CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 4 days ago•16 views

CVE-2019-25761 Joomla! Component JoomCRM 1.1.1 SQL Injection via deal_id

7.1CVSS

EUVD•added 4 days ago•4 views

EUVD-2019-20186

Joomla Component J-MultipleHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hotelid parameter. Attackers can send POST requests to the search-hotels endpoint with crafted S...

8.8CVSS6.3AI score

Cvelist•added 4 days ago•26 views

CVE-2017-20282 Joomla! Component jCart for OpenCart 2.0 SQL Injection

Joomla! Component jCart for OpenCart 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the productid parameter. Attackers can send GET requests to index.php with the option=comjcart&route=product/product...

ATTACKERKB•added 4 days ago•7 views

Exploits0References3

CVE-2017-20282

8.8CVSS6AI score

Exploits0References3Affected Software1

CVE•added 4 days ago•8 views

CVE-2017-20275

CVE-2017-20275 affects Joomla! Component PHP-Bridge 1.2.3. The vulnerability is an SQL injection in the id parameter of index.php when using option=com_phpbridge&view=phpview, allowing unauthenticated attackers to execute arbitrary SQL and extract database metadata (e.g., table and column names)....

ATTACKERKB•added 4 days ago•4 views

CVE-2017-20274

Joomla LMS King Professional 3.2.4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cpid parameter. Attackers can send GET requests to index.php with the option=comlmsking, view=lmsking,...

8.8CVSS6AI score

Exploits0References2Affected Software1

Cvelist•added 4 days ago•26 views

CVE-2017-20274 Joomla LMS King Professional 3.2.4.0 SQL Injection via learningpath

CVE•added 4 days ago•12 views

CVE-2017-20273

CVE-2017-20273 affects Joomla Event Registration Pro Calendar 4.1.3. The connected docs confirm an SQL injection vulnerability in index.php where the id parameter (via option=com_registrationpro&view=category&id) can be exploited unauthenticated to execute arbitrary SQL and extract sensitive data...

Cvelist•added 4 days ago•25 views

CVE-2017-20270 Joomla! Component Twitch Tv 1.1 SQL Injection

Joomla! Component Twitch Tv 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username and id parameters. Attackers can send GET requests to index.php with option=comtwitchtv and view paramete...

NVD•added 4 days ago•6 views

CVE-2017-20259

Joomla OSDownloads 1.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=comosdownloads&view=item&id=SQL to extract sensiti...

EUVD•added 4 days ago•3 views

EUVD-2017-18990

Joomla! Component FocalPoint Pro/Free 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=comfocalpoint, view=location, a...

8.8CVSS6.3AI score

Cvelist•added 4 days ago•26 views

CVE-2017-20261 Joomla! Component Bargain Product VM3 1.0 SQL Injection

Joomla! Component Bargain Product VM3 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can supply crafted SQL statements in GET requests to the brainy and alice...

CVE•added 4 days ago•13 views

CVE-2017-20260

Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product_id parameter in the subscribeajax view. Attackers can craft SQL payloads to extract sensitive database...

CVE•added 4 days ago•11 views

CVE-2017-20258

CVE-2017-20258 concerns the Joomla! extension RPC Responsive Portfolio 1.6.1 . The vulnerability is an SQL injection in the affected component, exploitable by unauthenticated attackers via a crafted HTTP GET request to index.php with the query string option=com_pofos&view=pofo&id=[SQL]. The under...

EUVD•added 4 days ago•3 views

EUVD-2017-18985

Joomla! Component RPC Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=compofos&view=pofo&id=SQL ...

CVE•added 5 days ago•17 views

CVE-2026-12111

The CVE describes a vulnerability in WordPress plugin Appointment Booking Calendar (

4.3CVSS5.5AI score0.00285EPSS

Exploits0References10

Cvelist•added 5 days ago•32 views

CVE-2026-12111 Appointment Booking Calendar <= 1.4.01 - Authenticated (Contributor+) Sensitive Information Exposure via 'id' Parameter

The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.4.01. This is due to insufficient authorization and missing per-calendar ownership checks in the cpabcappointmentscalendarload2 function, which is reachable vi...

4.3CVSS0.00285EPSS

Exploits0References10

NVD•added 5 days ago•7 views

CVE-2026-55740

Nur-Alam39 bus-ticket no released versions; latest commit 459cabdbeb99c00225b26e46e3c2c30ae1de7bad contains an unauthenticated SQL injection vulnerability in businfo.php. The busid parameter received via HTTP POST is concatenated directly into a MySQL query select from businfo where id=$busid...

9.8CVSS0.00366EPSS