CVE List by Type: SQL Injection (Filtered by Published Year)

Explore CVEs related to SQL Injection vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.

Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.

You're viewing SQL Injection CVEs published in 2017. View full CVE list

Showing 2140 of 504 results
«« First « Prev Page 2 / 26 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2017-17875 The JEXTN FAQ Pro extension 4.0.0 for Joomla! has SQL Injection via the id parameter in a view=category action. 9.8 2.65% 2017-12-27 2026-06-16
CVE-2017-17873 Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI. 9.8 2.65% 2017-12-27 2026-06-16
CVE-2017-17872 The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection via the id parameter in a view=category action. 9.8 2.65% 2017-12-27 2026-06-16
CVE-2017-17871 The "JEXTN Question And Answer" extension 3.1.0 for Joomla! has SQL Injection via the an parameter in a view=tags action, or the ques-srch parameter. 9.8 2.65% 2017-12-27 2026-06-16
CVE-2017-17870 The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the appid parameter in an entriessearch action. 9.8 3.00% 2017-12-27 2026-06-16
CVE-2017-0304 A SQL injection vulnerability exists in the BIG-IP AFM management UI on versions 12.0.0, 12.1.0, 12.1.1, 12.1.2 and 13.0.0 that may allow a copy of the firewall rules to be tampered with and impact the Configuration Utility until there is a resync of the rules. Traffic processing and the live firewall rules in use are not affected. 5.4 0.99% 2017-12-21 2026-06-16
CVE-2017-17829 Bus Booking Script has SQL Injection via the admin/view_seatseller.php sp_id parameter or the admin/view_member.php memid parameter. 7.2 1.02% 2017-12-21 2026-06-16
CVE-2017-17824 The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database. 4.9 1.50% 2017-12-20 2026-06-16
CVE-2017-17823 The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database. 4.9 1.49% 2017-12-20 2026-06-16
CVE-2017-17822 The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database. 4.9 1.37% 2017-12-20 2026-06-16
CVE-2012-2576 SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field. 9.8 59.15% 2017-12-20 2026-06-16
CVE-2017-16735 A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log. 5.3 1.02% 2017-12-20 2026-06-16
CVE-2017-16733 A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database. 5.3 0.92% 2017-12-20 2026-06-16
CVE-2017-1757 IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858. 8.8 1.59% 2017-12-20 2026-06-16
CVE-2017-17779 Paid To Read Script 2.0.5 has SQL injection via the referrals.php id parameter. 9.8 1.10% 2017-12-19 2026-06-16
CVE-2017-15875 SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter. 9.8 1.29% 2017-12-18 2026-06-16
CVE-2017-17721 CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter. 9.8 3.60% 2017-12-18 2026-06-16
CVE-2017-17651 Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter. 9.8 3.05% 2017-12-18 2026-06-16
CVE-2017-17645 Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php. 9.8 3.05% 2017-12-18 2026-06-16
CVE-2017-17643 FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tutorial/. 9.8 2.98% 2017-12-18 2026-06-16
«« First « Prev Page 2 / 26 Next »
cvelogic Threat Intelligence