Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-16543

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-05 Nov, 2017 | 17:00
Updated At-05 Aug, 2024 | 20:27
Rejected At-
Credits

Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:05 Nov, 2017 | 17:00
Updated At:05 Aug, 2024 | 20:27
Rejected At:
▼CVE Numbering Authority (CNA)

Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.exploit-db.com/exploits/43129/
exploit
x_refsource_EXPLOIT-DB
http://code610.blogspot.com/2017/11/sql-injection-in-manageengine.html
x_refsource_MISC
https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16543.html
x_refsource_CONFIRM
Hyperlink: https://www.exploit-db.com/exploits/43129/
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://code610.blogspot.com/2017/11/sql-injection-in-manageengine.html
Resource:
x_refsource_MISC
Hyperlink: https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16543.html
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.exploit-db.com/exploits/43129/
exploit
x_refsource_EXPLOIT-DB
x_transferred
http://code610.blogspot.com/2017/11/sql-injection-in-manageengine.html
x_refsource_MISC
x_transferred
https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16543.html
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.exploit-db.com/exploits/43129/
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://code610.blogspot.com/2017/11/sql-injection-in-manageengine.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16543.html
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:05 Nov, 2017 | 17:29
Updated At:20 Apr, 2025 | 01:37

Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.09.8CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Zoho Corporation Pvt. Ltd.
zohocorp
>>manageengine_applications_manager>>13.0
cpe:2.3:a:zohocorp:manageengine_applications_manager:13.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Primarynvd@nist.gov
CWE ID: CWE-89
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://code610.blogspot.com/2017/11/sql-injection-in-manageengine.htmlcve@mitre.org
Third Party Advisory
https://www.exploit-db.com/exploits/43129/cve@mitre.org
Exploit
Third Party Advisory
VDB Entry
https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16543.htmlcve@mitre.org
N/A
http://code610.blogspot.com/2017/11/sql-injection-in-manageengine.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.exploit-db.com/exploits/43129/af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
VDB Entry
https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16543.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://code610.blogspot.com/2017/11/sql-injection-in-manageengine.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://www.exploit-db.com/exploits/43129/
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16543.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://code610.blogspot.com/2017/11/sql-injection-in-manageengine.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.exploit-db.com/exploits/43129/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16543.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

