Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-3181

Summary
Assigner-certcc
Assigner Org ID-37e5125f-f79b-445b-8fad-9564f167944b
Published At-24 Jul, 2018 | 15:00
Updated At-05 Aug, 2024 | 14:16
Rejected At-
Credits

Multiple TIBCO Spotfire components are vulnerable to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query

Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The following products and versions are affected: TIBCO Spotfire Analyst 7.7.0 TIBCO Spotfire Connectors 7.6.0 TIBCO Spotfire Deployment Kit 7.7.0 TIBCO Spotfire Desktop 7.6.0 TIBCO Spotfire Desktop 7.7.0 TIBCO Spotfire Desktop Developer Edition 7.7.0 TIBCO Spotfire Desktop Language Packs 7.6.0 TIBCO Spotfire Desktop Language Packs 7.7.0 The following components are affected: TIBCO Spotfire Client TIBCO Spotfire Web Player Client

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:certcc
Assigner Org ID:37e5125f-f79b-445b-8fad-9564f167944b
Published At:24 Jul, 2018 | 15:00
Updated At:05 Aug, 2024 | 14:16
Rejected At:
▼CVE Numbering Authority (CNA)
Multiple TIBCO Spotfire components are vulnerable to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query

Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The following products and versions are affected: TIBCO Spotfire Analyst 7.7.0 TIBCO Spotfire Connectors 7.6.0 TIBCO Spotfire Deployment Kit 7.7.0 TIBCO Spotfire Desktop 7.6.0 TIBCO Spotfire Desktop 7.7.0 TIBCO Spotfire Desktop Developer Edition 7.7.0 TIBCO Spotfire Desktop Language Packs 7.6.0 TIBCO Spotfire Desktop Language Packs 7.7.0 The following components are affected: TIBCO Spotfire Client TIBCO Spotfire Web Player Client

Affected Products
Vendor
TIBCO (Cloud Software Group, Inc.)TIBCO
Product
Spotfire Analyst
Versions
Affected
  • 7.7.0
Vendor
TIBCO (Cloud Software Group, Inc.)TIBCO
Product
Spotfire Connectors
Versions
Affected
  • 7.6.0
Vendor
TIBCO (Cloud Software Group, Inc.)TIBCO
Product
Spotfire Deployment Kit
Versions
Affected
  • 7.7.0
Vendor
TIBCO (Cloud Software Group, Inc.)TIBCO
Product
Spotfire Desktop
Versions
Affected
  • 7.6.0
  • 7.7.0
Vendor
TIBCO (Cloud Software Group, Inc.)TIBCO
Product
Spotfire Desktop Developer Edition
Versions
Affected
  • 7.7.0
Vendor
TIBCO (Cloud Software Group, Inc.)TIBCO
Product
Spotfire Desktop Language Packs
Versions
Affected
  • 7.6.0
  • 7.7.0
Vendor
TIBCO (Cloud Software Group, Inc.)TIBCO
Product
Spotfire Web Player Client
Versions

unknown

  • N/A
Vendor
TIBCO (Cloud Software Group, Inc.)TIBCO
Product
Spotfire Client
Versions

unknown

  • N/A
Problem Types
TypeCWE IDDescription
CWECWE-89CWE-89
Type: CWE
CWE ID: CWE-89
Description: CWE-89
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.tibco.com/support/advisories/2017/01/tibco-security-advisory-january-10-2017-tibco-spotfire-2017-3181
x_refsource_CONFIRM
https://www.securityfocus.com/bid/95696
vdb-entry
x_refsource_BID
Hyperlink: https://www.tibco.com/support/advisories/2017/01/tibco-security-advisory-january-10-2017-tibco-spotfire-2017-3181
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.securityfocus.com/bid/95696
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.tibco.com/support/advisories/2017/01/tibco-security-advisory-january-10-2017-tibco-spotfire-2017-3181
x_refsource_CONFIRM
x_transferred
https://www.securityfocus.com/bid/95696
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://www.tibco.com/support/advisories/2017/01/tibco-security-advisory-january-10-2017-tibco-spotfire-2017-3181
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.securityfocus.com/bid/95696
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cret@cert.org
Published At:24 Jul, 2018 | 15:29
Updated At:09 Oct, 2019 | 23:27

Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The following products and versions are affected: TIBCO Spotfire Analyst 7.7.0 TIBCO Spotfire Connectors 7.6.0 TIBCO Spotfire Deployment Kit 7.7.0 TIBCO Spotfire Desktop 7.6.0 TIBCO Spotfire Desktop 7.7.0 TIBCO Spotfire Desktop Developer Edition 7.7.0 TIBCO Spotfire Desktop Language Packs 7.6.0 TIBCO Spotfire Desktop Language Packs 7.7.0 The following components are affected: TIBCO Spotfire Client TIBCO Spotfire Web Player Client

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.09.8CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches

TIBCO (Cloud Software Group, Inc.)
tibco
>>spotfire_analyst>>7.7.0
cpe:2.3:a:tibco:spotfire_analyst:7.7.0:*:*:*:*:*:*:*
TIBCO (Cloud Software Group, Inc.)
tibco
>>spotfire_client>>-
cpe:2.3:a:tibco:spotfire_client:-:*:*:*:*:*:*:*
TIBCO (Cloud Software Group, Inc.)
tibco
>>spotfire_connectors>>7.6.0
cpe:2.3:a:tibco:spotfire_connectors:7.6.0:*:*:*:*:*:*:*
TIBCO (Cloud Software Group, Inc.)
tibco
>>spotfire_deployment_kit>>7.7.0
cpe:2.3:a:tibco:spotfire_deployment_kit:7.7.0:*:*:*:*:*:*:*
TIBCO (Cloud Software Group, Inc.)
tibco
>>spotfire_desktop>>7.6.0
cpe:2.3:a:tibco:spotfire_desktop:7.6.0:*:*:*:*:*:*:*
TIBCO (Cloud Software Group, Inc.)
tibco
>>spotfire_desktop>>7.7.0
cpe:2.3:a:tibco:spotfire_desktop:7.7.0:*:*:*:*:*:*:*
TIBCO (Cloud Software Group, Inc.)
tibco
>>spotfire_desktop>>7.7.0
cpe:2.3:a:tibco:spotfire_desktop:7.7.0:*:*:*:developer:*:*:*
TIBCO (Cloud Software Group, Inc.)
tibco
>>spotfire_desktop_language_packs>>7.6.0
cpe:2.3:a:tibco:spotfire_desktop_language_packs:7.6.0:*:*:*:*:*:*:*
TIBCO (Cloud Software Group, Inc.)
tibco
>>spotfire_desktop_language_packs>>7.7.0
cpe:2.3:a:tibco:spotfire_desktop_language_packs:7.7.0:*:*:*:*:*:*:*
TIBCO (Cloud Software Group, Inc.)
tibco
>>spotfire_web_player_client>>-
cpe:2.3:a:tibco:spotfire_web_player_client:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Primarynvd@nist.gov
CWE-89Secondarycret@cert.org
CWE ID: CWE-89
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-89
Type: Secondary
Source: cret@cert.org
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://www.securityfocus.com/bid/95696cret@cert.org
Third Party Advisory
VDB Entry
https://www.tibco.com/support/advisories/2017/01/tibco-security-advisory-january-10-2017-tibco-spotfire-2017-3181cret@cert.org
Vendor Advisory
Hyperlink: https://www.securityfocus.com/bid/95696
Source: cret@cert.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.tibco.com/support/advisories/2017/01/tibco-security-advisory-january-10-2017-tibco-spotfire-2017-3181
Source: cret@cert.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

7588Records found

CVE-2010-4496
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.33% / 67.37%
||
7 Day CHG~0.00%
Published-07 Jan, 2011 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-collaborative_information_manageractivecatalogn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2006-2830
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.87% / 92.25%
||
7 Day CHG~0.00%
Published-05 Jun, 2006 | 20:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent (TRA) before 5.4, and Hawk before 4.6.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the HTTP administrative interface.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-rendezvoushawkruntime_agentn/a
CVE-2018-12410
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-9.8||CRITICAL
EPSS-3.97% / 89.11%
||
7 Day CHG~0.00%
Published-10 Oct, 2018 | 20:00
Updated-16 Sep, 2024 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Spotfire Statistics Services remote execution vulnerabilities

The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component. Affected releases are TIBCO Software Inc. TIBCO Spotfire Statistics Services versions up to and including 7.11.0.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-spotfire_statistics_servicesTIBCO Spotfire Statistics Services
CVE-2017-5533
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-9.3||CRITICAL
EPSS-1.98% / 77.99%
||
7 Day CHG~0.00%
Published-15 Nov, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO JasperReports Server credentials disclosure

A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which fails to prevent remote access to all the contents of the web application, including key configuration files. Affected releases are TIBCO JasperReports Server 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-jaspersoftjaspersoft_reporting_and_analyticsjasperreports_serverTIBCO Jaspersoft Reporting and Analytics for AWSTIBCO Jaspersoft for AWS with Multi-TenancyTIBCO JasperReports Server Community EditionTIBCO JasperReports Server for ActiveMatrix BPMTIBCO JasperReports Server
CVE-2018-5435
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-9.6||CRITICAL
EPSS-3.24% / 86.69%
||
7 Day CHG~0.00%
Published-27 Jun, 2018 | 16:00
Updated-16 Sep, 2024 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Spotfire Product Family Remote Code Execution Vulnerability

The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for remote code execution. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0; 7.12.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Deployment Kit: versions up to and including 7.8.0; 7.9.0;7.9.1;7.10.0;7.10.1;7.11.0; 7.12.0, TIBCO Spotfire Desktop: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0;7.12.0, TIBCO Spotfire Desktop Language Packs: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-spotfire_desktop_language_packsspotfire_desktopspotfire_analytics_platform_for_awsspotfire_analystspotfire_deployment_kitTIBCO Spotfire Desktop Language PacksTIBCO Spotfire AnalystTIBCO Spotfire Analytics Platform for AWS MarketplaceTIBCO Spotfire Deployment KitTIBCO Spotfire Desktop
CVE-2021-23274
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.18% / 63.54%
||
7 Day CHG~0.00%
Published-23 Mar, 2021 | 16:55
Updated-16 Sep, 2024 | 21:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO API Exchange Gateway Clickjack Vulnerability

The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO API Exchange Gateway: versions 2.3.3 and below and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric: versions 2.3.3 and below.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-api_exchange_gateway_distributionapi_exchange_gatewayTIBCO API Exchange Gateway Distribution for TIBCO Silver FabricTIBCO API Exchange Gateway
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2014-5285
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.01% / 78.30%
||
7 Day CHG~0.00%
Published-04 Sep, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Authentication Module in TIBCO Spotfire Server before 4.5.2, 5.0.x before 5.0.3, 5.5.x before 5.5.2, 6.0.x before 6.0.3, and 6.5.x before 6.5.1 allows remote attackers to gain privileges, and obtain sensitive information or modify data, via unknown vectors.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-spotfire_servern/a
CVE-2018-18815
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-10||CRITICAL
EPSS-3.13% / 86.20%
||
7 Day CHG~0.00%
Published-07 Mar, 2019 | 22:00
Updated-16 Sep, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO JasperReports Server User Information Disclosure

