Skip to main content
CVE-2017-15990 CRITICAL POC Act Now

Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Phpinventory
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
8.8%
CVE-2017-15993 CRITICAL POC Act Now

Zomato Clone Script allows SQL Injection via the restaurant-menu.php resid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zomato Clone Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-15992 CRITICAL POC Act Now

Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Website Broker Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-15991 CRITICAL POC Act Now

Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Agent Zone
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-15989 CRITICAL POC Act Now

Online Exam Test Application allows SQL Injection via the resources.php sort parameter in a category action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Exam Test Application
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-15988 CRITICAL POC Act Now

Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme parameter, a different vulnerability than CVE-2008-6525. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nice Php Faq Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-15987 CRITICAL POC Act Now

Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Fake Magazine Cover Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-15986 CRITICAL POC Act Now

CPA Lead Reward Script allows SQL Injection via the username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cpa Lead Reward Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-15985 CRITICAL POC Act Now

Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Basic B2B Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-15984 CRITICAL POC Act Now

Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Creative Management System Lite
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-15983 CRITICAL POC Act Now

MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Mymagazine Magazine Blog Cms
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-15980 CRITICAL POC Act Now

US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Us Zip Codes Database Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-15979 CRITICAL POC Act Now

Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via the photo parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Shareet
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-15978 CRITICAL POC Act Now

AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Erp Php Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-15977 CRITICAL POC Act Now

Protected Links - Expiring Download Links 1.0 allows SQL Injection via the username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Expiring Download Links
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-15982 CRITICAL POC Act Now

Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP News
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2017-15981 CRITICAL POC Act Now

Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Newspaper
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2017-14356 CRITICAL Act Now

An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP SQLi Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2015-9245 CRITICAL Act Now

Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Openedge
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2017-1000257 CRITICAL Act Now

An IMAP FETCH response line indicates the size of the returned data, in number of bytes. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD VulDB
CVSS 3.1
9.1
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy