Explore CVEs related to SQL Injection vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing SQL Injection CVEs published in 2017. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2017-17983 | PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php mem_id parameter. | 8.8 | 0.93% | 2017-12-30 | 2026-05-13 |
| CVE-2017-17920 | SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input | 8.1 | 1.51% | 2017-12-29 | 2026-05-13 |
| CVE-2017-17919 | SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input | 8.1 | 1.51% | 2017-12-29 | 2026-05-13 |
| CVE-2017-17917 | SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input | 8.1 | 2.26% | 2017-12-29 | 2026-05-13 |
| CVE-2017-17916 | SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input | 8.1 | 1.52% | 2017-12-29 | 2026-05-13 |
| CVE-2014-4914 | The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors. | 9.8 | 2.31% | 2017-12-29 | 2026-05-13 |
| CVE-2017-17959 | PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter. | 9.8 | 1.16% | 2017-12-28 | 2026-05-13 |
| CVE-2017-17957 | PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter. | 9.8 | 1.16% | 2017-12-28 | 2026-05-13 |
| CVE-2017-17951 | PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter. | 9.8 | 1.16% | 2017-12-28 | 2026-05-13 |
| CVE-2017-17950 | Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid parameter. | 8.8 | 0.96% | 2017-12-28 | 2026-05-13 |
| CVE-2017-17941 | PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter. | 7.2 | 0.94% | 2017-12-28 | 2026-05-13 |
| CVE-2015-3637 | SQL injection vulnerability in phpMyBackupPro when run in multi-user mode before 2.5 allows remote attackers to execute arbitrary SQL commands via the username and password parameters. | 8.1 | 1.36% | 2017-12-28 | 2026-05-13 |
| CVE-2017-17931 | PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter. | 9.8 | 1.14% | 2017-12-27 | 2026-05-13 |
| CVE-2017-17928 | PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter. | 9.8 | 1.16% | 2017-12-27 | 2026-05-13 |
| CVE-2017-17906 | PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter. | 9.8 | 1.16% | 2017-12-27 | 2026-05-13 |
| CVE-2017-17900 | SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter. | 9.8 | 1.87% | 2017-12-27 | 2026-05-13 |
| CVE-2017-17899 | SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter. | 9.8 | 1.87% | 2017-12-27 | 2026-05-13 |
| CVE-2017-17897 | SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 9.8 | 1.87% | 2017-12-27 | 2026-05-13 |
| CVE-2017-17895 | Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI. | 9.8 | 1.16% | 2017-12-27 | 2026-05-13 |
| CVE-2017-17892 | Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter. | 9.8 | 1.16% | 2017-12-27 | 2026-05-13 |