The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability that theoretically allows unauthenticated users to bypass authorization checks for portions of the HTTP interface to the JasperReports Server. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-jaspersoft_reporting_and_analyticsjasperreports_serverjaspersoftTIBCO Jaspersoft Reporting and Analytics for AWSTIBCO Jaspersoft for AWS with Multi-TenancyTIBCO JasperReports Server Community EditionTIBCO JasperReports Server for ActiveMatrix BPMTIBCO JasperReports Server
CWE ID-CWE-863
Incorrect Authorization
CVE-2012-5302
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.36% / 81.54%
||
7 Day CHG~0.00%
Published-24 Oct, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The server in TIBCO Formvine 3.1.x and 3.2.x before 3.2.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-formvinen/a
CVE-2015-4554
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.49% / 87.62%
||
7 Day CHG~0.00%
Published-21 Jul, 2015 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in TIBCO Spotfire Client and Spotfire Web Player Client in Spotfire Analyst before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Analytics Platform for AWS 6.5 and 7.0.x before 7.0.1; Spotfire Automation Services before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Deployment Kit before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Desktop before 6.5.2 and 7.0.x before 7.0.1; Spotfire Desktop Language Packs 7.0.x before 7.0.1; Spotfire Professional before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Web Player before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; and Silver Fabric Enabler for Spotfire Web Player before 2.1.1 allow remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-spotfire_analystspotfire_deployment_kitspotfire_desktopspotfire_desktop_language_packssilver_fabric_enabler_for_spotfire_webplayerspotfire_automation_servicesspotfire_web_playerspotfire_analytics_platform_for_awsspotfire_professionaln/a
CVE-2015-4555
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.56% / 90.36%
||
7 Day CHG~0.00%
Published-30 Aug, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva), and Relay Agent (rvrad) components.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-rendezvous_network_serverrendezvoussubstation_esmessaging_appliancen/a
CVE-2014-2544
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.04% / 85.79%
||
7 Day CHG~0.00%
Published-09 Apr, 2014 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Spotfire Web Player Engine, Spotfire Desktop, and Spotfire Server Authentication Module in TIBCO Spotfire Server 3.3.x before 3.3.4, 4.5.x before 4.5.1, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.2; Spotfire Professional 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Web Player 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Automation Services 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Deployment Kit 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Desktop 6.x before 6.0.1; and Spotfire Analyst 6.x before 6.0.1 allows remote attackers to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-deployment_kitspotfire_professionalweb_playerdesktopspotfire_serverautomation_servicesanalystn/a
CVE-2018-18814
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-8.8||HIGH
EPSS-3.10% / 86.04%
||
7 Day CHG~0.00%
Published-16 Jan, 2019 | 22:00
Updated-17 Sep, 2024 | 01:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Spotfire Authentication Vulnerability

The TIBCO Spotfire authentication component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability in the handling of the authentication that theoretically may allow an attacker to gain full access to a target account, independent of configured authentication mechanisms. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-spotfire_serverspotfire_analytics_platform_for_awsTIBCO Spotfire Analytics Platform for AWS MarketplaceTIBCO Spotfire Server
CWE ID-CWE-287
Improper Authentication
CVE-2010-4498
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.70% / 74.21%
||
7 Day CHG~0.00%
Published-07 Jan, 2011 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-collaborative_information_manageractivecatalogn/a
CVE-2011-3134
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.20% / 80.21%
||
7 Day CHG~0.00%
Published-02 Sep, 2011 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-spotfire_analytics_serverspotfire_servern/a
CVE-2014-2543
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.98% / 89.15%
||
7 Day CHG~0.00%
Published-08 Apr, 2014 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to execute arbitrary code by leveraging access to a directly connected client and transmitting crafted data.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-rendezvousmessaging_appliancesubstantiation_esn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-5545
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.54% / 82.92%
||
7 Day CHG~0.00%
Published-18 Oct, 2007 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in TIBCO SmartPGM FX allows remote attackers to execute arbitrary code via format string specifiers in unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-smart_pgm_fxn/a
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2021-28828
Matching Score-6
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-6
Assigner-TIBCO Software Inc.
CVSS Score-7.6||HIGH
EPSS-0.84% / 53.07%
||
7 Day CHG~0.00%
Published-20 Apr, 2021 | 18:30
Updated-16 Sep, 2024 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Administrator SQL injection vulnerability

The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, and TIBCO Administrator - Enterprise Edition for z/Linux contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a SQL injection attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.10.2 and below, and TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.11.0 and 5.11.1.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-administratorTIBCO Administrator - Enterprise EditionTIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver FabricTIBCO Administrator - Enterprise Edition for z/Linux
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-9417
Matching Score-6
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-6
Assigner-TIBCO Software Inc.
CVSS Score-7.6||HIGH
EPSS-0.86% / 53.63%
||
7 Day CHG~0.00%
Published-20 Oct, 2020 | 21:13
Updated-17 Sep, 2024 | 03:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Foresight SQL Injection

The Transaction Insight reporting component of TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System, TIBCO Foresight Archive and Retrieval System Healthcare Edition, TIBCO Foresight Operational Monitor, TIBCO Foresight Operational Monitor Healthcare Edition, TIBCO Foresight Transaction Insight, and TIBCO Foresight Transaction Insight Healthcare Edition contains a vulnerability that theoretically allows an authenticated attacker to perform SQL injection. Affected releases are TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Archive and Retrieval System Healthcare Edition: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Operational Monitor: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Operational Monitor Healthcare Edition: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Transaction Insight: versions 5.1.0 and below, version 5.2.0, and TIBCO Foresight Transaction Insight Healthcare Edition: versions 5.1.0 and below, version 5.2.0.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-foresight_transaction_insightforesight_archive_and_retrieval_systemforesight_operational_monitorTIBCO Foresight Operational Monitor Healthcare EditionTIBCO Foresight Transaction InsightTIBCO Foresight Archive and Retrieval SystemTIBCO Foresight Transaction Insight Healthcare EditionTIBCO Foresight Operational MonitorTIBCO Foresight Archive and Retrieval System Healthcare Edition
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-5527
Matching Score-6
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-6
Assigner-TIBCO Software Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.92% / 55.62%
||
7 Day CHG~0.00%
Published-09 May, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Spotfire injection vulnerabilities

TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-spotfire_analytics_platform_for_awsspotfire_serverTIBCO Spotfire Analytics Platform for AWS MarketplaceTIBCO Spotfire Server
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-26217
Matching Score-6
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-6
Assigner-TIBCO Software Inc.
CVSS Score-8.8||HIGH
EPSS-0.61% / 44.45%
||
7 Day CHG~0.00%
Published-19 Jul, 2023 | 20:36
Updated-24 Oct, 2024 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO EBX Add-ons SQL Injection Vulnerability

The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged user with import permissions and network access to the EBX server to execute arbitrary SQL statements on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.17 and below, versions 5.6.2 and below, version 6.1.0.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-ebx_add-onsTIBCO EBX Add-ons
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-43506
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.55% / 71.90%
||
7 Day CHG~0.00%
Published-31 Mar, 2022 | 16:36
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the password parameter in Login.php.

Action-Not Available
Vendor-simple_client_management_system_projectn/a
Product-simple_client_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-43362
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-9.9||CRITICAL
EPSS-0.58% / 43.20%
||
7 Day CHG~0.00%
Published-29 Sep, 2022 | 01:51
Updated-20 May, 2025 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MedData HBYS 1.0 Remote SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData HBYS allows SQL Injection.This issue affects HBYS: from unspecified before 1.1.

Action-Not Available
Vendor-meddataMedData
Product-hbysHBYS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-9470
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.32% / 23.52%
||
7 Day CHG~0.00%
Published-25 May, 2026 | 15:30
Updated-28 May, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
yashpokharna2555 StudentManagementSystem student_trans.php confirm_logged_in sql injection

A security vulnerability has been detected in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This affects the function confirm_logged_in of the file student_trans.php. Such manipulation of the argument FIRST_NAME/Last_Name/EMAIL leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-yashpokharna2555
Product-StudentManagementSystem
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-43155
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.09% / 61.23%
||
7 Day CHG~0.00%
Published-22 Dec, 2021 | 17:24
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injection via the "bookisbn" parameter in cart.php.

Action-Not Available
Vendor-n/aProjectworlds
Product-online_book_store_project_in_phpn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-43510
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.51% / 93.71%
||
7 Day CHG~0.00%
Published-01 Feb, 2022 | 13:14
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the username field in login.php.

Action-Not Available
Vendor-simple_client_management_system_projectn/a
Product-simple_client_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-44090
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.11% / 61.68%
||
7 Day CHG~0.00%
Published-20 Jan, 2022 | 18:43
Updated-04 Aug, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An SQL Injection vulnerability exists in Sourcecodester Online Reviewer System 1.0 via the password parameter.