6889Records found
CVE-2024-5527
Matching Score-6
Assigner-ManageEngine
ShareView Details
Matching Score-6
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-4.94% / 89.22%
||
7 Day CHG~0.00%
Published-12 Aug, 2024 | 05:31
Updated-16 Aug, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in file auditing configuration.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5586
Matching Score-6
Assigner-ManageEngine
ShareView Details
Matching Score-6
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.70% / 87.48%
||
7 Day CHG~0.00%
Published-23 Aug, 2024 | 13:54
Updated-27 Aug, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-43671
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-62.47% / 98.30%
||
7 Day CHG~0.00%
Published-12 Nov, 2022 | 00:00
Updated-01 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_access_manager_plusmanageengine_pam360manageengine_password_manager_pron/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-38872
Matching Score-6
Assigner-ManageEngine
ShareView Details
Matching Score-6
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-4.94% / 89.22%
||
7 Day CHG~0.00%
Published-26 Jul, 2024 | 17:30
Updated-11 Sep, 2024 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_exchange_reporter_plusExchange Reporter Plusexchange_reporter_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-38871
Matching Score-6
Assigner-ManageEngine
ShareView Details
Matching Score-6
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-4.94% / 89.22%
||
7 Day CHG~0.00%
Published-26 Jul, 2024 | 17:29
Updated-11 Sep, 2024 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_exchange_reporter_plusExchange Reporter Plusexchange_reporter_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-40300
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-46.10% / 97.55%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 22:47
Updated-13 Jan, 2025 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_password_manager_promanageengine_pam360manageengine_access_manager_plusn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-36485
Matching Score-6
Assigner-ManageEngine
ShareView Details
Matching Score-6
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.88% / 74.45%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 11:13
Updated-07 Nov, 2024 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusmanageengine_adaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-36517
Matching Score-6
Assigner-ManageEngine
ShareView Details
Matching Score-6
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.70% / 87.48%
||
7 Day CHG~0.00%
Published-23 Aug, 2024 | 13:34
Updated-27 Aug, 2024 | 13:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in alerts module.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-36516
Matching Score-6
Assigner-ManageEngine
ShareView Details
Matching Score-6
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.70% / 87.48%
||
7 Day CHG~0.00%
Published-23 Aug, 2024 | 13:36
Updated-27 Aug, 2024 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36515), both of which have affected ADAudit Plus' dashboard.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-36518
Matching Score-6
Assigner-ManageEngine
ShareView Details
Matching Score-6
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.59% / 87.30%
||
7 Day CHG~0.00%
Published-12 Aug, 2024 | 07:13
Updated-21 Nov, 2024 | 23:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's dashboard.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-0269
Matching Score-6
Assigner-ManageEngine
ShareView Details
Matching Score-6
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.66% / 70.27%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 13:05
Updated-01 Aug, 2024 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-16542
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.22% / 78.30%
||
7 Day CHG~0.00%
Published-05 Nov, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_applications_managern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-27908
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-4.22% / 88.31%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 12:17
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_opmanagern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-49334
Matching Score-6
Assigner-ManageEngine
ShareView Details
Matching Score-6
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.15% / 36.78%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 17:55
Updated-09 May, 2025 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-49333
Matching Score-6
Assigner-ManageEngine
ShareView Details
Matching Score-6
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.15% / 36.78%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 17:51
Updated-09 May, 2025 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-48793
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-8.62% / 92.08%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 00:00
Updated-11 Jun, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.ManageEngine (Zoho Corporation Pvt. Ltd.)
Product-manageengine_adaudit_plusn/aadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-49335
Matching Score-6
Assigner-ManageEngine
ShareView Details
Matching Score-6
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.08% / 24.43%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 17:55
Updated-09 May, 2025 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-49330
Matching Score-6
Assigner-ManageEngine
ShareView Details
Matching Score-6
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.29% / 51.63%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 12:19
Updated-12 May, 2025 | 13:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-11559
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.93% / 91.70%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 17:09
Updated-05 Aug, 2024 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiKey' parameter of "/api/json/admin/getmailserversettings" and "/api/json/dashboard/gotoverviewlist" is vulnerable to a Blind SQL Injection attack.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_opmanagern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-11738
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-1.14% / 77.58%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 15:29
Updated-05 Aug, 2024 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_applications_managern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2019-19650
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.39% / 91.36%
||
7 Day CHG~0.00%
Published-11 Dec, 2019 | 17:40
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_applications_managern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2019-15105
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-3.65% / 87.40%
||
7 Day CHG~0.00%
Published-16 Aug, 2019 | 02:44
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Zoho ManageEngine Application Manager through 14.2. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_applications_managern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-9459
Matching Score-6
Assigner-ManageEngine
ShareView Details
Matching Score-6
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-1.29% / 78.88%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 05:44
Updated-06 Nov, 2024 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_exchange_reporter_plusExchange Reporter Plusmanageengine_exchange_reporter_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-36035
Matching Score-6
Assigner-ManageEngine
ShareView Details
Matching Score-6
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.70% / 87.48%
||
7 Day CHG~0.00%
Published-12 Aug, 2024 | 07:19
Updated-16 Aug, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in user session recording.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-36514
Matching Score-6
Assigner-ManageEngine
ShareView Details
Matching Score-6
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.70% / 87.48%
||
7 Day CHG~0.00%
Published-23 Aug, 2024 | 13:37
Updated-27 Aug, 2024 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5546
Matching Score-6
Assigner-ManageEngine
ShareView Details
Matching Score-6
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-4.16% / 88.23%
||
7 Day CHG~0.00%
Published-28 Aug, 2024 | 08:44
Updated-19 Sep, 2024 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_password_manager_promanageengine_pam360Password Manager ProPAM360pam360password_manager_pro
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-36034
Matching Score-6
Assigner-ManageEngine
ShareView Details
Matching Score-6
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.70% / 87.48%
||
7 Day CHG~0.00%
Published-12 Aug, 2024 | 07:23
Updated-16 Aug, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in aggregate reports' search option.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5467
Matching Score-6
Assigner-ManageEngine
ShareView Details
Matching Score-6
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.70% / 87.48%
||
7 Day CHG~0.00%
Published-23 Aug, 2024 | 13:28
Updated-27 Aug, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-49574
Matching Score-6
Assigner-ManageEngine
ShareView Details
Matching Score-6
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.81% / 73.31%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 07:55
Updated-26 Nov, 2024 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusmanageengine_adaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-48878
Matching Score-6
Assigner-ManageEngine
ShareView Details
Matching Score-6
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.88% / 74.45%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 10:56
Updated-05 Nov, 2024 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_admanager_plusADManager Plusmanageengine_admanager_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-36515
Matching Score-6
Assigner-ManageEngine
ShareView Details
Matching Score-6
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.70% / 87.48%
||
7 Day CHG~0.00%
Published-23 Aug, 2024 | 13:37
Updated-27 Aug, 2024 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36516), both of which have affected ADAudit Plus' dashboard.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2019-17072
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.91% / 74.89%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 10:52
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The new-contact-form-widget (aka Contact Form Widget - Contact Query, Form Maker) plugin 1.0.9 for WordPress has SQL Injection via all-query-page.php.

Action-Not Available
Vendor-n/aA WP Life
Product-contact_form_widgetn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-9599
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.88%
||
7 Day CHG~0.00%
Published-29 Aug, 2025 | 00:32
Updated-29 Aug, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Apartment Management System month_setup.php sql injection

A weakness has been identified in itsourcecode Apartment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /setting/month_setup.php. Executing manipulation of the argument txtMonthName can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited.

