search
K

13188 matches found

Cvelist
Cvelist
added 2017/03/07 4:0 p.m.15 views

CVE-2016-7784

SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter...

10AI score0.02567EPSS
Exploits1References5
Cvelist
Cvelist
added 2017/03/07 4:0 p.m.20 views

CVE-2016-7788

SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter...

10AI score0.02567EPSS
Exploits1References4
Cvelist
Cvelist
added 2017/03/07 4:0 p.m.16 views

CVE-2016-7789

SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the apikey parameter...

10AI score0.02497EPSS
Exploits2References4
Cvelist
Cvelist
added 2017/03/07 4:0 p.m.16 views

CVE-2016-7782

SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter...

10AI score0.02567EPSS
Exploits1References3
CVE
CVE
added 2017/03/07 4:0 p.m.48 views

CVE-2016-7780

CVE-2016-7780 affects Exponent CMS up to version 2.3.9. The vulnerability is a SQL injection in cron/find_help.php where the version parameter can be controlled to execute arbitrary SQL commands. Mitigation/repair exists in the project; a fix is provided in the Exponent CMS repository (commit a8e...

9.8CVSS10AI score0.02567EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2017/03/07 4:0 p.m.20 views

CVE-2016-9087

SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter...

10AI score0.02225EPSS
Exploits1References4
Prion
Prion
added 2017/03/03 3:59 p.m.12 views

Sql injection

SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php...

7.5CVSS9AI score0.02082EPSS
Exploits2References2Affected Software1
UbuntuCve
UbuntuCve
added 2017/03/03 3:59 p.m.24 views

CVE-2016-10204

SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php...

9.8CVSS7.5AI score0.02082EPSS
Exploits2References4
OSV
OSV
added 2017/03/03 3:59 p.m.22 views

CVE-2016-10204

SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php...

9.8CVSS8.6AI score
Exploits0References2
Prion
Prion
added 2017/02/17 8:59 p.m.11 views

Sql injection

SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticated users to execute arbitrary SQL commands via the order parameter...

6.5CVSS8.8AI score0.01066EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/02/17 8:0 p.m.19 views

CVE-2017-6065

SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticated users to execute arbitrary SQL commands via the order parameter...

8.9AI score0.01066EPSS
Exploits0References1
Prion
Prion
added 2017/02/17 2:59 a.m.26 views

Sql injection

SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggleids array parameter in latest.php...

7.5CVSS8.8AI score0.83284EPSS
Exploits24References7Affected Software1
Debian CVE
Debian CVE
added 2017/02/16 6:0 p.m.30 views

CVE-2016-10134

SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggleids array parameter in latest.php...

9.8CVSS7.2AI score0.83284EPSS
Exploits24
OSV
OSV
added 2017/02/15 7:59 p.m.3 views

CVE-2016-3694

Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module is not installed, allow remote attackers to execute arbitrary SQL commands via the 1 ordersstatus or 2 customersstatus parameter to api/easybill/easybillcsv.php...

9.8CVSS6.1AI score0.0373EPSS
Exploits5References2
Prion
Prion
added 2017/02/15 7:59 p.m.13 views

Sql injection

Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module is not installed, allow remote attackers to execute arbitrary SQL commands via the 1 ordersstatus or 2 customersstatus parameter to api/easybill/easybillcsv.php...

7.5CVSS9.2AI score0.0373EPSS
Exploits5References2Affected Software1
NVD
NVD
added 2017/02/15 7:59 p.m.23 views

CVE-2016-3694

Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module is not installed, allow remote attackers to execute arbitrary SQL commands via the 1 ordersstatus or 2 customersstatus parameter to api/easybill/easybillcsv.php...

9.8CVSS10AI score0.0373EPSS
Exploits5References2
NVD
NVD
added 2017/02/07 3:59 p.m.18 views

CVE-2016-7400

Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the 1 id parameter in an activateaddress address controller action, 2 title parameter in a show blog controller action, or 3 contentid parameter in a showComments...

9.8CVSS10AI score0.04651EPSS
Exploits4References7
OSV
OSV
added 2017/02/07 3:59 p.m.17 views

CVE-2016-7400

Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the 1 id parameter in an activateaddress address controller action, 2 title parameter in a show blog controller action, or 3 contentid parameter in a showComments...

9.8CVSS8.7AI score
Exploits0References7
Cvelist
Cvelist
added 2017/02/07 3:0 p.m.23 views

CVE-2016-7400

Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the 1 id parameter in an activateaddress address controller action, 2 title parameter in a show blog controller action, or 3 contentid parameter in a showComments...

10AI score0.04651EPSS
Exploits4References7
OSV
OSV
added 2017/01/31 10:59 p.m.5 views

CVE-2016-9402

SQL injection vulnerability in the moderation tool in MyBB aka MyBulletinBoard before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors...

9.8CVSS6.1AI score0.02116EPSS
Exploits0References4
Rows per page
Query Builder