Action-Not Available
Vendor-sourcecodester_online_reviewer_system_projectn/a
Product-sourcecodester_online_reviewer_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-43650
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.16% / 92.56%
||
7 Day CHG~0.00%
Published-22 Mar, 2022 | 15:05
Updated-04 Aug, 2024 | 04:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebRun 3.6.0.42 is vulnerable to SQL Injection via the P_0 parameter used to set the username during the login process.

Action-Not Available
Vendor-softwelln/a
Product-webrunn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-5977
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.42% / 33.65%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 20:00
Updated-12 Jun, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects School Fees Payment System datatable.php sql injection

A vulnerability was found in code-projects School Fees Payment System 1.0 and classified as critical. This issue affects some unknown processing of the file /datatable.php. The manipulation of the argument sSortDir_0 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-School Fees Payment System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-9544
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.26% / 17.08%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 12:45
Updated-28 May, 2026 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Shenzhen Sixun Software Sixun Shanghui Group Business Management System PayConfig sql injection

A vulnerability was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10. Affected by this vulnerability is an unknown functionality of the file /api/Dinner/PayConfig. Performing a manipulation of the argument tableno results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Shenzhen Sixun Software
Product-Sixun Shanghui Group Business Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-2134
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.85% / 76.33%
||
7 Day CHG~0.00%
Published-02 Jun, 2010 | 18:14
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in login.php in Project Man 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.

Action-Not Available
Vendor-http-solutionn/a
Product-project_mann/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-43679
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.57% / 72.28%
||
7 Day CHG~0.00%
Published-02 Dec, 2021 | 14:13
Updated-04 Aug, 2024 | 04:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api.php.

Action-Not Available
Vendor-shopexn/a
Product-ecshopn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-9526
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.32% / 23.52%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 03:30
Updated-26 May, 2026 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Electronic Judging System edit_team.php sql injection

A vulnerability was found in itsourcecode Electronic Judging System 1.0. This vulnerability affects unknown code of the file /admin/edit_team.php. The manipulation of the argument num_id results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.

Action-Not Available
Vendor-ITSourceCode
Product-Electronic Judging System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-2462
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.97% / 57.18%
||
7 Day CHG~0.00%
Published-25 Jun, 2010 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in withdraw_money.php in Toma Cero OroHYIP allows remote attackers to execute arbitrary SQL commands via the id parameter in a cancel action.

Action-Not Available
Vendor-tomaceron/a
Product-orohyipn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-6095
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-1.53% / 71.55%
||
7 Day CHG~0.00%
Published-15 Jun, 2025 | 23:00
Updated-14 Nov, 2025 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
codesiddhant Jasmin Ransomware checklogin.php sql injection

A vulnerability, which was classified as critical, was found in codesiddhant Jasmin Ransomware 1.0.1. Affected is an unknown function of the file /checklogin.php. The manipulation of the argument username/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Siddhant Gour ("codesiddhant")
Product-jasmin-ransomwareJasmin Ransomware
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-43140
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.73% / 90.68%
||
7 Day CHG~0.00%
Published-03 Nov, 2021 | 18:38
Updated-24 Feb, 2025 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL Injection vulnerability exists in Sourcecodester. Simple Subscription Website 1.0. via the login.

Action-Not Available
Vendor-n/aoretnom23
Product-simple_subscription_websiten/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-44092
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.25% / 65.66%
||
7 Day CHG~0.00%
Published-20 Jan, 2022 | 18:03
Updated-15 Jan, 2025 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An SQL Injection vulnerability exists in code-projects Pharmacy Management 1.0 via the username parameter in the administer login form.

Action-Not Available
Vendor-n/aSource Code & Projects
Product-pharmacy_managementn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-9573
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.26% / 17.08%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 19:00
Updated-27 May, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Student Transcript Processing System index.php sql injection

A vulnerability was detected in itsourcecode Student Transcript Processing System 1.0. This affects an unknown part of the file /admin/modules/student/index.php?view=view. Performing a manipulation of the argument studentId results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used.