Action-Not Available
Vendor-ITSourceCode
Product-Apartment Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1024
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.40% / 59.73%
||
7 Day CHG~0.00%
Published-19 Mar, 2010 | 18:35
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-chris_wederkan/aTYPO3 Association
Product-tgm_newslettertypo3n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1704
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.14% / 77.50%
||
7 Day CHG~0.00%
Published-04 May, 2010 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to execute arbitrary SQL commands via (1) the password field to login.php, (2) the login field (aka email parameter) to login.php, (3) the password field (aka pass parameter) to the default URI under admin/, and possibly (4) the login field to the default URI under admin/. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-2daybizn/a
Product-polls_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1271
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.14% / 77.50%
||
7 Day CHG~0.00%
Published-06 Apr, 2010 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in showplugs.php in smartplugs 1.3 allows remote attackers to execute arbitrary SQL commands via the domain parameter.

Action-Not Available
Vendor-smart-plugsn/a
Product-smartplugsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1583
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.73% / 71.86%
||
7 Day CHG~0.00%
Published-05 May, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the loadByKey function in the TznDbConnection class in tzn_mysql.php in Tirzen (aka TZN) Framework 1.5, as used in TaskFreak! before 0.6.3, allows remote attackers to execute arbitrary SQL commands via the username field in a login action.

Action-Not Available
Vendor-tirzentaskfreakn/a
Product-tirzen_frameworktaskfreak\!n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1017
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.07%
||
7 Day CHG~0.00%
Published-19 Mar, 2010 | 18:35
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the SAV Filter Months (sav_filter_months) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-laurent_foulloyn/aTYPO3 Association
Product-typo3sav_filter_monthsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1726
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.35% / 56.73%
||
7 Day CHG~0.00%
Published-05 May, 2010 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in offers_buy.php in EC21 Clone 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-alibabaclonen/a
Product-ec21_clonen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1045
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.57%
||
7 Day CHG~0.00%
Published-22 Mar, 2010 | 18:17
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Productbook (com_productbook) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-design-carsn/aJoomla!
Product-com_productbookjoomla\!n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1713
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.54%
||
7 Day CHG~0.00%
Published-04 May, 2010 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in modules.php in PostNuke 0.764 allows remote attackers to execute arbitrary SQL commands via the sid parameter in a News article modload action.

Action-Not Available
Vendor-postnuken/a
Product-postnuken/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-1731
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.41%
||
7 Day CHG~0.00%
Published-20 May, 2009 | 18:00
Updated-07 Aug, 2024 | 05:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in panel/index.php in MLFFAT 2.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded supervisor cookie.

Action-Not Available
Vendor-mlffatn/a
Product-mlffatn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1605
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.37% / 57.80%
||
7 Day CHG~0.00%
Published-29 Apr, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in isearch.php in NCT Jobs Portal Script allow remote attackers to execute arbitrary SQL commands via the (1) anyword and (2) cityname parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-ncryptedn/a
Product-nct_jobs_portal_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-8921
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.40%
||
7 Day CHG~0.00%
Published-13 Aug, 2025 | 18:02
Updated-14 Aug, 2025 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Job Diary user-apply.php sql injection

A vulnerability has been found in code-projects Job Diary 1.0. Affected by this issue is some unknown functionality of the file /user-apply.php. The manipulation of the argument job_title leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-job_diaryJob Diary
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1094
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.50%
||
7 Day CHG~0.00%
Published-24 Mar, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in news.php in DZ EROTIK Auktionshaus V4rgo allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-miethner-scriptingn/a
Product-dz_erotik_auktionshaus_v4rgon/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1365
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.57% / 67.79%
||
7 Day CHG~0.00%
Published-13 Apr, 2010 | 20:20
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in Uiga Fan Club, as downloaded on 20100310, allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action.

Action-Not Available
Vendor-uigan/a
Product-fan_clubn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2019-16692
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-20.63% / 95.36%
||
7 Day CHG~0.00%
Published-22 Sep, 2019 | 14:58
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used.

Action-Not Available
Vendor-phpipamn/a
Product-phpipamn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1269
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.57% / 67.79%
||
7 Day CHG~0.00%
Published-06 Apr, 2010 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in auktion.php in phpscripte24 Niedrig Gebote Pro Auktions System II allows remote attackers to execute arbitrary SQL commands via the id_auk parameter.

Action-Not Available
Vendor-phpscripte24n/a
Product-niedrig_gebote_pro_auktions_system_iin/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-8331
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.80%
||
7 Day CHG~0.00%
Published-30 Jul, 2025 | 20:02
Updated-05 Aug, 2025 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Farm System forgot_pass.php sql injection

A vulnerability was found in code-projects Online Farm System 1.0 and classified as critical. This issue affects some unknown processing of the file /forgot_pass.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-online_farm_systemOnline Farm System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1049
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.57%
||
7 Day CHG~0.00%
Published-22 Mar, 2010 | 18:17
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in Uiga Business Portal allow remote attackers to execute arbitrary SQL commands via the (1) noentryid parameter to blog/index.php and the (2) p parameter to index2.php.

Action-Not Available
Vendor-uigan/a
Product-business_portaln/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 137
  • 138
  • Next
Details not found