Action-Not Available
Vendor-ITSourceCode
Product-Student Transcript Processing System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-9447
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.32% / 23.52%
||
7 Day CHG~0.00%
Published-25 May, 2026 | 09:45
Updated-26 May, 2026 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple POS and Inventory System search.php sql injection

A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file /user/search.php. Performing a manipulation of the argument Name results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

Action-Not Available
Vendor-SourceCodester
Product-Simple POS and Inventory System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-5856
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.45% / 35.64%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 02:00
Updated-10 Jun, 2025 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul BP Monitoring Management System registration.php sql injection

A vulnerability has been found in PHPGurukul BP Monitoring Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /registration.php. The manipulation of the argument emailid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-bp_monitoring_management_systemBP Monitoring Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-9356
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.25% / 16.51%
||
7 Day CHG-0.14%
Published-24 May, 2026 | 05:00
Updated-26 May, 2026 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Hospitals Patient Records Management System manage_history.php sql injection

A vulnerability has been found in SourceCodester Hospitals Patient Records Management System 1.0. This affects an unknown function of the file /admin/patients/manage_history.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-SourceCodester
Product-Hospitals Patient Records Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-43925
Matching Score-4
Assigner-Synology Inc.
ShareView Details
Matching Score-4
Assigner-Synology Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.86% / 53.81%
||
7 Day CHG~0.00%
Published-07 Feb, 2022 | 02:15
Updated-14 Jan, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.

Action-Not Available
Vendor-Synology, Inc.
Product-diskstation_managerDiskStation Manager (DSM)
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-43631
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.13% / 62.24%
||
7 Day CHG~0.00%
Published-22 Dec, 2021 | 17:20
Updated-04 Aug, 2024 | 04:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the appointment_no parameter in payment.php.

Action-Not Available
Vendor-n/aProjectworlds
Product-hospital_management_system_in_phpn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-43629
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.13% / 62.24%
||
7 Day CHG~0.00%
Published-22 Dec, 2021 | 17:18
Updated-04 Aug, 2024 | 04:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in admin_home.php.

Action-Not Available
Vendor-n/aProjectworlds
Product-hospital_management_system_in_phpn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-44096
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.22% / 64.78%
||
7 Day CHG~0.00%
Published-31 May, 2022 | 23:38
Updated-04 Aug, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 is vulnerable to SQL Injection via profile_action - update_user. This allows a remote attacker to compromise Application SQL database.

Action-Not Available
Vendor-egavilanmedian/a
Product-user_registration_and_login_system_with_admin_paneln/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1740
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.99% / 78.06%
||
7 Day CHG~0.00%
Published-06 May, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in newsletter.php in GuppY 4.5.18 allows remote attackers to execute arbitrary SQL commands via the lng parameter.

Action-Not Available
Vendor-freeguppyn/a
Product-guppyn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1498
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.17% / 79.89%
||
7 Day CHG~0.00%
Published-23 Apr, 2010 | 14:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in dl_stats before 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) download.php and (2) view_file.php.

Action-Not Available
Vendor-clausvbn/a
Product-dl_statsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2006-6880
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.97% / 57.42%
||
7 Day CHG~0.00%
Published-05 Jan, 2007 | 02:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in code/guestadd.php in PHP-Update 2.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) newmessage, (2) newname, (3) newwebsite, or (4) newemail parameter.

Action-Not Available
Vendor-php-updaten/a
Product-php-updaten/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-43361
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-9.9||CRITICAL
EPSS-0.58% / 43.20%
||
7 Day CHG~0.00%
Published-29 Sep, 2022 | 01:50
Updated-20 May, 2025 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MedData HBYS 1.0 Remote SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData HBYS allows SQL Injection.This issue affects HBYS: from unspecified before 1.1.

Action-Not Available
Vendor-meddataMedData
Product-hbysHBYS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2006-6038
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.20% / 64.24%
||
7 Day CHG+0.06%
Published-22 Nov, 2006 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in editpoll.php in Powie's PHP Forum (pForum) 1.29a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-powien/a
Product-pforumn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 151
  • 152
  • Next
Details not found